Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2a6af29 by security tracker role at 2024-05-29T20:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,92 @@
-CVE-2023-52881 [tcp: do not accept ACK of bytes we never sent]
+CVE-2024-5185 (The EmbedAI application is susceptible to security issues that
enable ...)
+ TODO: check
+CVE-2024-5039 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
+ TODO: check
+CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1
(10.0.24.305) or ea ...)
+ TODO: check
+CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup
Restore ...)
+ TODO: check
+CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007
allows a ...)
+ TODO: check
+CVE-2024-36378 (In JetBrains TeamCity before 2024.03.2 server was susceptible
to DoS a ...)
+ TODO: check
+CVE-2024-36377 (In JetBrains TeamCity before 2024.03.2 certain TeamCity API
endpoints ...)
+ TODO: check
+CVE-2024-36376 (In JetBrains TeamCity before 2024.03.2 users could perform
actions tha ...)
+ TODO: check
+CVE-2024-36375 (In JetBrains TeamCity before 2024.03.2 technical information
regarding ...)
+ TODO: check
+CVE-2024-36374 (In JetBrains TeamCity before 2024.03.2 stored XSS via build
step setti ...)
+ TODO: check
+CVE-2024-36373 (In JetBrains TeamCity before 2024.03.2 several stored XSS in
untrusted ...)
+ TODO: check
+CVE-2024-36372 (In JetBrains TeamCity before 2023.05.5 reflected XSS on the
subscripti ...)
+ TODO: check
+CVE-2024-36371 (In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS
in Commit ...)
+ TODO: check
+CVE-2024-36370 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36369 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36368 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36367 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36366 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36365 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36364 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+ TODO: check
+CVE-2024-36016 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ TODO: check
+CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of
Service ( ...)
+ TODO: check
+CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a
NULL point ...)
+ TODO: check
+CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer
overflow ...)
+ TODO: check
+CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the
read_charset_decl ...)
+ TODO: check
+CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series
before 5.7.0 ...)
+ TODO: check
+CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel
MiContact Center ...)
+ TODO: check
+CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact
Center Busi ...)
+ TODO: check
+CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3
QUIC mod ...)
+ TODO: check
+CVE-2024-34715 (Fides is an open-source privacy engineering platform. The
Fides webser ...)
+ TODO: check
+CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3
QUIC mod ...)
+ TODO: check
+CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3
QUIC mod ...)
+ TODO: check
+CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3
QUIC mod ...)
+ TODO: check
+CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an
Inadequat ...)
+ TODO: check
+CVE-2024-28826 (Improper restriction of local upload and download paths in
check_sftp ...)
+ TODO: check
+CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS
vulnerability. Th ...)
+ TODO: check
+CVE-2024-25977 (The application does not change the session token when using
the login ...)
+ TODO: check
+CVE-2024-25976 (When LDAP authentication is activated in the configuration it
is possi ...)
+ TODO: check
+CVE-2024-25975 (The application implements an up- and downvote function which
alters a ...)
+ TODO: check
+CVE-2023-46297 (An issue was discovered on Mercusys MW325R EU V3
MW325R(EU)_V3_1.11.0 ...)
+ TODO: check
+CVE-2023-42005 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak
for Data ...)
+ TODO: check
+CVE-2023-52881 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.69-1
[bullseye] - linux 5.10.205-1
@@ -1889,7 +1977,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube
Showcase \u2013 Video Galler
CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to
spoof the s ...)
NOT-FOR-US: WinRAR
CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with
untrusted JSON ...)
- {DLA-3822-1}
+ {DSA-5700-1 DLA-3822-1}
- python-pymysql 1.1.1-1 (bug #1071628)
NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp
NOTE:
https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
(v1.1.1)
@@ -120201,7 +120289,7 @@ CVE-2022-44675 (Windows Bluetooth Driver Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-44673 (Windows Client Server Run-Time Subsystem (CSRSS) Elevation of
Privileg ...)
+CVE-2022-44673 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of
Privileg ...)
NOT-FOR-US: Microsoft
CVE-2022-44672
RESERVED
@@ -140624,7 +140712,7 @@ CVE-2022-37970 (Windows DWM Core Library Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-37968 (<p>Microsoft has identified a vulnerability affecting the
cluster conn ...)
+CVE-2022-37968 (Microsoft has identified a vulnerability affecting the cluster
connect ...)
NOT-FOR-US: Microsoft
CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
@@ -195724,7 +195812,7 @@ CVE-2021-43892 (Microsoft BizTalk ESB Toolkit
Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43890 (<p>We have investigated reports of a spoofing vulnerability in
AppX in ...)
+CVE-2021-43890 (We have investigated reports of a spoofing vulnerability in
AppX insta ...)
NOT-FOR-US: Microsoft
CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -229622,7 +229710,7 @@ CVE-2021-31959 (Scripting Engine Memory Corruption
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-31957 (ASP.NET Denial of Service Vulnerability)
+CVE-2021-31957 (ASP.NET Core Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -397317,7 +397405,7 @@ CVE-2019-1200 (A remote code execution vulnerability
exists in Microsoft Outlook
NOT-FOR-US: Microsoft
CVE-2019-1199 (A remote code execution vulnerability exists in Microsoft
Outlook when ...)
NOT-FOR-US: Microsoft
-CVE-2019-1198 (An elevation of privilege exists in SyncController.dll, aka
'Microsoft ...)
+CVE-2019-1198 (An elevation of privilege exists in SyncController.dll. An
attacker wh ...)
NOT-FOR-US: Microsoft
CVE-2019-1197 (A remote code execution vulnerability exists in the way that
the Chakr ...)
NOT-FOR-US: Microsoft
@@ -397347,7 +397435,7 @@ CVE-2019-1185 (An elevation of privilege
vulnerability exists due to a stack cor
NOT-FOR-US: Microsoft
CVE-2019-1184 (An elevation of privilege vulnerability exists when Windows
Core Shell ...)
NOT-FOR-US: Microsoft
-CVE-2019-1183 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+CVE-2019-1183 (This information is being revised to indicate that this CVE
(CVE-2019- ...)
NOT-FOR-US: Microsoft
CVE-2019-1182 (A remote code execution vulnerability exists in Remote Desktop
Service ...)
NOT-FOR-US: Microsoft
@@ -397655,7 +397743,7 @@ CVE-2019-1032 (A cross-site-scripting (XSS)
vulnerability exists when Microsoft
NOT-FOR-US: Microsoft
CVE-2019-1031 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
NOT-FOR-US: Microsoft
-CVE-2019-1030 (An information disclosure vulnerability exists when Microsoft
Edge imp ...)
+CVE-2019-1030 (An information disclosure vulnerability exists when Microsoft
Edge bas ...)
NOT-FOR-US: Microsoft
CVE-2019-1029 (A denial of service vulnerability exists in Skype for Business,
aka 'S ...)
NOT-FOR-US: Skype
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2a6af29ad358ac1cf2e4f27c856972085ffa15a
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2a6af29ad358ac1cf2e4f27c856972085ffa15a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
