Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
03ea5981 by security tracker role at 2024-06-11T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,66 +1,370 @@
-CVE-2024-5702
+CVE-2024-5851 (A vulnerability classified as problematic has been found in
playSMS up ...)
+ TODO: check
+CVE-2024-5829 (A vulnerability classified as problematic was found in
smallweigit Avu ...)
+ TODO: check
+CVE-2024-5825
+ REJECTED
+CVE-2024-5813 (A medium severity vulnerability in BIPS has been identified
where an a ...)
+ TODO: check
+CVE-2024-5812 (A low severity vulnerability in BIPS has been identified where
an atta ...)
+ TODO: check
+CVE-2024-5584 (The WordPress Online Booking and Scheduling Plugin \u2013
Bookly plugi ...)
+ TODO: check
+CVE-2024-5531 (The Ocean Extra plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-5398
+ REJECTED
+CVE-2024-5189 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-4387
+ REJECTED
+CVE-2024-4206
+ REJECTED
+CVE-2024-4190 (Stored Cross-Site Scripting (XSS) vulnerabilities have been
identified ...)
+ TODO: check
+CVE-2024-4155
+ REJECTED
+CVE-2024-37325 (Azure Science Virtual Machine (DSVM) Elevation of Privilege
Vulnerabil ...)
+ TODO: check
+CVE-2024-37301 (Document Merge Service is a document template merge service
providing ...)
+ TODO: check
+CVE-2024-37296 (The Aimeos HTML client provides Aimeos HTML components for
e-commerce ...)
+ TODO: check
+CVE-2024-37295 (Aimeos is an Open Source e-commerce framework for online
shops. Starti ...)
+ TODO: check
+CVE-2024-37294 (Aimeos is an Open Source e-commerce framework for online
shops. All Sa ...)
+ TODO: check
+CVE-2024-37293 (The AWS Deployment Framework (ADF) is a framework to manage
and deploy ...)
+ TODO: check
+CVE-2024-37161 (MeterSphere is an open source continuous testing platform.
Prior to ve ...)
+ TODO: check
+CVE-2024-36821 (Insecure permissions in Linksys Velop WiFi 5 (WHW01v1)
1.1.13.202617 a ...)
+ TODO: check
+CVE-2024-36702 (libiec61850 v1.5 was discovered to contain a heap overflow via
the Ber ...)
+ TODO: check
+CVE-2024-36650 (TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware
A3100R V4.1 ...)
+ TODO: check
+CVE-2024-36266 (A vulnerability has been identified in PowerSys (All versions
< V3.11) ...)
+ TODO: check
+CVE-2024-35716 (Missing Authorization vulnerability in Copymatic Copymatic
\u2013 AI C ...)
+ TODO: check
+CVE-2024-35692 (Missing Authorization vulnerability in Termly Cookie
Consent.This issu ...)
+ TODO: check
+CVE-2024-35685 (Missing Authorization vulnerability in Anders Nor\xe9n
Radcliffe 2.Thi ...)
+ TODO: check
+CVE-2024-35683 (Missing Authorization vulnerability in Teplitsa of social
technologies ...)
+ TODO: check
+CVE-2024-35671 (Missing Authorization vulnerability in Minoji MJ Update
History.This i ...)
+ TODO: check
+CVE-2024-35667 (Missing Authorization vulnerability in WP EasyCart.This issue
affects ...)
+ TODO: check
+CVE-2024-35665 (Missing Authorization vulnerability in namithjawahar Insert
Post Ads.T ...)
+ TODO: check
+CVE-2024-35663 (Missing Authorization vulnerability in HahnCreativeGroup WP
Translate. ...)
+ TODO: check
+CVE-2024-35628 (Missing Authorization vulnerability in Photo Gallery Team
Photo Galler ...)
+ TODO: check
+CVE-2024-35303 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-35292 (A vulnerability has been identified in SIMATIC S7-200 SMART
CPU CR40 ( ...)
+ TODO: check
+CVE-2024-35265 (Windows Perception Service Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-35263 (Microsoft Dynamics 365 (On-Premises) Information Disclosure
Vulnerabil ...)
+ TODO: check
+CVE-2024-35255 (Azure Identity Libraries and Microsoft Authentication Library
Elevatio ...)
+ TODO: check
+CVE-2024-35254 (Azure Monitor Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-35253 (Microsoft Azure File Sync Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-35252 (Azure Storage Movement Client Library Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-35250 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-35249 (Microsoft Dynamics 365 Business Central Remote Code Execution
Vulnerab ...)
+ TODO: check
+CVE-2024-35248 (Microsoft Dynamics 365 Business Central Elevation of Privilege
Vulnera ...)
+ TODO: check
+CVE-2024-35213 (An improper input validation vulnerability in the SGI Image
Codec of Q ...)
+ TODO: check
+CVE-2024-35212 (A vulnerability has been identified in SINEC Traffic Analyzer
(6GK8822 ...)
+ TODO: check
+CVE-2024-35211 (A vulnerability has been identified in SINEC Traffic Analyzer
(6GK8822 ...)
+ TODO: check
+CVE-2024-35210 (A vulnerability has been identified in SINEC Traffic Analyzer
(6GK8822 ...)
+ TODO: check
+CVE-2024-35209 (A vulnerability has been identified in SINEC Traffic Analyzer
(6GK8822 ...)
+ TODO: check
+CVE-2024-35208 (A vulnerability has been identified in SINEC Traffic Analyzer
(6GK8822 ...)
+ TODO: check
+CVE-2024-35207 (A vulnerability has been identified in SINEC Traffic Analyzer
(6GK8822 ...)
+ TODO: check
+CVE-2024-35206 (A vulnerability has been identified in SINEC Traffic Analyzer
(6GK8822 ...)
+ TODO: check
+CVE-2024-35168 (Missing Authorization vulnerability in Discourse WP
Discourse.This iss ...)
+ TODO: check
+CVE-2024-34826 (Missing Authorization vulnerability in Tobias Conrad Design
for Contac ...)
+ TODO: check
+CVE-2024-34824 (Missing Authorization vulnerability in ThemeBoy SportsPress
\u2013 Spo ...)
+ TODO: check
+CVE-2024-34822 (Missing Authorization vulnerability in weDevs weMail.This
issue affect ...)
+ TODO: check
+CVE-2024-34821 (Missing Authorization vulnerability in Contact List PRO
Contact List \ ...)
+ TODO: check
+CVE-2024-34820 (Missing Authorization vulnerability in If So Plugin If-So
Dynamic Cont ...)
+ TODO: check
+CVE-2024-34819 (Missing Authorization vulnerability in MoreConvert MC
Woocommerce Wish ...)
+ TODO: check
+CVE-2024-34815 (Missing Authorization vulnerability in Codection Import and
export use ...)
+ TODO: check
+CVE-2024-34813 (Missing Authorization vulnerability in MoreConvert MC
Woocommerce Wish ...)
+ TODO: check
+CVE-2024-34804 (Missing Authorization vulnerability in Tagembed.This issue
affects Tag ...)
+ TODO: check
+CVE-2024-34799 (Missing Authorization vulnerability in Repute Infosystems
BookingPress ...)
+ TODO: check
+CVE-2024-34768 (Missing Authorization vulnerability in Fastly.This issue
affects Fastl ...)
+ TODO: check
+CVE-2024-34763 (Missing Authorization vulnerability in Tobias Conrad Builder
for WooCo ...)
+ TODO: check
+CVE-2024-34758 (Missing Authorization vulnerability in Wpmet WP Fundraising
Donation a ...)
+ TODO: check
+CVE-2024-34753 (Missing Authorization vulnerability in SoftLab Radio
Player.This issue ...)
+ TODO: check
+CVE-2024-34442 (Missing Authorization vulnerability in weDevs weDocs.This
issue affect ...)
+ TODO: check
+CVE-2024-34406 (Improper exception handling in McAfee Security: Antivirus VPN
for Andr ...)
+ TODO: check
+CVE-2024-34405 (Improper deep link validation in McAfee Security: Antivirus
VPN for An ...)
+ TODO: check
+CVE-2024-33500 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
+ TODO: check
+CVE-2024-32148 (Missing Authorization vulnerability in Salesforce Pardot.This
issue af ...)
+ TODO: check
+CVE-2024-32146 (Missing Authorization vulnerability in Aspose.Cloud
Marketplace Aspose ...)
+ TODO: check
+CVE-2024-32144 (Missing Authorization vulnerability in Welcart Inc. Welcart
e-Commerce ...)
+ TODO: check
+CVE-2024-32143 (Missing Authorization vulnerability in Podlove Podlove Podcast
Publish ...)
+ TODO: check
+CVE-2024-31495 (A improper neutralization of special elements used in an sql
command ( ...)
+ TODO: check
+CVE-2024-30104 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30103 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30102 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30101 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30100 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-30099 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30097 (Microsoft Speech Application Programming Interface (SAPI)
Remote Code ...)
+ TODO: check
+CVE-2024-30096 (Windows Cryptographic Services Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-30095 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-30094 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-30093 (Windows Storage Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30091 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30090 (Microsoft Streaming Service Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-30089 (Microsoft Streaming Service Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-30088 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30087 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30086 (Windows Win32 Kernel Subsystem Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-30085 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2024-30084 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-30083 (Windows Standards-Based Storage Management Service Denial of
Service V ...)
+ TODO: check
+CVE-2024-30082 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30080 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-30078 (Windows Wi-Fi Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30077 (Windows OLE Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30076 (Windows Container Manager Service Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-30075 (Windows Link Layer Topology Discovery Protocol Remote Code
Execution V ...)
+ TODO: check
+CVE-2024-30074 (Windows Link Layer Topology Discovery Protocol Remote Code
Execution V ...)
+ TODO: check
+CVE-2024-30072 (Microsoft Event Trace Log File Parsing Remote Code Execution
Vulnerabi ...)
+ TODO: check
+CVE-2024-30070 (DHCP Server Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30069 (Windows Remote Access Connection Manager Information
Disclosure Vulner ...)
+ TODO: check
+CVE-2024-30068 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30067 (Winlogon Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30066 (Winlogon Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30065 (Windows Themes Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30064 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30063 (Windows Distributed File System (DFS) Remote Code Execution
Vulnerabil ...)
+ TODO: check
+CVE-2024-30062 (Windows Standards-Based Storage Management Service Remote Code
Executi ...)
+ TODO: check
+CVE-2024-30052 (Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-2462 (Allow attackers to intercept or falsify data exchanges between
the cli ...)
+ TODO: check
+CVE-2024-2461 (If exploited an attacker could traverse the file system to
access fil ...)
+ TODO: check
+CVE-2024-2013 (An authentication bypass vulnerability exists in the
FOXMAN-UN/UNEM se ...)
+ TODO: check
+CVE-2024-2012 (vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway
that i ...)
+ TODO: check
+CVE-2024-2011 (A heap-based buffer overflow vulnerability exists in the
FOXMAN-UN/UNE ...)
+ TODO: check
+CVE-2024-29060 (Visual Studio Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-28024 (A vulnerability exists in the FOXMAN-UN/UNEM in which
sensitive inform ...)
+ TODO: check
+CVE-2024-28023 (A vulnerability exists in the message queueing mechanism that
if expl ...)
+ TODO: check
+CVE-2024-28022 (A vulnerability exists in the FOXMAN-UN/UNEM server /
APIGateway that ...)
+ TODO: check
+CVE-2024-28021 (A vulnerability exists in the FOXMAN-UN/UNEM server that
affects the m ...)
+ TODO: check
+CVE-2024-28020 (A user/password reuse vulnerability exists in the
FOXMAN-UN/UNEM appli ...)
+ TODO: check
+CVE-2024-26330 (An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on
Windows. ...)
+ TODO: check
+CVE-2024-26010 (A stack-based buffer overflow in Fortinet FortiPAM version
1.2.0, 1.1. ...)
+ TODO: check
+CVE-2024-24704 (Missing Authorization vulnerability in AddonMaster Load More
Anything. ...)
+ TODO: check
+CVE-2024-24703 (Missing Authorization vulnerability in MultiVendorX WC
Marketplace.Thi ...)
+ TODO: check
+CVE-2024-23521 (Missing Authorization vulnerability in Happyforms.This issue
affects H ...)
+ TODO: check
+CVE-2024-23518 (Missing Authorization vulnerability in Navneil Naicker ACF
Photo Galle ...)
+ TODO: check
+CVE-2024-23503 (Missing Authorization vulnerability in WPManageNinja LLC Ninja
Tables. ...)
+ TODO: check
+CVE-2024-23111 (A use of password hash with insufficient computational effort
vulnerab ...)
+ TODO: check
+CVE-2024-23110 (A stack-based buffer overflow in Fortinet FortiOS version
7.4.0 throug ...)
+ TODO: check
+CVE-2024-21754 (A use of password hash with insufficient computational effort
vulnerab ...)
+ TODO: check
+CVE-2023-52233 (Missing Authorization vulnerability in Post SMTP Post SMTP
Mailer/Emai ...)
+ TODO: check
+CVE-2023-52227 (Missing Authorization vulnerability in MailerLite MailerLite
\u2013 Wo ...)
+ TODO: check
+CVE-2023-52224 (Missing Authorization vulnerability in Revolut Revolut Gateway
for Woo ...)
+ TODO: check
+CVE-2023-52217 (Missing Authorization vulnerability in weDevs WooCommerce
Conversion T ...)
+ TODO: check
+CVE-2023-52199 (Missing Authorization vulnerability in Matthias Pfefferle &
Automattic ...)
+ TODO: check
+CVE-2023-52186 (Missing Authorization vulnerability in Woo WooCommerce Product
Vendors ...)
+ TODO: check
+CVE-2023-52183 (Missing Authorization vulnerability in WebToffee WordPress
Backup & Mi ...)
+ TODO: check
+CVE-2023-52179 (Missing Authorization vulnerability in WebCodingPlace Product
Expiry f ...)
+ TODO: check
+CVE-2023-51682 (Missing Authorization vulnerability in ibericode MC4WP.This
issue affe ...)
+ TODO: check
+CVE-2023-51519 (Missing Authorization vulnerability in Soliloquy Team Slider
by Solilo ...)
+ TODO: check
+CVE-2023-51498 (Missing Authorization vulnerability in Woo WooCommerce Canada
Post Shi ...)
+ TODO: check
+CVE-2023-50763 (A vulnerability has been identified in SIMATIC CP 1542SP-1
(6GK7542-6U ...)
+ TODO: check
+CVE-2023-4727 (A flaw was found in dogtag-pki and pki-core. The token
authentication ...)
+ TODO: check
+CVE-2023-48273 (Missing Authorization vulnerability in WP OnlineSupport,
Essential Plu ...)
+ TODO: check
+CVE-2023-46720 (A stack-based buffer overflow in Fortinet FortiOS version
7.4.0 throug ...)
+ TODO: check
+CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All
versions ...)
+ TODO: check
+CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor
Website Bui ...)
+ TODO: check
+CVE-2024-5702 (Memory corruption in the networking stack could have led to a
potentia ...)
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
-CVE-2024-5701
+CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs
showed e ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
-CVE-2024-5700
+CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11,
and Thu ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700
-CVE-2024-5699
+CVE-2024-5699 (In violation of spec, cookie prefixes such as `__Secure` were
being ig ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5699
-CVE-2024-5698
+CVE-2024-5698 (By manipulating the fullscreen feature while opening a
data-list, an a ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5698
-CVE-2024-5697
+CVE-2024-5697 (A website was able to detect when a user took a screenshot of a
page u ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
-CVE-2024-5696
+CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker
could ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5696
-CVE-2024-5695
+CVE-2024-5695 (If an out-of-memory condition occurs at a specific point using
allocat ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5695
-CVE-2024-5694
+CVE-2024-5694 (An attacker could have caused a use-after-free in the
JavaScript engin ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
-CVE-2024-5693
+CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting,
which c ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5693
-CVE-2024-5692
+CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker
could ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
-CVE-2024-5691
+CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a
sandboxed i ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
-CVE-2024-5690
+CVE-2024-5690 (By monitoring the time certain operations take, an attacker
could have ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5690
-CVE-2024-5689
+CVE-2024-5689 (In addition to detecting when a user was taking a screenshot
(XXX), a ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
-CVE-2024-5688
+CVE-2024-5688 (If a garbage collection was triggered at the right time, a
use-after-f ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5688
-CVE-2024-5687
+CVE-2024-5687 (If a specific sequence of actions is performed when opening a
new tab, ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5687
-CVE-2024-35235
+CVE-2024-35235 (OpenPrinting CUPS is an open source printing system for Linux
and othe ...)
- cups <unfixed> (bug #1073002)
[bookworm] - cups <no-dsa> (Minor issue)
[bullseye] - cups <no-dsa> (Minor issue)
@@ -1634,6 +1938,7 @@ CVE-2024-1164 (The Brizy \u2013 Page Builder plugin for
WordPress is vulnerable
CVE-2024-1161 (The Brizy \u2013 Page Builder plugin for WordPress is
vulnerable to St ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34055 (Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows
authentica ...)
+ {DSA-5708-1}
- cyrus-imapd 3.8.3-1
[bullseye] - cyrus-imapd <ignored> (Too intrusive to backport)
NOTE:
https://cyrus.topicbox.com/groups/announce/Ta8e3998446caf7f8/cyrus-imap-3-8-3-3-6-5-and-3-4-8-released
@@ -22179,15 +22484,15 @@ CVE-2024-27247 (Improper privilege management in the
installer for Zoom Desktop
NOT-FOR-US: Zoom
CVE-2024-27242 (Cross site scripting in Zoom Desktop Client for Linux before
version 5 ...)
NOT-FOR-US: Zoom
-CVE-2024-26277 (A vulnerability has been identified in Parasolid V35.1 (All
versions < ...)
+CVE-2024-26277 (A vulnerability has been identified in JT2Go (All versions <
V2312.000 ...)
NOT-FOR-US: Siemens
-CVE-2024-26276 (A vulnerability has been identified in Parasolid V35.1 (All
versions < ...)
+CVE-2024-26276 (A vulnerability has been identified in JT2Go (All versions <
V2312.000 ...)
NOT-FOR-US: Siemens
-CVE-2024-26275 (A vulnerability has been identified in Parasolid V35.1 (All
versions < ...)
+CVE-2024-26275 (A vulnerability has been identified in JT2Go (All versions <
V2312.000 ...)
NOT-FOR-US: Siemens
CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-26256 (libarchive Remote Code Execution Vulnerability)
+CVE-2024-26256 (Libarchive Remote Code Execution Vulnerability)
{DSA-5706-1}
- libarchive 3.7.2-2.1 (bug #1072107)
[bullseye] - libarchive <not-affected> (Vulnerable code introduced in
3.6.0)
@@ -22213,7 +22518,7 @@ CVE-2024-26248 (Windows Kerberos Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-26245 (Windows SMB Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-26244 (Microsoft WDAC OLE DB Provider for SQL Server Remote Code
Execution Vu ...)
+CVE-2024-26244 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
NOT-FOR-US: Microsoft
CVE-2024-26243 (Windows USB Print Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -22277,7 +22582,7 @@ CVE-2024-26212 (DHCP Server Service Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-26211 (Windows Remote Access Connection Manager Elevation of
Privilege Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2024-26210 (Microsoft WDAC OLE DB Provider for SQL Server Remote Code
Execution Vu ...)
+CVE-2024-26210 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
NOT-FOR-US: Microsoft
CVE-2024-26209 (Microsoft Local Security Authority Subsystem Service
Information Discl ...)
NOT-FOR-US: Microsoft
@@ -89787,8 +90092,8 @@ CVE-2023-28777 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
NOT-FOR-US: Lightbox plugin
-CVE-2023-28775
- RESERVED
+CVE-2023-28775 (Missing Authorization vulnerability in Yoast Yoast SEO
Premium.This is ...)
+ TODO: check
CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Grad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -98858,8 +99163,8 @@ CVE-2023-25801 (TensorFlow is an open source machine
learning platform. Prior to
- tensorflow <itp> (bug #804612)
CVE-2023-25800 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25799
- RESERVED
+CVE-2023-25799 (Missing Authorization vulnerability in Themeum Tutor LMS.This
issue af ...)
+ TODO: check
CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25797 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in
Mr.Vibe vSlid ...)
@@ -105092,8 +105397,8 @@ CVE-2023-23777 (An improper neutralization of special
elements used in an OS com
NOT-FOR-US: Fortinet
CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor
[CWE-200 ...)
NOT-FOR-US: Fortinet
-CVE-2023-23775
- RESERVED
+CVE-2023-23775 (Multiple improper neutralization of special elements used
inSQL comman ...)
+ TODO: check
CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37,
<=2.0.0p39 ...)
- check-mk <removed>
CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8,
<2.1.0p32, ...)
@@ -118165,7 +118470,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a
utility package to build export
NOTE:
https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5
(v0.8.2)
CVE-2022-46145 (authentik is an open-source identity provider. Versions prior
to 2022. ...)
NOT-FOR-US: authentik
-CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C (All
versions ...)
+CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C
(6GK5622-2GS0 ...)
NOT-FOR-US: Siemens
CVE-2022-46143 (Affected devices do not check the TFTP blocksize correctly.
This could ...)
NOT-FOR-US: Siemens
@@ -127593,9 +127898,9 @@ CVE-2022-43770 (Hitachi Vantara Pentaho Business
Analytics Server versions befor
NOT-FOR-US: Hitachi
CVE-2022-43769 (Hitachi Vantara Pentaho Business Analytics Server prior to
versions 9. ...)
NOT-FOR-US: Hitachi
-CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2
(All versi ...)
+CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2
(6GK7242-7 ...)
NOT-FOR-US: Siemens
-CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2
(All versi ...)
+CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2
(6GK7242-7 ...)
NOT-FOR-US: Siemens
CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are
vulnerable ...)
NOT-FOR-US: Apache IoTDB
@@ -127764,7 +128069,7 @@ CVE-2022-43718 (Upload data forms do not correctly
render user input leading to
CVE-2022-43717 (Dashboard rendering does not sufficiently sanitize the content
of mark ...)
NOT-FOR-US: Apache Superset
NOTE: https://github.com/apache/superset/pull/21895
-CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2
(All versi ...)
+CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2
(6GK7242-7 ...)
NOT-FOR-US: Siemens
CVE-2022-43715
RESERVED
@@ -137450,8 +137755,8 @@ CVE-2022-40227 (A vulnerability has been identified
in SIMATIC HMI Comfort Panel
NOT-FOR-US: Siemens
CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All
versions < V3.1 ...)
NOT-FOR-US: Siemens
-CVE-2022-40225
- REJECTED
+CVE-2022-40225 (A vulnerability has been identified in SIPLUS TIM 1531 IRC
(6AG1543-1M ...)
+ TODO: check
CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in
wpForo Foru ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in
StandaloneTech Tera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ea59811fc2bbd3f466c6ae6622cb0bf4c1fd0d
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ea59811fc2bbd3f466c6ae6622cb0bf4c1fd0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
