Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f10fbba9 by security tracker role at 2024-07-09T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,64 +1,734 @@
-CVE-2024-6615
+CVE-2024-6598 (A denial-of-service attack is possible through the execution
functiona ...)
+ TODO: check
+CVE-2024-6527 (SQL Injection vulnerability in parameter "w" in file "druk.php"
in Meg ...)
+ TODO: check
+CVE-2024-6391 (The oik plugin for WordPress is vulnerable to Stored Cross-Site
Script ...)
+ TODO: check
+CVE-2024-6237 (A flaw was found in the 389 Directory Server. This flaw allows
an unau ...)
+ TODO: check
+CVE-2024-6222 (In Docker Desktop before v4.29.0, an attacker who has gained
access to ...)
+ TODO: check
+CVE-2024-6168 (The Just Custom Fields plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2024-6167 (The Just Custom Fields plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-6069 (The Registration Forms \u2013 User Registration Forms,
Invitation-Base ...)
+ TODO: check
+CVE-2024-5993 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2024-5992 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2024-5946 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-5937 (The Simple Alert Boxes plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-5856 (The Comment Images Reloaded plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
+CVE-2024-5810 (The WP2Speed Faster \u2013 Optimize PageSpeed Insights Score
90-100 pl ...)
+ TODO: check
+CVE-2024-5704 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce
Accordion FAQ ...)
+ TODO: check
+CVE-2024-5669 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce
Accordion FAQ ...)
+ TODO: check
+CVE-2024-5652 (In Docker Desktop on Windows before v4.31.0allows a user in the
docker ...)
+ TODO: check
+CVE-2024-5648 (The LearnDash LMS \u2013 Reports plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5634 (Longse modelLBH30FE200W cameras, as well as products based on
this dev ...)
+ TODO: check
+CVE-2024-5633 (Longse modelLBH30FE200W cameras, as well as products based on
this dev ...)
+ TODO: check
+CVE-2024-5632 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well
as prod ...)
+ TODO: check
+CVE-2024-5631 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well
as prod ...)
+ TODO: check
+CVE-2024-5600 (The SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic
Enqueue ...)
+ TODO: check
+CVE-2024-5479 (The Easy Pixels plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-5457 (The Panda Video plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-5456 (The Panda Video plugin for WordPress is vulnerable to Local
File Inclu ...)
+ TODO: check
+CVE-2024-4868 (The Extensions for Elementor plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-4862 (The WPBITS Addons For Elementor Page Builder plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-4102 (The Pricing Table plugin for WordPress is vulnerable to
unauthorized a ...)
+ TODO: check
+CVE-2024-4100 (The Pricing Table plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2024-40750 (Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7
1.0.10.215314 dev ...)
+ TODO: check
+CVE-2024-40742 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40741 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40740 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40739 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40738 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40737 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40736 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40735 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40734 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40733 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40732 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40731 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40730 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40729 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40728 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40727 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40726 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-40039 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40038 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40037 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40036 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40035 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40034 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-3608 (The Product Designer plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2024-3604 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable
to SQL ...)
+ TODO: check
+CVE-2024-3603 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-3596 (RADIUS Protocol under RFC 2865 is susceptible to forgery
attacks by a ...)
+ TODO: check
+CVE-2024-3563 (The Genesis Blocks plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2024-3228 (The Social Sharing Plugin \u2013 Kiwi plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-39899 (PrivateBin is an online pastebin where the server has zero
knowledge o ...)
+ TODO: check
+CVE-2024-39897 (zot is an OCI image registry. Prior to 2.1.0, the cache driver
`GetBlo ...)
+ TODO: check
+CVE-2024-39888 (A vulnerability has been identified in Mendix Encryption (All
versions ...)
+ TODO: check
+CVE-2024-39876 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39875 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39874 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39873 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39872 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39871 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39870 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39869 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39868 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39867 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39866 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39865 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39698 (electron-updater allows for automatic updates for Electron
apps. The f ...)
+ TODO: check
+CVE-2024-39697 (phonenumber is a library for parsing, formatting and
validating intern ...)
+ TODO: check
+CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to
an inte ...)
+ TODO: check
+CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All
versions < ...)
+ TODO: check
+CVE-2024-39571 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39570 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
+ TODO: check
+CVE-2024-39569 (A vulnerability has been identified in SINEMA Remote Connect
Client (A ...)
+ TODO: check
+CVE-2024-39568 (A vulnerability has been identified in SINEMA Remote Connect
Client (A ...)
+ TODO: check
+CVE-2024-39567 (A vulnerability has been identified in SINEMA Remote Connect
Client (A ...)
+ TODO: check
+CVE-2024-39171 (Directory Travel in PHPVibe v11.0.46 due to incomplete
blacklist check ...)
+ TODO: check
+CVE-2024-39118 (Mommy Heather Advanced Backups up to v3.5.3 allows attackers
to write ...)
+ TODO: check
+CVE-2024-39063 (Lime Survey <= 6.5.12 is vulnerable to Cross Site Request
Forgery (CSR ...)
+ TODO: check
+CVE-2024-38972 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3
allows att ...)
+ TODO: check
+CVE-2024-38971 (vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting
(XSS) in t ...)
+ TODO: check
+CVE-2024-38970 (vaeThink 1.0.2 is vulnerable to Information Disclosure via the
system ...)
+ TODO: check
+CVE-2024-38867 (A vulnerability has been identified in SIPROTEC 5 6MD84
(CP300) (All v ...)
+ TODO: check
+CVE-2024-38517 (Tencent RapidJSON is vulnerable to privilege escalation due to
an inte ...)
+ TODO: check
+CVE-2024-38363 (Airbyte is a data integration platform for ELT pipelines.
Airbyte conn ...)
+ TODO: check
+CVE-2024-38278 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X
(All ver ...)
+ TODO: check
+CVE-2024-38112 (Windows MSHTML Platform Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38105 (Windows Layer-2 Bridge Network Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-38104 (Windows Fax Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38102 (Windows Layer-2 Bridge Network Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-38101 (Windows Layer-2 Bridge Network Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-38100 (Windows File Explorer Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38099 (Windows Remote Desktop Licensing Service Denial of Service
Vulnerabili ...)
+ TODO: check
+CVE-2024-38095 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38094 (Microsoft SharePoint Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38092 (Azure CycleCloud Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38091 (Microsoft WS-Discovery Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38089 (Microsoft Defender for IoT Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38088 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-38087 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-38086 (Azure Kinect SDK Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38085 (Windows Graphics Component Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38081 (.NET, .NET Framework, and Visual Studio Elevation of Privilege
Vulnera ...)
+ TODO: check
+CVE-2024-38080 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38079 (Windows Graphics Component Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38078 (Xbox Wireless Adapter Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38077 (Windows Remote Desktop Licensing Service Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-38076 (Windows Remote Desktop Licensing Service Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-38074 (Windows Remote Desktop Licensing Service Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-38073 (Windows Remote Desktop Licensing Service Denial of Service
Vulnerabili ...)
+ TODO: check
+CVE-2024-38072 (Windows Remote Desktop Licensing Service Denial of Service
Vulnerabili ...)
+ TODO: check
+CVE-2024-38071 (Windows Remote Desktop Licensing Service Denial of Service
Vulnerabili ...)
+ TODO: check
+CVE-2024-38070 (Windows LockDown Policy (WLDP) Security Feature Bypass
Vulnerability)
+ TODO: check
+CVE-2024-38069 (Windows Enroll Engine Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38068 (Windows Online Certificate Status Protocol (OCSP) Server
Denial of Ser ...)
+ TODO: check
+CVE-2024-38067 (Windows Online Certificate Status Protocol (OCSP) Server
Denial of Ser ...)
+ TODO: check
+CVE-2024-38066 (Windows Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38065 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38064 (Windows TCP/IP Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38062 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38061 (DCOM Remote Cross-Session Activation Elevation of Privilege
Vulnerabil ...)
+ TODO: check
+CVE-2024-38060 (Windows Imaging Component Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38059 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38058 (BitLocker Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38057 (Kernel Streaming WOW Thunk Service Driver Elevation of
Privilege Vulne ...)
+ TODO: check
+CVE-2024-38056 (Microsoft Windows Codecs Library Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-38055 (Microsoft Windows Codecs Library Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-38054 (Kernel Streaming WOW Thunk Service Driver Elevation of
Privilege Vulne ...)
+ TODO: check
+CVE-2024-38053 (Windows Layer-2 Bridge Network Driver Remote Code Execution
Vulnerabil ...)
+ TODO: check
+CVE-2024-38052 (Kernel Streaming WOW Thunk Service Driver Elevation of
Privilege Vulne ...)
+ TODO: check
+CVE-2024-38051 (Windows Graphics Component Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38050 (Windows Workstation Service Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38049 (Windows Distributed Transaction Coordinator Remote Code
Execution Vuln ...)
+ TODO: check
+CVE-2024-38048 (Windows Network Driver Interface Specification (NDIS) Denial
of Servic ...)
+ TODO: check
+CVE-2024-38047 (PowerShell Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38044 (DHCP Server Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38043 (PowerShell Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38041 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38034 (Windows Filtering Platform Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38033 (PowerShell Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38032 (Microsoft Xbox Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38031 (Windows Online Certificate Status Protocol (OCSP) Server
Denial of Ser ...)
+ TODO: check
+CVE-2024-38030 (Windows Themes Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38028 (Microsoft Windows Performance Data Helper Library Remote Code
Executio ...)
+ TODO: check
+CVE-2024-38027 (Windows Line Printer Daemon Service Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-38025 (Microsoft Windows Performance Data Helper Library Remote Code
Executio ...)
+ TODO: check
+CVE-2024-38024 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-38023 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-38022 (Windows Image Acquisition Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38021 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38020 (Microsoft Outlook Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38019 (Microsoft Windows Performance Data Helper Library Remote Code
Executio ...)
+ TODO: check
+CVE-2024-38017 (Microsoft Message Queuing Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38015 (Windows Remote Desktop Gateway (RD Gateway) Denial of Service
Vulnerab ...)
+ TODO: check
+CVE-2024-38013 (Microsoft Windows Server Backup Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-38011 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38010 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37997 (A vulnerability has been identified in JT Open (All versions <
V11.5), ...)
+ TODO: check
+CVE-2024-37996 (A vulnerability has been identified in JT Open (All versions <
V11.5), ...)
+ TODO: check
+CVE-2024-37989 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37988 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37987 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37986 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37984 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37981 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37978 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37977 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37975 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37974 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37973 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37972 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37971 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37970 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37969 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37952 (Improper Privilege Management vulnerability in themeenergy
BookYourTra ...)
+ TODO: check
+CVE-2024-37934 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-37873 (SQL injection vulnerability in view_payslip.php in
Itsourcecode Payrol ...)
+ TODO: check
+CVE-2024-37872 (SQL injection vulnerability in process.php in Itsourcecode
Billing Sys ...)
+ TODO: check
+CVE-2024-37871 (SQL injection vulnerability in login.php in Itsourcecode
Online Discus ...)
+ TODO: check
+CVE-2024-37870 (SQL injection vulnerability in processscore.php in Learning
Management ...)
+ TODO: check
+CVE-2024-37830 (An issue in Outline <= v0.76.1 allows attackers to redirect a
victim u ...)
+ TODO: check
+CVE-2024-37520 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37513 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37502 (Deserialization of Untrusted Data vulnerability in wpweb
WooCommerce S ...)
+ TODO: check
+CVE-2024-37501 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37499 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37497 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37494 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-37486 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-37484 (Improper Privilege Management vulnerability in Dylan James
Zephyr Proj ...)
+ TODO: check
+CVE-2024-37464 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37462 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37455 (Improper Privilege Management vulnerability in Brainstorm
Force Ultima ...)
+ TODO: check
+CVE-2024-37454 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37442 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-37437 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37430 (Authentication Bypass by Spoofing vulnerability in Patreon
Patreon Wor ...)
+ TODO: check
+CVE-2024-37424 (Unrestricted Upload of File with Dangerous Type vulnerability
in Autom ...)
+ TODO: check
+CVE-2024-37420 (Unrestricted Upload of File with Dangerous Type vulnerability
in WPZit ...)
+ TODO: check
+CVE-2024-37419 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37418 (Unrestricted Upload of File with Dangerous Type vulnerability
in Andy ...)
+ TODO: check
+CVE-2024-37410 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37336 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37334 (Microsoft OLE DB Driver for SQL Server Remote Code Execution
Vulnerabi ...)
+ TODO: check
+CVE-2024-37333 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37332 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37331 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37330 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37329 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37328 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37327 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37326 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37324 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37323 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37322 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37321 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37320 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37319 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37318 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-37268 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37266 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37256 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-37253 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-37225 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-37224 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-37112 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-37090 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-36526 (ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a
hardcoded c ...)
+ TODO: check
+CVE-2024-35777 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-35272 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-35271 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-35270 (Windows iSCSI Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-35267 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
+CVE-2024-35266 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
+CVE-2024-35264 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-35261 (Azure Network Watcher VM Extension Elevation of Privilege
Vulnerabilit ...)
+ TODO: check
+CVE-2024-35256 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-34140 (Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2024-34139 (Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected
by an In ...)
+ TODO: check
+CVE-2024-34123 (Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected
by an Un ...)
+ TODO: check
+CVE-2024-33654 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
+ TODO: check
+CVE-2024-33653 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
+ TODO: check
+CVE-2024-33509 (An improper certificate validation vulnerability [CWE-295] in
FortiWeb ...)
+ TODO: check
+CVE-2024-32987 (Microsoft SharePoint Server Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-32056 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
+ TODO: check
+CVE-2024-31957 (A vulnerability was discovered in Samsung Mobile Processors
Exynos 220 ...)
+ TODO: check
+CVE-2024-30321 (A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All
version ...)
+ TODO: check
+CVE-2024-30105 (.NET Core and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30098 (Windows Cryptographic Services Security Feature Bypass
Vulnerability)
+ TODO: check
+CVE-2024-30081 (Windows NTLM Spoofing Vulnerability)
+ TODO: check
+CVE-2024-30079 (Windows Remote Access Connection Manager Elevation of
Privilege Vulner ...)
+ TODO: check
+CVE-2024-30071 (Windows Remote Access Connection Manager Information
Disclosure Vulner ...)
+ TODO: check
+CVE-2024-30061 (Microsoft Dynamics 365 (On-Premises) Information Disclosure
Vulnerabil ...)
+ TODO: check
+CVE-2024-30013 (Windows MultiPoint Services Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-2177 (A Cross Window Forgery vulnerability exists within GitLab CE/EE
affect ...)
+ TODO: check
+CVE-2024-29153 (A vulnerability was discovered in Samsung Mobile Processor,
Wearable P ...)
+ TODO: check
+CVE-2024-28928 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-28899 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-28068 (A vulnerability was discovered in SS in Samsung Mobile
Processor, Wear ...)
+ TODO: check
+CVE-2024-28067 (A vulnerability in Samsung Exynos Modem 5300 allows a
Man-in-the-Middl ...)
+ TODO: check
+CVE-2024-27785 (An improper neutralization of formula elements in a CSV File
vulnerabi ...)
+ TODO: check
+CVE-2024-27784 (Multiple Exposure of sensitive information to an unauthorized
actor vu ...)
+ TODO: check
+CVE-2024-27783 (Multiple cross-site request forgery (CSRF) vulnerabilities
[CWE-352] ...)
+ TODO: check
+CVE-2024-27782 (Multiple insufficient session expiration vulnerabilities
[CWE-613] in ...)
+ TODO: check
+CVE-2024-27363 (A vulnerability was discovered in Samsung Mobile Processor
Exynos 850, ...)
+ TODO: check
+CVE-2024-27362 (A vulnerability was discovered in Samsung Mobile Processors
Exynos 128 ...)
+ TODO: check
+CVE-2024-27361 (A vulnerability was discovered in Samsung Mobile Processor
Exynos 980, ...)
+ TODO: check
+CVE-2024-27360 (A vulnerability was discovered in Samsung Mobile Processors
Exynos 850 ...)
+ TODO: check
+CVE-2024-27183 (XSS vulnerability in DJ-HelpfulArticles component for Joomla.)
+ TODO: check
+CVE-2024-26279 (Inadequate content filtering leads to XSS vulnerabilities in
various c ...)
+ TODO: check
+CVE-2024-26278 (The Custom Fields component not correctly filter inputs,
leading to a ...)
+ TODO: check
+CVE-2024-26184 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-26015 (An incorrect parsing of numbers with different radices
vulnerability [ ...)
+ TODO: check
+CVE-2024-23663 (An improper access control in Fortinet FortiExtender 4.1.1 -
4.1.9, 4. ...)
+ TODO: check
+CVE-2024-22271 (In Spring Cloud Function framework, versions 4.1.x prior to
4.1.2, 4.0 ...)
+ TODO: check
+CVE-2024-21759 (An authorization bypass through user-controlled key in
Fortinet FortiP ...)
+ TODO: check
+CVE-2024-21731 (Improper handling of input could lead to an XSS vector in the
StringHe ...)
+ TODO: check
+CVE-2024-21730 (The fancyselect list field layout does not correctly escape
inputs, le ...)
+ TODO: check
+CVE-2024-21729 (Inadequate input validation leads to XSS vulnerabilities in
the access ...)
+ TODO: check
+CVE-2024-21449 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21428 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21425 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21415 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21414 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21398 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21373 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21335 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21333 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21332 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21331 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21317 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21308 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-21303 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-20785 (InDesign Desktop versions ID19.3, ID18.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-20783 (InDesign Desktop versions ID19.3, ID18.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-20782 (InDesign Desktop versions ID19.3, ID18.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-20781 (InDesign Desktop versions ID19.3, ID18.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-20701 (SQL Server Native Client OLE DB Provider Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2023-52891 (A vulnerability has been identified in SIMATIC Energy Manager
Basic (A ...)
+ TODO: check
+CVE-2023-52238 (A vulnerability has been identified in RUGGEDCOM RST2228 (All
versions ...)
+ TODO: check
+CVE-2023-52237 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i800N ...)
+ TODO: check
+CVE-2023-50807 (A vulnerability was discovered in Samsung Wearable Processor
and Modem ...)
+ TODO: check
+CVE-2023-50806 (A vulnerability was discovered in Samsung Mobile Processor,
Wearable P ...)
+ TODO: check
+CVE-2023-50805 (A vulnerability was discovered in Samsung Mobile Processor,
Wearable P ...)
+ TODO: check
+CVE-2023-50181 (An improper access control vulnerability [CWE-284] in Fortinet
FortiAD ...)
+ TODO: check
+CVE-2023-50179 (An improper certificate validation vulnerability [CWE-295] in
FortiADC ...)
+ TODO: check
+CVE-2023-50178 (An improper certificate validation vulnerability [CWE-295] in
FortiADC ...)
+ TODO: check
+CVE-2023-48194 (Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and
the last ...)
+ TODO: check
+CVE-2023-40702 (PingOne MFA Integration Kit contains a vulnerability where the
skipMFA ...)
+ TODO: check
+CVE-2023-40356 (PingOne MFA Integration Kit contains a vulnerability related
to the Pr ...)
+ TODO: check
+CVE-2023-3290 (A BOLA vulnerability in POST /customers allows a low privileged
user t ...)
+ TODO: check
+CVE-2023-3289 (A BOLA vulnerability in POST /services allows a low privileged
user to ...)
+ TODO: check
+CVE-2023-3288 (A BOLA vulnerability in POST /providers allows a low privileged
user t ...)
+ TODO: check
+CVE-2023-3287 (A BOLA vulnerability in POST /admins allows a low privileged
user to c ...)
+ TODO: check
+CVE-2023-3286 (A BOLA vulnerability in POST /secretaries allows a low
privileged user ...)
+ TODO: check
+CVE-2023-3285 (A BOLA vulnerability in POST /appointments allows a low
privileged use ...)
+ TODO: check
+CVE-2023-38055 (A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId}
allows ...)
+ TODO: check
+CVE-2023-38054 (A BOLA vulnerability in GET, PUT, DELETE
/customers/{customerId} allow ...)
+ TODO: check
+CVE-2023-38053 (A BOLA vulnerability in GET, PUT, DELETE
/settings/{settingName} allow ...)
+ TODO: check
+CVE-2023-38052 (A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId}
allows a lo ...)
+ TODO: check
+CVE-2023-38051 (A BOLA vulnerability in GET, PUT, DELETE
/secretaries/{secretaryId} al ...)
+ TODO: check
+CVE-2023-38050 (A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId}
allows ...)
+ TODO: check
+CVE-2023-38049 (A BOLA vulnerability in GET, PUT, DELETE
/appointments/{appointmentId} ...)
+ TODO: check
+CVE-2023-38048 (A BOLA vulnerability in GET, PUT, DELETE
/providers/{providerId} allow ...)
+ TODO: check
+CVE-2023-38047 (A BOLA vulnerability in GET, PUT, DELETE
/categories/{categoryId} allo ...)
+ TODO: check
+CVE-2023-32737 (A vulnerability has been identified in SIMATIC STEP 7 Safety
V18 (All ...)
+ TODO: check
+CVE-2023-32735 (A vulnerability has been identified in SIMATIC STEP 7 Safety
V16 (All ...)
+ TODO: check
+CVE-2024-6615 (Memory safety bugs present in Firefox 127. Some of these bugs
showed e ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6615
-CVE-2024-6614
+CVE-2024-6614 (The frame iterator could get stuck in a loop when encountering
certain ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6614
-CVE-2024-6613
+CVE-2024-6613 (The frame iterator could get stuck in a loop when encountering
certain ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6613
-CVE-2024-6612
+CVE-2024-6612 (CSP violations generated links in the console tab of the
developer too ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6612
-CVE-2024-6611
+CVE-2024-6611 (A nested iframe, triggering a cross-site navigation, could send
SameSi ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6611
-CVE-2024-6610
+CVE-2024-6610 (Form validation popups could capture escape key presses.
Therefore, sp ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6610
-CVE-2024-6609
+CVE-2024-6609 (When almost out-of-memory an elliptic curve key which was never
alloca ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6609
TODO: check how its related to src:nss and if src:nss tracking is
necessary
-CVE-2024-6608
+CVE-2024-6608 (It was possible to move the cursor using pointerlock from an
iframe. T ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6608
-CVE-2024-6607
+CVE-2024-6607 (It was possible to prevent a user from exiting pointerlock when
pressi ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6607
-CVE-2024-6606
+CVE-2024-6606 (Clipboard code failed to check the index on an array access.
This coul ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6606
-CVE-2024-6605
+CVE-2024-6605 (Firefox Android allowed immediate interaction with permission
prompts. ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6605
-CVE-2024-6604
+CVE-2024-6604 (Memory safety bugs present in Firefox 127, Firefox ESR 115.12,
and Thu ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6604
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6604
-CVE-2024-6603
+CVE-2024-6603 (In an out-of-memory scenario an allocation could fail but free
would h ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6603
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6603
-CVE-2024-6602
+CVE-2024-6602 (A mismatch between allocator and deallocator could have lead to
memory ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6602
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6602
TODO: check how its related to src:nss and if src:nss tracking is
necessary
-CVE-2024-6601
+CVE-2024-6601 (A race condition could lead to a cross-origin container
obtaining perm ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6601
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6601
-CVE-2024-6600
+CVE-2024-6600 (Due to large allocation checks in Angle for GLSL shaders being
too len ...)
- firefox <not-affected> (Only affects Firefox on MacOS)
- firefox-esr <not-affected> (Only affects Firefox on MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6600
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6600
-CVE-2024-39487 [bonding: Fix out-of-bounds read in
bond_option_arp_ip_targets_set()]
+CVE-2024-39487 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/e271ff53807e8f2c628758290f0e499dbe51cb3d (6.10-rc7)
CVE-2024-6365 (The Product Table by WBW plugin for WordPress is vulnerable to
Remote ...)
@@ -276,7 +946,7 @@ CVE-2024-25639 (Khoj is an application that creates
personal AI agents. The Khoj
CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows
the OpenVP ...)
- openvpn <not-affected> (Only affects Windows)
NOTE:
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
-CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure
of sensi ...)
+CVE-2024-23562 (This vulnerability is re-assessed. Vulnerability details will
be updat ...)
NOT-FOR-US: HCL Domino
CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the
configuration ...)
NOT-FOR-US: Realtek rtl819x Jungle SDK
@@ -399,7 +1069,7 @@ CVE-2024-39182 (An information disclosure vulnerability in
ISPmanager v6.98.0 al
NOT-FOR-US: ISPmanager
CVE-2024-33862 (A buffer-management vulnerability in OPC Foundation
OPCFoundation.NetS ...)
NOT-FOR-US: OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core
-CVE-2024-6501
+CVE-2024-6501 (A flaw was found in NetworkManager. When a system running
NetworkManag ...)
- network-manager <unfixed>
[bookworm] - network-manager <no-dsa> (Minor issue)
[bullseye] - network-manager <no-dsa> (Minor issue)
@@ -407,7 +1077,7 @@ CVE-2024-6501
CVE-2023-39329 [Resource exhaustion will occur in the opj_t1_decode_cblks
function in the tcd.c]
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1474
-CVE-2023-39328 [denail of service via crafted image file]
+CVE-2023-39328 (A vulnerability was found in OpenJPEG similar to
CVE-2019-6988. This f ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1471
NOTE: https://github.com/uclouvain/openjpeg/pull/1470
@@ -1668,7 +2338,7 @@ CVE-2024-37137 (Dell Key Trust Platform, v3.0.6 and
prior, contains Use of a Cry
NOT-FOR-US: D-Link
CVE-2024-36755 (D-Link DIR-1950 up to v1.11B03 does not validate SSL
certificates when ...)
NOT-FOR-US: D-Link
-CVE-2024-36075 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+CVE-2024-36075 (The CoSoSys Endpoint Protector through 5.9.3 and Unify agent
through 7 ...)
NOT-FOR-US: CoSoSys
CVE-2024-36074 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
NOT-FOR-US: CoSoSys
@@ -2759,7 +3429,7 @@ CVE-2024-29868 (Use of Cryptographically Weak
Pseudo-Random Number Generator (PR
NOT-FOR-US: Apache StreamPipes
CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows
the atta ...)
- jspwiki <removed>
-CVE-2024-28882 (OpenVPN 2.6.10 and earlier in a server role accepts multiple
exit noti ...)
+CVE-2024-28882 (OpenVPN from 2.6.0 through 2.6.10 in a server role accepts
multiple ex ...)
- openvpn 2.6.11-1 (bug #1074488)
NOTE:
https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f
(v2.6.11)
CVE-2024-5594
@@ -11245,7 +11915,8 @@ CVE-2024-3917 (The Pet Manager WordPress plugin through
1.4 does not sanitise an
NOT-FOR-US: WordPress plugin
CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is
vulnerable to un ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby
a remot ...)
+CVE-2024-3708
+ REJECTED
- lighttpd 1.4.52-1
NOTE: will only be published on July 9th, 2024, but said to be an issue
fixed by maintainer in 2018 in version 1.4.51
CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable
to Stor ...)
@@ -16845,7 +17516,7 @@ CVE-2024-33647 (A vulnerability has been identified in
Polarion ALM (All version
NOT-FOR-US: Siemens
CVE-2024-33583 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
NOT-FOR-US: Siemens
-CVE-2024-33577 (A vulnerability has been identified in Simcenter Nastran 2306
(All ver ...)
+CVE-2024-33577 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2024-33499 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
NOT-FOR-US: Siemens
@@ -16906,27 +17577,27 @@ CVE-2024-32350 (TOTOLINK X5000R
V9.1.0cu.2350_B20230313 was discovered to contai
NOT-FOR-US: TOTOLINK
CVE-2024-32349 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to
contain an a ...)
NOT-FOR-US: TOTOLINK
-CVE-2024-32066 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32066 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32065 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32065 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32064 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32064 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32063 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32063 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32062 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32062 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32061 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32061 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32060 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32060 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32059 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32059 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32058 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32058 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32057 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32057 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
+CVE-2024-32055 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1,
2.44.1, 2. ...)
{DLA-3844-1}
@@ -128146,8 +128817,8 @@ CVE-2022-45149 (A vulnerability was found in Moodle
which exists due to insuffic
- moodle <removed>
CVE-2022-45148
REJECTED
-CVE-2022-45147
- RESERVED
+CVE-2022-45147 (A vulnerability has been identified in SIMATIC PCS neo V4.0
(All versi ...)
+ TODO: check
CVE-2022-3959 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Drogon
CVE-2022-3958 (Cross-site Scripting (XSS) vulnerability in
BlueSpiceUserSidebar exten ...)
@@ -186072,7 +186743,7 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the
Linux kernel 5.4 through 5.
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
-CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ
(6ES7655-5PX31- ...)
+CVE-2022-25622 (The PROFINET (PNIO) stack, when integrated with the Interniche
IP stac ...)
NOT-FOR-US: Siemens
CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510
Ver8.2.11 and ...)
NOT-FOR-US: UUNIVERGE
@@ -379001,7 +379672,7 @@ CVE-2019-10938 (A vulnerability has been identified
in SIPROTEC 5 devices with C
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5
devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All
version ...)
NOT-FOR-US: SIMATIC TDC CP51M1
-CVE-2019-10936 (A vulnerability has been identified in SIMATIC S7-400 CPU
414-3 PN/DP ...)
+CVE-2019-10936 (Affected devices improperly handle large amounts of specially
crafted ...)
NOT-FOR-US: Siemens
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
NOT-FOR-US: Siemens
@@ -478370,7 +479041,7 @@ CVE-2017-12743
RESERVED
CVE-2017-12742
RESERVED
-CVE-2017-12741 (A vulnerability has been identified in Development/Evaluation
Kits for ...)
+CVE-2017-12741 (Specially crafted packets sent to port 161/udp could cause a
denial of ...)
NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks
integrity ...)
NOT-FOR-US: Siemens
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10fbba9491425ddba8f960b4351f6a28943c413
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10fbba9491425ddba8f960b4351f6a28943c413
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
