Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b985a9a by security tracker role at 2024-10-09T20:12:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,639 @@
-CVE-2024-28168 [Apache XML Graphics FOP: XML External Entity (XXE) Processing]
+CVE-2024-9680 (An attacker was able to achieve code execution in the content
process ...)
+ TODO: check
+CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not
properly val ...)
+ TODO: check
+CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism
to see ...)
+ TODO: check
+CVE-2024-9575 (Local File Inclusion vulnerability in pretix Widget WordPress
plugin p ...)
+ TODO: check
+CVE-2024-9473 (A privilege escalation vulnerability in the Palo Alto Networks
GlobalP ...)
+ TODO: check
+CVE-2024-9471 (A privilege escalation (PE) vulnerability in the XML API of
Palo Alto ...)
+ TODO: check
+CVE-2024-9470 (A vulnerability in Cortex XSOAR allows the disclosure of
incident data ...)
+ TODO: check
+CVE-2024-9469 (A problem with a detection mechanism in the Palo Alto Networks
Cortex ...)
+ TODO: check
+CVE-2024-9468 (A memory corruption vulnerability in Palo Alto Networks PAN-OS
softwar ...)
+ TODO: check
+CVE-2024-9467 (A reflected XSS vulnerability in Palo Alto Networks Expedition
enables ...)
+ TODO: check
+CVE-2024-9466 (A cleartext storage of sensitive information vulnerability in
Palo Alt ...)
+ TODO: check
+CVE-2024-9465 (An SQL injection vulnerability in Palo Alto Networks Expedition
allows ...)
+ TODO: check
+CVE-2024-9464 (An OS command injection vulnerability in Palo Alto Networks
Expedition ...)
+ TODO: check
+CVE-2024-9463 (An OS command injection vulnerability in Palo Alto Networks
Expedition ...)
+ TODO: check
+CVE-2024-9451 (The Embed PDF Viewer plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-9449 (The Auto iFrame plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-9412 (An improper authorization vulnerability exists in the Rockwell
Automat ...)
+ TODO: check
+CVE-2024-9381 (Path traversal in Ivanti CSA before version 5.0.2 allows a
remote auth ...)
+ TODO: check
+CVE-2024-9380 (An OS command injection vulnerability in the admin web console
of Ivan ...)
+ TODO: check
+CVE-2024-9379 (SQL injection in the admin web console of Ivanti CSA before
version 5. ...)
+ TODO: check
+CVE-2024-9286 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-9207 (The BuddyPress Docs plugin for WordPress is vulnerable to
Reflected Cr ...)
+ TODO: check
+CVE-2024-9167 (Under specific circumstances, insecure permissions in Ivanti
Velocity ...)
+ TODO: check
+CVE-2024-9124 (A denial-of-service vulnerability exists in the Rockwell
Automation Po ...)
+ TODO: check
+CVE-2024-9005 (CWE-502: Deserialization of Untrusted Data vulnerability exists
that c ...)
+ TODO: check
+CVE-2024-8943 (The LatePoint plugin for WordPress is vulnerable to
authentication byp ...)
+ TODO: check
+CVE-2024-8911 (The LatePoint plugin for WordPress is vulnerable to Arbitrary
User Pas ...)
+ TODO: check
+CVE-2024-8884 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor vu ...)
+ TODO: check
+CVE-2024-8629 (The WooCommerce Multilingual & Multicurrency with WPML plugin
for Word ...)
+ TODO: check
+CVE-2024-8626 (Due to a memory leak, a denial-of-service vulnerability exists
in the ...)
+ TODO: check
+CVE-2024-8518 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
+ TODO: check
+CVE-2024-8488 (The Survey Maker plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-8482 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-8433 (The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin
for Wo ...)
+ TODO: check
+CVE-2024-8431 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin
for Word ...)
+ TODO: check
+CVE-2024-8422 (CWE-416: Use After Free vulnerability exists that could cause
arbitrar ...)
+ TODO: check
+CVE-2024-8215 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-8048 (In Progress Telerik Reporting versions prior to 2024 Q3
(18.2.24.924), ...)
+ TODO: check
+CVE-2024-8015 (In Progress Telerik Report Server versions prior to 2024 Q3
(10.2.24.9 ...)
+ TODO: check
+CVE-2024-8014 (In Progress Telerik Reporting versions prior to 2024 Q3
(18.2.24.924), ...)
+ TODO: check
+CVE-2024-7963 (The CMSMasters Content Composer plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-7840 (In Progress Telerik Reporting versions prior to 2024 Q3
(2024.3.924), ...)
+ TODO: check
+CVE-2024-7612 (Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a
local auth ...)
+ TODO: check
+CVE-2024-7294 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q3 (1 ...)
+ TODO: check
+CVE-2024-7293 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q3 (1 ...)
+ TODO: check
+CVE-2024-7292 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q3 (1 ...)
+ TODO: check
+CVE-2024-7041 (An Insecure Direct Object Reference (IDOR) vulnerability exists
in ope ...)
+ TODO: check
+CVE-2024-7038 (An information disclosure vulnerability exists in open-webui
version 0 ...)
+ TODO: check
+CVE-2024-7037 (In version v0.3.8 of open-webui/open-webui, the endpoint
/api/pipeline ...)
+ TODO: check
+CVE-2024-5968 (The Photo Gallery by 10Web WordPress plugin before 1.8.28 does
not pr ...)
+ TODO: check
+CVE-2024-47951 (In JetBrains TeamCity before 2024.07.3 stored XSS was possible
via ser ...)
+ TODO: check
+CVE-2024-47950 (In JetBrains TeamCity before 2024.07.3 stored XSS was possible
in Back ...)
+ TODO: check
+CVE-2024-47949 (In JetBrains TeamCity before 2024.07.3 path traversal allowed
backup f ...)
+ TODO: check
+CVE-2024-47948 (In JetBrains TeamCity before 2024.07.3 path traversal leading
to infor ...)
+ TODO: check
+CVE-2024-47833 (Taipy is an open-source Python library for easy, end-to-end
applicatio ...)
+ TODO: check
+CVE-2024-47832 (ssoready is a single sign on provider implemented via docker.
Affected ...)
+ TODO: check
+CVE-2024-47828 (ampache is a web based audio/video streaming application and
file mana ...)
+ TODO: check
+CVE-2024-47823 (Livewire is a full-stack framework for Laravel that allows for
dynamic ...)
+ TODO: check
+CVE-2024-47822 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-47816 (ImportDump is a mediawiki extension designed to automate user
import r ...)
+ TODO: check
+CVE-2024-47815 (IncidentReporting is a MediaWiki extension for moving incident
reports ...)
+ TODO: check
+CVE-2024-47813 (Wasmtime is an open source runtime for WebAssembly. Under
certain conc ...)
+ TODO: check
+CVE-2024-47812 (ImportDump is an extension for mediawiki designed to automate
user imp ...)
+ TODO: check
+CVE-2024-47780 (TYPO3 is a free and open source Content Management Framework.
Backend ...)
+ TODO: check
+CVE-2024-47773 (Discourse is an open source platform for community discussion.
An atta ...)
+ TODO: check
+CVE-2024-47763 (Wasmtime is an open source runtime for WebAssembly. Wasmtime's
impleme ...)
+ TODO: check
+CVE-2024-47673 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ TODO: check
+CVE-2024-47672 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ TODO: check
+CVE-2024-47671 (In the Linux kernel, the following vulnerability has been
resolved: U ...)
+ TODO: check
+CVE-2024-47670 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
+ TODO: check
+CVE-2024-47669 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-47668 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
+ TODO: check
+CVE-2024-47667 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
+ TODO: check
+CVE-2024-47666 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-47665 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ TODO: check
+CVE-2024-47664 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-47663 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-47662 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-47661 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-47660 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
+ TODO: check
+CVE-2024-47659 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-47658 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ TODO: check
+CVE-2024-47565 (A vulnerability has been identified in Siemens SINEC Security
Monitor ...)
+ TODO: check
+CVE-2024-47563 (A vulnerability has been identified in Siemens SINEC Security
Monitor ...)
+ TODO: check
+CVE-2024-47562 (A vulnerability has been identified in Siemens SINEC Security
Monitor ...)
+ TODO: check
+CVE-2024-47553 (A vulnerability has been identified in Siemens SINEC Security
Monitor ...)
+ TODO: check
+CVE-2024-47425 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-47424 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-47423 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-47422 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-47421 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-47420 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2024-47419 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2024-47418 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
+ TODO: check
+CVE-2024-47417 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Heap-bas ...)
+ TODO: check
+CVE-2024-47416 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
Integer ...)
+ TODO: check
+CVE-2024-47415 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
+ TODO: check
+CVE-2024-47414 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
+ TODO: check
+CVE-2024-47413 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
+ TODO: check
+CVE-2024-47412 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
+ TODO: check
+CVE-2024-47411 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
Access ...)
+ TODO: check
+CVE-2024-47410 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Stack-ba ...)
+ TODO: check
+CVE-2024-47334 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-47196 (A vulnerability has been identified in ModelSim (All versions
< V2024. ...)
+ TODO: check
+CVE-2024-47195 (A vulnerability has been identified in ModelSim (All versions
< V2024. ...)
+ TODO: check
+CVE-2024-47194 (A vulnerability has been identified in ModelSim (All versions
< V2024. ...)
+ TODO: check
+CVE-2024-47161 (In JetBrains TeamCity before 2024.07.3 password could be
exposed via S ...)
+ TODO: check
+CVE-2024-47046 (A vulnerability has been identified in Simcenter Nastran 2306
(All ver ...)
+ TODO: check
+CVE-2024-47011 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows
a remot ...)
+ TODO: check
+CVE-2024-47010 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows
a remot ...)
+ TODO: check
+CVE-2024-47009 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows
a remot ...)
+ TODO: check
+CVE-2024-47008 (Server-side request forgery in Ivanti Avalanche before version
6.4.5 a ...)
+ TODO: check
+CVE-2024-47007 (A NULL pointer dereference in WLAvalancheService.exe of Ivanti
Avalanc ...)
+ TODO: check
+CVE-2024-46887 (The web server of affected devices do not properly
authenticate user r ...)
+ TODO: check
+CVE-2024-46886 (The web server of affected devices does not properly validate
input th ...)
+ TODO: check
+CVE-2024-46871 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-46870 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-46539 (Insecure permissions in the Bluetooth Low Energy (BLE)
component of Fi ...)
+ TODO: check
+CVE-2024-46410 (PublicCMS V4.0.202406.d was discovered to contain a cross-site
scripti ...)
+ TODO: check
+CVE-2024-46316 (DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command
injecti ...)
+ TODO: check
+CVE-2024-46307 (A loop hole in the payment logic of Sparkshop v1.16 allows
attackers t ...)
+ TODO: check
+CVE-2024-46304 (A Buffer Overflow vulnerability in libcoap v4.3.5-rc2 and
below allows ...)
+ TODO: check
+CVE-2024-46292 (A buffer overflow in modsecurity v3.0.12 allows attackers to
cause a D ...)
+ TODO: check
+CVE-2024-46237 (PHPGurukul Hospital Management System 4.0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-45918 (Fujian Kelixin Communication Command and Dispatch Platform
<=7.6.6.439 ...)
+ TODO: check
+CVE-2024-45880 (A command injection vulnerability exists in Motorola CX2L
router v1.0. ...)
+ TODO: check
+CVE-2024-45746 (An issue was discovered in Trusted Firmware-M through 2.1.0.
User prov ...)
+ TODO: check
+CVE-2024-45476 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45475 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45474 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45473 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45472 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45471 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45470 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45469 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45468 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45467 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45466 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45465 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45464 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45463 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-45330 (A use of externally-controlled format string in Fortinet
FortiAnalyzer ...)
+ TODO: check
+CVE-2024-45179 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45152 (Substance3D - Stager versions 3.0.3 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2024-45150 (Dimension versions 4.0.3 and earlier are affected by an
out-of-bounds ...)
+ TODO: check
+CVE-2024-45146 (Dimension versions 4.0.3 and earlier are affected by a Use
After Free ...)
+ TODO: check
+CVE-2024-45145 (Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are
affecte ...)
+ TODO: check
+CVE-2024-45144 (Substance3D - Stager versions 3.0.3 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2024-45143 (Substance3D - Stager versions 3.0.3 and earlier are affected
by a Heap ...)
+ TODO: check
+CVE-2024-45142 (Substance3D - Stager versions 3.0.3 and earlier are affected
by a Writ ...)
+ TODO: check
+CVE-2024-45141 (Substance3D - Stager versions 3.0.3 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2024-45140 (Substance3D - Stager versions 3.0.3 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2024-45139 (Substance3D - Stager versions 3.0.3 and earlier are affected
by a Heap ...)
+ TODO: check
+CVE-2024-45138 (Substance3D - Stager versions 3.0.3 and earlier are affected
by a Use ...)
+ TODO: check
+CVE-2024-45137 (InDesign Desktop versions 19.4, 18.5.3 and earlier are
affected by an ...)
+ TODO: check
+CVE-2024-45136 (InCopy versions 19.4, 18.5.3 and earlier are affected by an
Unrestrict ...)
+ TODO: check
+CVE-2024-44349 (A SQL injection vulnerability in login portal in AnteeoWMS
before v4.7 ...)
+ TODO: check
+CVE-2024-43616 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43615 (Microsoft OpenSSH for Windows Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43614 (Microsoft Defender for Endpoint for Linux Spoofing
Vulnerability)
+ TODO: check
+CVE-2024-43612 (Power BI Report Server Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43611 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-43610 (Exposure of Sensitive Information to an Unauthorized Actor in
Copilot ...)
+ TODO: check
+CVE-2024-43609 (Microsoft Office Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43608 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-43607 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-43604 (Outlook for Android Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43603 (Visual Studio Collector Service Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43601 (Visual Studio Code for Linux Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43599 (Remote Desktop Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43593 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-43592 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-43591 (Azure Command Line Integration (CLI) Elevation of Privilege
Vulnerabil ...)
+ TODO: check
+CVE-2024-43590 (Visual C++ Redistributable Installer Elevation of Privilege
Vulnerabil ...)
+ TODO: check
+CVE-2024-43589 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-43585 (Code Integrity Guard Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-43584 (Windows Scripting Engine Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-43583 (Winlogon Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43582 (Remote Desktop Protocol Server Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43581 (Microsoft OpenSSH for Windows Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43576 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43575 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43574 (Microsoft Speech Application Programming Interface (SAPI)
Remote Code ...)
+ TODO: check
+CVE-2024-43573 (Windows MSHTML Platform Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43572 (Microsoft Management Console Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43571 (Sudo for Windows Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43570 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43567 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43565 (Windows Network Address Translation (NAT) Denial of Service
Vulnerabil ...)
+ TODO: check
+CVE-2024-43564 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-43563 (Windows Ancillary Function Driver for WinSock Elevation of
Privilege V ...)
+ TODO: check
+CVE-2024-43562 (Windows Network Address Translation (NAT) Denial of Service
Vulnerabil ...)
+ TODO: check
+CVE-2024-43561 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43560 (Microsoft Windows Storage Port Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-43559 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43558 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43557 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43556 (Windows Graphics Component Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43555 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43554 (Windows Kernel-Mode Driver Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-43553 (NT OS Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43552 (Windows Shell Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43551 (Windows Storage Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43550 (Windows Secure Channel Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43549 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-43547 (Windows Kerberos Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-43546 (Windows Cryptographic Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-43545 (Windows Online Certificate Status Protocol (OCSP) Server
Denial of Ser ...)
+ TODO: check
+CVE-2024-43544 (Microsoft Simple Certificate Enrollment Protocol Denial of
Service Vul ...)
+ TODO: check
+CVE-2024-43543 (Windows Mobile Broadband Driver Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43542 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43541 (Microsoft Simple Certificate Enrollment Protocol Denial of
Service Vul ...)
+ TODO: check
+CVE-2024-43540 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43538 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43537 (Windows Mobile Broadband Driver Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-43536 (Windows Mobile Broadband Driver Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43535 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43534 (Windows Graphics Component Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-43533 (Remote Desktop Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43532 (Remote Registry Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43529 (Windows Print Spooler Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43528 (Windows Secure Kernel Mode Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43527 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43526 (Windows Mobile Broadband Driver Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43525 (Windows Mobile Broadband Driver Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43524 (Windows Mobile Broadband Driver Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43523 (Windows Mobile Broadband Driver Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43522 (Windows Local Security Authority (LSA) Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2024-43521 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43520 (Windows Kernel Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43519 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
+ TODO: check
+CVE-2024-43518 (Windows Telephony Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43517 (Microsoft ActiveX Data Objects Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43516 (Windows Secure Kernel Mode Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43515 (Internet Small Computer Systems Interface (iSCSI) Denial of
Service Vu ...)
+ TODO: check
+CVE-2024-43514 (Windows Resilient File System (ReFS) Elevation of Privilege
Vulnerabil ...)
+ TODO: check
+CVE-2024-43513 (BitLocker Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-43512 (Windows Standards-Based Storage Management Service Denial of
Service V ...)
+ TODO: check
+CVE-2024-43511 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43509 (Windows Graphics Component Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43508 (Windows Graphics Component Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-43506 (BranchCache Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43505 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43504 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43503 (Microsoft SharePoint Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43502 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43501 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-43500 (Windows Resilient File System (ReFS) Information Disclosure
Vulnerabil ...)
+ TODO: check
+CVE-2024-43497 (DeepSpeed Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43488 (Missing authentication for critical function in Visual Studio
Code ext ...)
+ TODO: check
+CVE-2024-43485 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43484 (.NET, .NET Framework, and Visual Studio Denial of Service
Vulnerabilit ...)
+ TODO: check
+CVE-2024-43483 (.NET, .NET Framework, and Visual Studio Denial of Service
Vulnerabilit ...)
+ TODO: check
+CVE-2024-43481 (Power BI Report Server Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43480 (Azure Service Fabric for Linux Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43468 (Microsoft Configuration Manager Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43456 (Windows Remote Desktop ServicesTampering Vulnerability)
+ TODO: check
+CVE-2024-43453 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-42988 (Lack of access control in ChallengeSolves
(/api/v1/challenges/<challen ...)
+ TODO: check
+CVE-2024-41981 (A vulnerability has been identified in Simcenter Nastran 2306
(All ver ...)
+ TODO: check
+CVE-2024-41902 (A vulnerability has been identified in JT2Go (All versions <
V2406.000 ...)
+ TODO: check
+CVE-2024-41798 (A vulnerability has been identified in SENTRON 7KM PAC3200
(All versio ...)
+ TODO: check
+CVE-2024-3656 (A flaw was found in Keycloak. Certain endpoints in Keycloak's
admin RE ...)
+ TODO: check
+CVE-2024-3506 (A possible buffer overflow in selected cameras' drivers from
XProtect ...)
+ TODO: check
+CVE-2024-3057 (A flaw exists whereby a user can make a specific call to a
FlashArray ...)
+ TODO: check
+CVE-2024-39586 (Dell AppSync Server, version 4.3 through 4.6, contains an XML
External ...)
+ TODO: check
+CVE-2024-39525 (AnImproper Handling of Exceptional Conditions vulnerability in
the rou ...)
+ TODO: check
+CVE-2024-39516 (An Out-of-Bounds Read vulnerability in the routing protocol
daemon (r ...)
+ TODO: check
+CVE-2024-39515 (An Improper Validation of Consistency within Input
vulnerability in th ...)
+ TODO: check
+CVE-2024-39440 (In DRM service, there is a possible system crash due to null
pointer d ...)
+ TODO: check
+CVE-2024-39439 (In DRM service, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2024-39438 (In linkturbonative service, there is a possible command
injection due ...)
+ TODO: check
+CVE-2024-39437 (In linkturbonative service, there is a possible command
injection due ...)
+ TODO: check
+CVE-2024-39436 (In linkturbonative service, there is a possible command
injection due ...)
+ TODO: check
+CVE-2024-38818 (VMware NSX contains a local privilege escalation
vulnerability. An au ...)
+ TODO: check
+CVE-2024-38817 (Mware NSX contains a command injection vulnerability. A
malicious act ...)
+ TODO: check
+CVE-2024-38815 (VMware NSX contains a content spoofing vulnerability. An
unauthentica ...)
+ TODO: check
+CVE-2024-38265 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-38262 (Windows Remote Desktop Licensing Service Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-38261 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-38229 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38212 (Windows Routing and Remote Access Service (RRAS) Remote Code
Execution ...)
+ TODO: check
+CVE-2024-38179 (Azure Stack Hyperconverged Infrastructure (HCI) Elevation of
Privilege ...)
+ TODO: check
+CVE-2024-38149 (BranchCache Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38129 (Windows Kerberos Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38124 (Windows Netlogon Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38097 (Azure Monitor Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38029 (Microsoft OpenSSH for Windows Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-37983 (Windows Resume Extensible Firmware Interface Security Feature
Bypass V ...)
+ TODO: check
+CVE-2024-37982 (Windows Resume Extensible Firmware Interface Security Feature
Bypass V ...)
+ TODO: check
+CVE-2024-37979 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-37976 (Windows Resume Extensible Firmware Interface Security Feature
Bypass V ...)
+ TODO: check
+CVE-2024-36814 (An arbitrary file read vulnerability in Adguard Home before
v0.107.52 ...)
+ TODO: check
+CVE-2024-35288 (Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0
allows Local ...)
+ TODO: check
+CVE-2024-35215 (NULL pointer dereference in IP socket options processing of
the Networ ...)
+ TODO: check
+CVE-2024-33506 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
+ TODO: check
+CVE-2024-30118 (HCL Connections is vulnerable to an information disclosure
vulnerabili ...)
+ TODO: check
+CVE-2024-30092 (Windows Hyper-V Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-27457 (Improper check for unusual or exceptional conditions in
Intel(R) TDX M ...)
+ TODO: check
+CVE-2024-25885 (An issue in the getcolor function in utils.py of xhtml2pdf
v0.2.13 all ...)
+ TODO: check
+CVE-2024-25825 (FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS
for You 1 ...)
+ TODO: check
+CVE-2024-25286 (3DSecure 2.0 allows CSRF in the Authorization Method via
modified Orig ...)
+ TODO: check
+CVE-2024-25285 (3DSecure 2.0 allows form action hijacking via
threeDsMethod.jsp?threeD ...)
+ TODO: check
+CVE-2024-25284 (3DSecure 2.0 allows reflected XSS in the 3DS Authorization
Method via ...)
+ TODO: check
+CVE-2024-25283 (3DSecure 2.0 allows reflected XSS in the 3DS Authorization
Challenge v ...)
+ TODO: check
+CVE-2024-25282 (3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a
modified ...)
+ TODO: check
+CVE-2024-20787 (Substance3D - Painter versions 10.0.1 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-20659 (Windows Hyper-V Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-52952 (A vulnerability has been identified in HiMed Cockpit 12 pro
(J31032-K2 ...)
+ TODO: check
+CVE-2024-28168 (Improper Restriction of XML External Entity Reference ('XXE')
vulnerab ...)
- fop <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2024/10/09/1
NOTE: https://issues.apache.org/jira/browse/FOP-3168
NOTE:
https://github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134
-CVE-2024-9603
+CVE-2024-9603 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.100
allowed ...)
+ {DSA-5787-1}
- chromium 129.0.6668.100-1
-CVE-2024-9602
+CVE-2024-9602 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.100
allowed ...)
+ {DSA-5787-1}
- chromium 129.0.6668.100-1
-CVE-2024-9622
+CVE-2024-9622 (A vulnerability was found in the resteasy-netty4 library
arising from ...)
NOT-FOR-US: resteasy-netty4
-CVE-2024-9621
+CVE-2024-9621 (A vulnerability was found in Quarkus CXF. Passwords and other
secrets ...)
NOT-FOR-US: Quarkus
-CVE-2024-9620
+CVE-2024-9620 (A flaw was found in Event-Driven Automation (EDA) in Ansible
Automatio ...)
NOT-FOR-US: event-driven-ansible
-CVE-2024-45720
+CVE-2024-45720 (On Windows platforms, a "best fit" character encoding
conversion of co ...)
- subversion <not-affected> (Windows-specific)
NOTE: https://subversion.apache.org/security/CVE-2024-45720-advisory.txt
CVE-2024-9292 (The Bridge Core plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
@@ -772,7 +1392,7 @@ CVE-2024-25694 (There is a stored Cross-site Scripting
vulnerability in Esri Por
NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-25691 (There is a reflected XSS vulnerability in Esri Portal for
ArcGIS versi ...)
NOT-FOR-US: Esri Portal for ArcGIS
-CVE-2024-47191
+CVE-2024-47191 (pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12
allows ...)
{DSA-5784-1}
- oath-toolkit 2.6.12-1
[bullseye] - oath-toolkit <not-affected> (Vulnerable code not present)
@@ -1319,7 +1939,7 @@ CVE-2024-9402 (Memory safety bugs present in Firefox 130,
Firefox ESR 128.2, and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9402
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9402
CVE-2024-9401 (Memory safety bugs present in Firefox 130, Firefox ESR 115.15,
Firefox ...)
- {DSA-5783-1}
+ {DSA-5783-1 DLA-3913-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird 1:128.3.0esr-1
@@ -1355,7 +1975,7 @@ CVE-2024-9395 (A specially crafted filename containing a
large number of spaces
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9395
CVE-2024-9394 (An attacker could, via a specially crafted multipart response,
execute ...)
- {DSA-5783-1}
+ {DSA-5783-1 DLA-3913-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird 1:128.3.0esr-1
@@ -1363,7 +1983,7 @@ CVE-2024-9394 (An attacker could, via a specially crafted
multipart response, ex
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9394
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9394
CVE-2024-9393 (An attacker could, via a specially crafted multipart response,
execute ...)
- {DSA-5783-1}
+ {DSA-5783-1 DLA-3913-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird 1:128.3.0esr-1
@@ -1371,7 +1991,7 @@ CVE-2024-9393 (An attacker could, via a specially crafted
multipart response, ex
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9393
CVE-2024-9392 (A compromised content process could have allowed for the
arbitrary loa ...)
- {DSA-5783-1}
+ {DSA-5783-1 DLA-3913-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird 1:128.3.0esr-1
@@ -6712,7 +7332,7 @@ CVE-2024-45442 (Vulnerability of permission verification
for APIs in the Downloa
NOT-FOR-US: Huawei
CVE-2024-45441 (Input verification vulnerability in the system service module
Impact: ...)
NOT-FOR-US: Huawei
-CVE-2024-45394 (Authenticator is a browser extensions that generates two-step
verifica ...)
+CVE-2024-45394 (Authenticator is a browser extension that generates two-step
verificat ...)
NOT-FOR-US: Authenticator extension
CVE-2024-45314 (Flask-AppBuilder is an application development framework.
Prior to ver ...)
- flask-appbuilder <unfixed> (bug #1081964)
@@ -7114,7 +7734,7 @@ CVE-2024-44082 (In OpenStack Ironic before 26.0.1 and
ironic-python-agent before
- ironic-python-agent 9.14.0-1
NOTE: https://www.openwall.com/lists/oss-security/2024/09/04/4
NOTE: https://bugs.launchpad.net/ironic/+bug/2071740
-CVE-2024-45160
+CVE-2024-45160 (Incorrect credential validation in LemonLDAP::NG 2.18.x and
2.19.x bef ...)
- lemonldap-ng 2.19.2+ds-1
[bookworm] - lemonldap-ng <not-affected> (Vulnerable code not present)
[bullseye] - lemonldap-ng <not-affected> (Vulnerable code not present)
@@ -7282,13 +7902,13 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability
affecting CPython.
NOTE:
https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
(v3.12.6)
NOTE:
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
(v3.11.10)
NOTE:
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
(v3.10.15)
-CVE-2024-45231
+CVE-2024-45231 (An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16.
The dja ...)
- python-django 3:4.2.16-1
[bookworm] - python-django <no-dsa> (Minor issue)
[bullseye] - python-django <postponed> (Minor issue; can be fixed in
next update)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
(4.2.16)
-CVE-2024-45230
+CVE-2024-45230 (An issue was discovered in Django 5.1 before 5.1.1, 5.0 before
5.0.9, ...)
- python-django 3:4.2.16-1
[bookworm] - python-django <no-dsa> (Minor issue)
[bullseye] - python-django <postponed> (Minor issue; can be fixed in
next update)
@@ -7777,7 +8397,7 @@ CVE-2024-1543 (The side-channel protected T-Table
implementation in wolfSSL up t
NOTE: https://github.com/wolfSSL/wolfssl/pull/6854
CVE-2024-8285 (A flaw was found in Kroxylicious. When establishing the
connection wit ...)
NOT-FOR-US: kroxylicious
-CVE-2024-42934 [missing check on the authorization type on incoming LAN
messages in IPMI simulator]
+CVE-2024-42934 (OpenIPMI before 2.0.36 has an out-of-bounds array access (for
authenti ...)
- openipmi <unfixed> (bug #1081558)
[bookworm] - openipmi <no-dsa> (Minor issue)
[bullseye] - openipmi <postponed> (Minor issue; can be fixed in next
update)
@@ -10883,7 +11503,8 @@ CVE-2024-42309 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.10.3-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)
-CVE-2024-42308 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+CVE-2024-42308
+ REJECTED
{DLA-3912-1}
- linux 6.10.3-1
[bookworm] - linux 6.1.106-1
@@ -20957,7 +21578,7 @@ CVE-2024-31957 (A vulnerability was discovered in
Samsung Mobile Processors Exyn
NOT-FOR-US: Siemens
CVE-2024-30321 (A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All
version ...)
NOT-FOR-US: Siemens
-CVE-2024-30105 (.NET Core and Visual Studio Denial of Service Vulnerability)
+CVE-2024-30105 (.NET and Visual Studio Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-30098 (Windows Cryptographic Services Security Feature Bypass
Vulnerability)
NOT-FOR-US: Microsoft
@@ -28705,6 +29326,7 @@ CVE-2024-8925 (In PHP versions8.1.* before 8.1.30,
8.2.* before 8.2.24, 8.3.* be
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
NOTE:
https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0
(PHP-8.2.24)
CVE-2024-9026 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.*
before ...)
+ {DSA-5780-1}
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
@@ -39930,7 +40552,7 @@ CVE-2024-32609 (HDF5 Library through 1.14.3 allows
stack consumption in the func
[bookworm] - hdf5 <no-dsa> (Minor issue)
[bullseye] - hdf5 <no-dsa> (Minor issue)
NOTE:
https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
-CVE-2024-32608
+CVE-2024-32608 (HDF5 library through 1.14.3 has memory corruption in
H5A__close result ...)
- hdf5 <unfixed> (bug #1070861)
[bookworm] - hdf5 <no-dsa> (Minor issue)
[bullseye] - hdf5 <no-dsa> (Minor issue)
@@ -52044,14 +52666,14 @@ CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer
CPS220/64 3.3.19 allows a re
NOT-FOR-US: INOTEC
CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through
24.0.0.4 is ...)
NOT-FOR-US: IBM
-CVE-2024-25709
- REJECTED
+CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
+ TODO: check
CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
NOT-FOR-US: Esri Portal
-CVE-2024-25706
- REJECTED
-CVE-2024-25705
- REJECTED
+CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for
ArcGIS <=1 ...)
+ TODO: check
+CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri
Portal for A ...)
+ TODO: check
CVE-2024-25704
REJECTED
CVE-2024-25703
@@ -79423,15 +80045,15 @@ CVE-2023-46455 (In GL.iNET GL-AR300M routers with
firmware v4.3.7 it is possible
NOT-FOR-US: GL.iNET GL-AR300M routers
CVE-2023-46454 (In GL.iNET GL-AR300M routers with firmware v4.3.7, it is
possible to i ...)
NOT-FOR-US: GL.iNET GL-AR300M routers
-CVE-2023-46285 (A vulnerability has been identified in Opcenter Quality (All
versions ...)
+CVE-2023-46285 (A vulnerability has been identified in Opcenter Execution
Foundation ( ...)
NOT-FOR-US: Siemens
-CVE-2023-46284 (A vulnerability has been identified in Opcenter Quality (All
versions ...)
+CVE-2023-46284 (A vulnerability has been identified in Opcenter Execution
Foundation ( ...)
NOT-FOR-US: Siemens
-CVE-2023-46283 (A vulnerability has been identified in Opcenter Quality (All
versions ...)
+CVE-2023-46283 (A vulnerability has been identified in Opcenter Execution
Foundation ( ...)
NOT-FOR-US: Siemens
-CVE-2023-46282 (A vulnerability has been identified in Opcenter Quality (All
versions ...)
+CVE-2023-46282 (A vulnerability has been identified in Opcenter Execution
Foundation ( ...)
NOT-FOR-US: Siemens
-CVE-2023-46281 (A vulnerability has been identified in Opcenter Quality (All
versions ...)
+CVE-2023-46281 (A vulnerability has been identified in Opcenter Execution
Foundation ( ...)
NOT-FOR-US: Siemens
CVE-2023-46156 (Affected devices improperly handle specially crafted packets
sent to p ...)
NOT-FOR-US: Siemens
@@ -87046,7 +87668,7 @@ CVE-2023-31422 (An issue was discovered by Elastic
whereby sensitive information
- kibana <itp> (bug #700337)
CVE-2023-31421 (It was discovered that when acting as TLS clients, Beats,
Elastic Agen ...)
NOT-FOR-US: Elastic
-CVE-2023-45872
+CVE-2023-45872 (An issue was discovered in Qt before 6.2.11 and 6.3.x through
6.6.x be ...)
- qt6-svg <not-affected> (Doesn't affect any version uploaded to
unstable)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2246067
CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's
Linux K ...)
@@ -87812,7 +88434,7 @@ CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2
before 2.1.3, the wrapper
[bullseye] - traceroute <no-dsa> (Minor issue)
[buster] - traceroute <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
-CVE-2023-46586
+CVE-2023-46586 (cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks
'\0' te ...)
- weborf 1.0-1 (bug #1054417)
[bookworm] - weborf 0.19-2.1+deb12u1
[bullseye] - weborf 0.17-3+deb11u1
@@ -90599,13 +91221,13 @@ CVE-2023-45362 (An issue was discovered in
DifferenceEngine.php in MediaWiki bef
{DSA-5520-1 DLA-3671-1}
- mediawiki 1:1.39.5-1
NOTE: https://phabricator.wikimedia.org/T341529
-CVE-2023-45361
+CVE-2023-45361 (An issue was discovered in VectorComponentUserLinks.php in the
Vector ...)
- mediawiki 1:1.39.5-1
[bookworm] - mediawiki 1:1.39.5-1~deb12u1
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
[buster] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T340220
-CVE-2023-45359
+CVE-2023-45359 (An issue was discovered in the Vector Skin component for
MediaWiki bef ...)
- mediawiki 1:1.39.5-1
[bookworm] - mediawiki 1:1.39.5-1~deb12u1
[bullseye] - mediawiki <not-affected> (Vulnerable code not present)
@@ -100813,7 +101435,7 @@ CVE-2023-4045 (Offscreen Canvas did not properly
track cross-origin tainting, wh
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4045
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4045
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4045
-CVE-2023-36325 [Attackers can de-anonymize i2p hidden services with a message
replay attack]
+CVE-2023-36325 (i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4
and IPv6 ...)
- i2p <removed> (bug #1043161)
NOTE: https://xeiaso.net/blog/CVE-2023-36325
NOTE: https://geti2p.net/en/blog/post/2023/06/25/new_release_2.3.0
@@ -103851,7 +104473,7 @@ CVE-2023-37392 (Cross-Site Request Forgery (CSRF)
vulnerability in Deepak Anand
NOT-FOR-US: WordPress plugin
CVE-2023-37277 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
-CVE-2023-37154
+CVE-2023-37154 (check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary
command e ...)
- monitoring-plugins <unfixed> (unimportant)
NOTE: Fix in nagios-plugins project:
https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6
NOTE: monitoring-plugins upstream does not plan to make an upstream
change similar to
@@ -126001,7 +126623,7 @@ CVE-2023-26319 (Improper Neutralization of Special
Elements used in a Command ('
NOT-FOR-US: Xiaomi
CVE-2023-26318 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
NOT-FOR-US: Xiaomi
-CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that
could allow ...)
+CVE-2023-26317 (Xiaomi routers have an external interface that can lead to
command inj ...)
NOT-FOR-US: Xiaomi
CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service
Application pro ...)
NOT-FOR-US: Xiaomi
@@ -142354,8 +142976,8 @@ CVE-2022-4536 (The IP Vault \u2013 WP Firewall plugin
for WordPress is vulnerabl
NOT-FOR-US: WordPress plugin
CVE-2022-4535
RESERVED
-CVE-2022-4534
- RESERVED
+CVE-2022-4534 (The Limit Login Attempts (Spam Protection) plugin for WordPress
is vul ...)
+ TODO: check
CVE-2022-4533 (The Limit Login Attempts Plus plugin for WordPress is
vulnerable to IP ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4532 (The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress
is vuln ...)
@@ -151052,7 +151674,8 @@ CVE-2022-3859 (An uncontrolled search path
vulnerability exists in Trellix Agent
NOT-FOR-US: Trellix
CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat,
Line, WeC ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3857 (A flaw was found in libpng 1.6.38. A crafted PNG image can lead
to a s ...)
+CVE-2022-3857
+ REJECTED
NOTE: Unreproducible libpng issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600
NOTE: https://sourceforge.net/p/libpng/bugs/300/
@@ -211925,7 +212548,7 @@ CVE-2022-24311 (A CWE-22: Improper Limitation of a
Pathname to a Restricted Dire
NOT-FOR-US: Schneider Electric
CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists
that co ...)
NOT-FOR-US: Schneider Electric
-CVE-2022-24309 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
+CVE-2022-24309 (A vulnerability has been identified in Mendix Runtime V7 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2022-0480 (A flaw was found in the filelock_init in fs/locks.c function in
the Li ...)
- linux 5.15.3-1
@@ -261873,9 +262496,9 @@ CVE-2021-31892 (A vulnerability has been identified
in SINUMERIK Analyse MyCondi
NOT-FOR-US: Siemens
CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions
with OI ...)
NOT-FOR-US: Siemens
-CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+CVE-2021-31890 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
NOT-FOR-US: Siemens
-CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+CVE-2021-31889 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
NOT-FOR-US: Siemens
CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
NOT-FOR-US: Siemens
@@ -261887,11 +262510,11 @@ CVE-2021-31885 (A vulnerability has been identified
in APOGEE MBC (PPC) (BACnet)
NOT-FOR-US: Siemens
CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
NOT-FOR-US: Siemens
-CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+CVE-2021-31883 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
NOT-FOR-US: Siemens
-CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+CVE-2021-31882 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
NOT-FOR-US: Siemens
-CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+CVE-2021-31881 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
NOT-FOR-US: Siemens
CVE-2021-31880
RESERVED
@@ -263422,11 +264045,11 @@ CVE-2021-31347 (An issue was discovered in
libezxml.a in ezXML 0.8.6. The functi
[buster] - netcdf-parallel <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/ezxml/bugs/27/
NOTE: mapcache only uses ezxml to parse config files which are trusted
-CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+CVE-2021-31346 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
NOT-FOR-US: Siemens
-CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+CVE-2021-31345 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
NOT-FOR-US: Siemens
-CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC)
(BACnet) (All ...)
+CVE-2021-31344 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
NOT-FOR-US: Siemens
CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020
before 2020 ...)
NOT-FOR-US: Solid Edge
@@ -296876,9 +297499,9 @@ CVE-2021-1686 (Windows WalletService Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-1685 (Windows AppX Deployment Extensions Elevation of Privilege
Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2021-1684 (Windows Bluetooth Security Feature Bypass Vulnerability)
+CVE-2021-1684 (Microsoft is aware of the "Impersonation in the Passkey
Entry Pro ...)
NOT-FOR-US: Microsoft
-CVE-2021-1683 (Windows Bluetooth Security Feature Bypass Vulnerability)
+CVE-2021-1683 (Microsoft is aware of the "Impersonation in the Passkey
Entry Pro ...)
NOT-FOR-US: Microsoft
CVE-2021-1682 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -296968,7 +297591,7 @@ CVE-2021-1640 (Windows Print Spooler Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability)
+CVE-2021-1638 (Microsoft is aware of the "Impersonation in the Passkey
Entry Pro ...)
NOT-FOR-US: Microsoft
CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b985a9a0c02b2827729999951981a26ddb6e1b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b985a9a0c02b2827729999951981a26ddb6e1b3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
