[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 9 20:12:00 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35de3dc1 by security tracker role at 2024-01-09T20:11:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,201 @@
+CVE-2024-22370 (In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was  ...)
+	TODO: check
+CVE-2024-22368 (The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter  ...)
+	TODO: check
+CVE-2024-22165 (In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attac ...)
+	TODO: check
+CVE-2024-22164 (In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker c ...)
+	TODO: check
+CVE-2024-21668 (react-native-mmkv is a library that allows easy use of MMKV inside Rea ...)
+	TODO: check
+CVE-2024-21664 (jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, othe ...)
+	TODO: check
+CVE-2024-21325 (Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution V ...)
+	TODO: check
+CVE-2024-21320 (Windows Themes Spoofing Vulnerability)
+	TODO: check
+CVE-2024-21319 (Microsoft Identity Denial of service vulnerability)
+	TODO: check
+CVE-2024-21318 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-21316 (Windows Server Key Distribution Service Security Feature Bypass)
+	TODO: check
+CVE-2024-21314 (Microsoft Message Queuing Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-21313 (Windows TCP/IP Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-21312 (.NET Framework Denial of Service Vulnerability)
+	TODO: check
+CVE-2024-21311 (Windows Cryptographic Services Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-21310 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+	TODO: check
+CVE-2024-21309 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-21307 (Remote Desktop Client Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-21306 (Microsoft Bluetooth Driver Spoofing Vulnerability)
+	TODO: check
+CVE-2024-21305 (Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vul ...)
+	TODO: check
+CVE-2024-20700 (Windows Hyper-V Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-20699 (Windows Hyper-V Denial of Service Vulnerability)
+	TODO: check
+CVE-2024-20698 (Windows Kernel Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-20697 (Windows Libarchive Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-20696 (Windows Libarchive Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-20694 (Windows CoreMessaging Information Disclosure  Vulnerability)
+	TODO: check
+CVE-2024-20692 (Microsoft Local Security Authority Subsystem Service Information Discl ...)
+	TODO: check
+CVE-2024-20691 (Windows Themes Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-20690 (Windows Nearby Sharing Spoofing Vulnerability)
+	TODO: check
+CVE-2024-20687 (Microsoft AllJoyn API Denial of Service Vulnerability)
+	TODO: check
+CVE-2024-20686 (Win32k Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-20683 (Win32k Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-20682 (Windows Cryptographic Services Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-20681 (Windows Subsystem for Linux Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-20680 (Windows Message Queuing Client (MSMQC) Information Disclosure)
+	TODO: check
+CVE-2024-20677 (<p>A security vulnerability exists in FBX that could lead to remote co ...)
+	TODO: check
+CVE-2024-20676 (Azure Storage Mover Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-20674 (Windows Kerberos Security Feature Bypass Vulnerability)
+	TODO: check
+CVE-2024-20672 (.NET Core and Visual Studio Denial of Service Vulnerability)
+	TODO: check
+CVE-2024-20666 (BitLocker Security Feature Bypass Vulnerability)
+	TODO: check
+CVE-2024-20664 (Microsoft Message Queuing Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-20663 (Windows Message Queuing Client (MSMQC) Information Disclosure)
+	TODO: check
+CVE-2024-20662 (Windows Online Certificate Status Protocol (OCSP) Information Disclosu ...)
+	TODO: check
+CVE-2024-20661 (Microsoft Message Queuing Denial of Service Vulnerability)
+	TODO: check
+CVE-2024-20660 (Microsoft Message Queuing Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-20658 (Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-20657 (Windows Group Policy Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-20656 (Visual Studio Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-20655 (Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execut ...)
+	TODO: check
+CVE-2024-20654 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-20653 (Microsoft Common Log File System Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-20652 (Windows HTML Platforms Security Feature Bypass Vulnerability)
+	TODO: check
+CVE-2024-0343 (A vulnerability classified as problematic was found in CodeAstro Simpl ...)
+	TODO: check
+CVE-2024-0342 (A vulnerability classified as critical has been found in Inis up to 2. ...)
+	TODO: check
+CVE-2024-0341 (A vulnerability was found in Inis up to 2.0.1. It has been rated as pr ...)
+	TODO: check
+CVE-2024-0340 (A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in ...)
+	TODO: check
+CVE-2024-0228
+	REJECTED
+CVE-2024-0226 (Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored ...)
+	TODO: check
+CVE-2024-0213 (A buffer overflow vulnerability in TA for Linux and TA for MacOS prior ...)
+	TODO: check
+CVE-2024-0206 (A symbolic link manipulation vulnerability in Trellix Anti-Malware Eng ...)
+	TODO: check
+CVE-2024-0057 (NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnera ...)
+	TODO: check
+CVE-2024-0056 (Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider S ...)
+	TODO: check
+CVE-2023-7223 (A vulnerability classified as problematic has been found in Totolink T ...)
+	TODO: check
+CVE-2023-7222 (A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It  ...)
+	TODO: check
+CVE-2023-7221 (A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It ha ...)
+	TODO: check
+CVE-2023-7032 (A CWE-502: Deserialization of untrusted data vulnerability exists that ...)
+	TODO: check
+CVE-2023-6149 (Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 wa ...)
+	TODO: check
+CVE-2023-6148 (Qualys Jenkins Plugin for Policy Compliance prior to version and inclu ...)
+	TODO: check
+CVE-2023-6147 (Qualys Jenkins Plugin for Policy Compliance prior to version and inclu ...)
+	TODO: check
+CVE-2023-5376 (An Improper Authentication vulnerability in Korenix JetNet TFTP allows ...)
+	TODO: check
+CVE-2023-5347 (An Improper Verification of Cryptographic Signature vulnerability in t ...)
+	TODO: check
+CVE-2023-51746 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...)
+	TODO: check
+CVE-2023-51745 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...)
+	TODO: check
+CVE-2023-51744 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...)
+	TODO: check
+CVE-2023-51439 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...)
+	TODO: check
+CVE-2023-51438 (A vulnerability has been identified in SIMATIC IPC1047E (All versions  ...)
+	TODO: check
+CVE-2023-50974 (In Appwrite CLI before 3.0.0, when using the login command, the creden ...)
+	TODO: check
+CVE-2023-50585 (Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via  ...)
+	TODO: check
+CVE-2023-49722 (Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 product ...)
+	TODO: check
+CVE-2023-49621 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+	TODO: check
+CVE-2023-49252 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+	TODO: check
+CVE-2023-49251 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+	TODO: check
+CVE-2023-49237 (An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices.  ...)
+	TODO: check
+CVE-2023-49236 (A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5 ...)
+	TODO: check
+CVE-2023-49235 (An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5. ...)
+	TODO: check
+CVE-2023-49132 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49131 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49130 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49129 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49128 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49127 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49126 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49124 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49123 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49122 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-49121 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
+	TODO: check
+CVE-2023-44120 (A vulnerability has been identified in Spectrum Power 7 (All versions  ...)
+	TODO: check
+CVE-2023-42797 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
+	TODO: check
+CVE-2022-48618 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
 CVE-2023-41056 [Buffer overflow in certain payloads may lead to remote code execution]
 	- redis 5:7.0.15-1 (bug #1060316)
 	NOTE: Introduced with changes from: https://github.com/redis/redis/pull/11766
@@ -1569,7 +1767,7 @@ CVE-2023-4674 (Improper Neutralization of Special Elements used in an SQL Comman
 	NOT-FOR-US: Yaztek Software Technologies and Computer Systems E-Commerce Software
 CVE-2023-4541 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Ween Software Admin Panel
-CVE-2023-4468 (A vulnerability was found in Poly Trio 8800 and Trio C60. It has been  ...)
+CVE-2023-4468 (A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. I ...)
 	NOT-FOR-US: Poly Trio 8800 and Trio C60
 CVE-2023-4467 (A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified  ...)
 	NOT-FOR-US: Poly Trio 8800
@@ -1581,7 +1779,7 @@ CVE-2023-4464 (A vulnerability, which was classified as critical, has been found
 	NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
 CVE-2023-4463 (A vulnerability classified as problematic was found in Poly CCX 400, C ...)
 	NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
-CVE-2023-4462 (A vulnerability classified as problematic has been found in Poly CCX 4 ...)
+CVE-2023-4462 (A vulnerability classified as problematic has been found in Poly Trio  ...)
 	NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
 CVE-2023-49830 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin
@@ -2625,7 +2823,7 @@ CVE-2023-6546 (A race condition was found in the GSM 0710 tty multiplexor in the
 	NOTE: https://git.kernel.org/linus/3c4f8333b582487a2d1e02171f1465531cde53e3 (6.5-rc7)
 CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software
-CVE-2023-6129 [POLY1305 MAC implementation corrupts vector registers on PowerPC]
+CVE-2023-6129 (Issue summary: The POLY1305 MAC (message authentication code) implemen ...)
 	- openssl <unfixed>
 	[bookworm] - openssl <no-dsa> (Minor issue; can be fixed later along with other issues)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
@@ -82545,9 +82743,9 @@ CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions
 	NOTE: Fixed by: https://github.com/nodejs/node/commit/2b433af094fb79cf80f086038b7f36342cb6826f (v14.x)
 CVE-2022-43547
 	RESERVED
-CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
+CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
 	NOT-FOR-US: Siemens
-CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
+CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
 	NOT-FOR-US: Siemens
 CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
 	NOT-FOR-US: Aruba
@@ -82662,7 +82860,7 @@ CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings
 	[buster] - node-sqlite3 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
 	NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781 (v5.1.5)
-CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
+CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
 	NOT-FOR-US: Siemens
 CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect Authorization  ...)
 	NOT-FOR-US: EasyTest
@@ -83057,7 +83255,7 @@ CVE-2022-3592 (A symlink following vulnerability was found in Samba, where a use
 	NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html
 CVE-2022-43399
 	REJECTED
-CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
+CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
 	NOT-FOR-US: Siemens
 CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...)
 	NOT-FOR-US: Siemens
@@ -101288,12 +101486,12 @@ CVE-2022-36767
 	RESERVED
 CVE-2022-36766
 	RESERVED
-CVE-2022-36765
-	RESERVED
-CVE-2022-36764
-	RESERVED
-CVE-2022-36763
-	RESERVED
+CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob() function, al ...)
+	TODO: check
+CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() fun ...)
+	TODO: check
+CVE-2022-36763 (EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() fu ...)
+	TODO: check
 CVE-2022-36762
 	RESERVED
 CVE-2022-36761
@@ -123451,8 +123649,8 @@ CVE-2022-28977 (HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, a
 	NOT-FOR-US: Liferay
 CVE-2022-28976
 	RESERVED
-CVE-2022-28975
-	RESERVED
+CVE-2022-28975 (A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8. ...)
+	TODO: check
 CVE-2022-28974
 	RESERVED
 CVE-2022-28973 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
@@ -299404,7 +299602,7 @@ CVE-2020-1338 (<p>A remote code execution vulnerability exists in Microsoft Word
 	NOT-FOR-US: Microsoft
 CVE-2020-1337 (<p>An elevation of privilege vulnerability exists when the Windows Pri ...)
 	NOT-FOR-US: Microsoft
-CVE-2020-1336 (An elevation of privilege vulnerability exists in the way that the Win ...)
+CVE-2020-1336 (<p>An elevation of privilege vulnerability exists in the way that the  ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1335 (<p>A remote code execution vulnerability exists in Microsoft Excel sof ...)
 	NOT-FOR-US: Microsoft
@@ -300026,7 +300224,7 @@ CVE-2020-1027 (An elevation of privilege vulnerability exists in the way that th
 	NOT-FOR-US: Microsoft
 CVE-2020-1026 (A Security Feature Bypass vulnerability exists in the MSR JavaScript C ...)
 	NOT-FOR-US: Microsoft
-CVE-2020-1025 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
+CVE-2020-1025 (<p>An elevation of privilege vulnerability exists when Microsoft Share ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1024 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
 	NOT-FOR-US: Microsoft



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35de3dc1846199e61d7ac6e48c9008b40ebdc49b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35de3dc1846199e61d7ac6e48c9008b40ebdc49b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240109/d0f24f33/attachment.htm>

More information about the debian-security-tracker-commits mailing list