[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 9 21:13:07 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f10fbba9 by security tracker role at 2024-07-09T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,64 +1,734 @@
-CVE-2024-6615
+CVE-2024-6598 (A denial-of-service attack is possible through the execution functiona ...)
+ TODO: check
+CVE-2024-6527 (SQL Injection vulnerability in parameter "w" in file "druk.php" in Meg ...)
+ TODO: check
+CVE-2024-6391 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...)
+ TODO: check
+CVE-2024-6237 (A flaw was found in the 389 Directory Server. This flaw allows an unau ...)
+ TODO: check
+CVE-2024-6222 (In Docker Desktop before v4.29.0, an attacker who has gained access to ...)
+ TODO: check
+CVE-2024-6168 (The Just Custom Fields plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-6167 (The Just Custom Fields plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2024-6069 (The Registration Forms \u2013 User Registration Forms, Invitation-Base ...)
+ TODO: check
+CVE-2024-5993 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2024-5992 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2024-5946 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-5937 (The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-5856 (The Comment Images Reloaded plugin for WordPress is vulnerable to unau ...)
+ TODO: check
+CVE-2024-5810 (The WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100 pl ...)
+ TODO: check
+CVE-2024-5704 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ ...)
+ TODO: check
+CVE-2024-5669 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ ...)
+ TODO: check
+CVE-2024-5652 (In Docker Desktop on Windows before v4.31.0allows a user in the docker ...)
+ TODO: check
+CVE-2024-5648 (The LearnDash LMS \u2013 Reports plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5634 (Longse modelLBH30FE200W cameras, as well as products based on this dev ...)
+ TODO: check
+CVE-2024-5633 (Longse modelLBH30FE200W cameras, as well as products based on this dev ...)
+ TODO: check
+CVE-2024-5632 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well as prod ...)
+ TODO: check
+CVE-2024-5631 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well as prod ...)
+ TODO: check
+CVE-2024-5600 (The SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic Enqueue ...)
+ TODO: check
+CVE-2024-5479 (The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-5457 (The Panda Video plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-5456 (The Panda Video plugin for WordPress is vulnerable to Local File Inclu ...)
+ TODO: check
+CVE-2024-4868 (The Extensions for Elementor plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-4862 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-4102 (The Pricing Table plugin for WordPress is vulnerable to unauthorized a ...)
+ TODO: check
+CVE-2024-4100 (The Pricing Table plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2024-40750 (Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 dev ...)
+ TODO: check
+CVE-2024-40742 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40741 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40740 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40739 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40738 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40737 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40736 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40735 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40734 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40733 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40732 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40731 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40730 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40729 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40728 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40727 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40726 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-40039 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-40038 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-40037 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-40036 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-40035 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-40034 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-3608 (The Product Designer plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2024-3604 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2024-3603 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-3596 (RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a ...)
+ TODO: check
+CVE-2024-3563 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-3228 (The Social Sharing Plugin \u2013 Kiwi plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-39899 (PrivateBin is an online pastebin where the server has zero knowledge o ...)
+ TODO: check
+CVE-2024-39897 (zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlo ...)
+ TODO: check
+CVE-2024-39888 (A vulnerability has been identified in Mendix Encryption (All versions ...)
+ TODO: check
+CVE-2024-39876 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39875 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39874 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39873 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39872 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39871 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39870 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39869 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39868 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39867 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39866 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39865 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39698 (electron-updater allows for automatic updates for Electron apps. The f ...)
+ TODO: check
+CVE-2024-39697 (phonenumber is a library for parsing, formatting and validating intern ...)
+ TODO: check
+CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...)
+ TODO: check
+CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < ...)
+ TODO: check
+CVE-2024-39571 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39570 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-39569 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
+ TODO: check
+CVE-2024-39568 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
+ TODO: check
+CVE-2024-39567 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
+ TODO: check
+CVE-2024-39171 (Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist check ...)
+ TODO: check
+CVE-2024-39118 (Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write ...)
+ TODO: check
+CVE-2024-39063 (Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSR ...)
+ TODO: check
+CVE-2024-38972 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
+ TODO: check
+CVE-2024-38971 (vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in t ...)
+ TODO: check
+CVE-2024-38970 (vaeThink 1.0.2 is vulnerable to Information Disclosure via the system ...)
+ TODO: check
+CVE-2024-38867 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
+ TODO: check
+CVE-2024-38517 (Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...)
+ TODO: check
+CVE-2024-38363 (Airbyte is a data integration platform for ELT pipelines. Airbyte conn ...)
+ TODO: check
+CVE-2024-38278 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All ver ...)
+ TODO: check
+CVE-2024-38112 (Windows MSHTML Platform Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38105 (Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38104 (Windows Fax Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38102 (Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38101 (Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38100 (Windows File Explorer Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38099 (Windows Remote Desktop Licensing Service Denial of Service Vulnerabili ...)
+ TODO: check
+CVE-2024-38095 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38094 (Microsoft SharePoint Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38092 (Azure CycleCloud Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38091 (Microsoft WS-Discovery Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38089 (Microsoft Defender for IoT Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38088 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-38087 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-38086 (Azure Kinect SDK Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38085 (Windows Graphics Component Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38081 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...)
+ TODO: check
+CVE-2024-38080 (Windows Hyper-V Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38079 (Windows Graphics Component Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38078 (Xbox Wireless Adapter Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38077 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-38076 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-38074 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-38073 (Windows Remote Desktop Licensing Service Denial of Service Vulnerabili ...)
+ TODO: check
+CVE-2024-38072 (Windows Remote Desktop Licensing Service Denial of Service Vulnerabili ...)
+ TODO: check
+CVE-2024-38071 (Windows Remote Desktop Licensing Service Denial of Service Vulnerabili ...)
+ TODO: check
+CVE-2024-38070 (Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38069 (Windows Enroll Engine Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38068 (Windows Online Certificate Status Protocol (OCSP) Server Denial of Ser ...)
+ TODO: check
+CVE-2024-38067 (Windows Online Certificate Status Protocol (OCSP) Server Denial of Ser ...)
+ TODO: check
+CVE-2024-38066 (Windows Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38065 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38064 (Windows TCP/IP Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38062 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38061 (DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2024-38060 (Windows Imaging Component Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38059 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38058 (BitLocker Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38057 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2024-38056 (Microsoft Windows Codecs Library Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38055 (Microsoft Windows Codecs Library Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38054 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2024-38053 (Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerabil ...)
+ TODO: check
+CVE-2024-38052 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2024-38051 (Windows Graphics Component Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38050 (Windows Workstation Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38049 (Windows Distributed Transaction Coordinator Remote Code Execution Vuln ...)
+ TODO: check
+CVE-2024-38048 (Windows Network Driver Interface Specification (NDIS) Denial of Servic ...)
+ TODO: check
+CVE-2024-38047 (PowerShell Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38044 (DHCP Server Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38043 (PowerShell Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38041 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38034 (Windows Filtering Platform Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38033 (PowerShell Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38032 (Microsoft Xbox Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38031 (Windows Online Certificate Status Protocol (OCSP) Server Denial of Ser ...)
+ TODO: check
+CVE-2024-38030 (Windows Themes Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38028 (Microsoft Windows Performance Data Helper Library Remote Code Executio ...)
+ TODO: check
+CVE-2024-38027 (Windows Line Printer Daemon Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38025 (Microsoft Windows Performance Data Helper Library Remote Code Executio ...)
+ TODO: check
+CVE-2024-38024 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38023 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38022 (Windows Image Acquisition Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38021 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38020 (Microsoft Outlook Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38019 (Microsoft Windows Performance Data Helper Library Remote Code Executio ...)
+ TODO: check
+CVE-2024-38017 (Microsoft Message Queuing Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38015 (Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerab ...)
+ TODO: check
+CVE-2024-38013 (Microsoft Windows Server Backup Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38011 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38010 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37997 (A vulnerability has been identified in JT Open (All versions < V11.5), ...)
+ TODO: check
+CVE-2024-37996 (A vulnerability has been identified in JT Open (All versions < V11.5), ...)
+ TODO: check
+CVE-2024-37989 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37988 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37987 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37986 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37984 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37981 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37978 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37977 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37975 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37974 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37973 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37972 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37971 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37970 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37969 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-37952 (Improper Privilege Management vulnerability in themeenergy BookYourTra ...)
+ TODO: check
+CVE-2024-37934 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-37873 (SQL injection vulnerability in view_payslip.php in Itsourcecode Payrol ...)
+ TODO: check
+CVE-2024-37872 (SQL injection vulnerability in process.php in Itsourcecode Billing Sys ...)
+ TODO: check
+CVE-2024-37871 (SQL injection vulnerability in login.php in Itsourcecode Online Discus ...)
+ TODO: check
+CVE-2024-37870 (SQL injection vulnerability in processscore.php in Learning Management ...)
+ TODO: check
+CVE-2024-37830 (An issue in Outline <= v0.76.1 allows attackers to redirect a victim u ...)
+ TODO: check
+CVE-2024-37520 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37513 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37502 (Deserialization of Untrusted Data vulnerability in wpweb WooCommerce S ...)
+ TODO: check
+CVE-2024-37501 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37499 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37497 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37494 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37486 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37484 (Improper Privilege Management vulnerability in Dylan James Zephyr Proj ...)
+ TODO: check
+CVE-2024-37464 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37462 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37455 (Improper Privilege Management vulnerability in Brainstorm Force Ultima ...)
+ TODO: check
+CVE-2024-37454 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37442 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
+ TODO: check
+CVE-2024-37437 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37430 (Authentication Bypass by Spoofing vulnerability in Patreon Patreon Wor ...)
+ TODO: check
+CVE-2024-37424 (Unrestricted Upload of File with Dangerous Type vulnerability in Autom ...)
+ TODO: check
+CVE-2024-37420 (Unrestricted Upload of File with Dangerous Type vulnerability in WPZit ...)
+ TODO: check
+CVE-2024-37419 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37418 (Unrestricted Upload of File with Dangerous Type vulnerability in Andy ...)
+ TODO: check
+CVE-2024-37410 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37336 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37334 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...)
+ TODO: check
+CVE-2024-37333 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37332 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37331 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37330 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37329 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37328 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37327 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37326 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37324 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37323 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37322 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37321 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37320 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37319 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37318 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-37268 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37266 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37256 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37253 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
+ TODO: check
+CVE-2024-37225 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37224 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-37112 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37090 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-36526 (ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded c ...)
+ TODO: check
+CVE-2024-35777 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
+ TODO: check
+CVE-2024-35272 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-35271 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-35270 (Windows iSCSI Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-35267 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
+CVE-2024-35266 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
+CVE-2024-35264 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-35261 (Azure Network Watcher VM Extension Elevation of Privilege Vulnerabilit ...)
+ TODO: check
+CVE-2024-35256 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-34140 (Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-34139 (Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an In ...)
+ TODO: check
+CVE-2024-34123 (Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Un ...)
+ TODO: check
+CVE-2024-33654 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-33653 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-33509 (An improper certificate validation vulnerability [CWE-295] in FortiWeb ...)
+ TODO: check
+CVE-2024-32987 (Microsoft SharePoint Server Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-32056 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
+ TODO: check
+CVE-2024-31957 (A vulnerability was discovered in Samsung Mobile Processors Exynos 220 ...)
+ TODO: check
+CVE-2024-30321 (A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All version ...)
+ TODO: check
+CVE-2024-30105 (.NET Core and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30098 (Windows Cryptographic Services Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-30081 (Windows NTLM Spoofing Vulnerability)
+ TODO: check
+CVE-2024-30079 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ TODO: check
+CVE-2024-30071 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ TODO: check
+CVE-2024-30061 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...)
+ TODO: check
+CVE-2024-30013 (Windows MultiPoint Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-2177 (A Cross Window Forgery vulnerability exists within GitLab CE/EE affect ...)
+ TODO: check
+CVE-2024-29153 (A vulnerability was discovered in Samsung Mobile Processor, Wearable P ...)
+ TODO: check
+CVE-2024-28928 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-28899 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-28068 (A vulnerability was discovered in SS in Samsung Mobile Processor, Wear ...)
+ TODO: check
+CVE-2024-28067 (A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middl ...)
+ TODO: check
+CVE-2024-27785 (An improper neutralization of formula elements in a CSV File vulnerabi ...)
+ TODO: check
+CVE-2024-27784 (Multiple Exposure of sensitive information to an unauthorized actor vu ...)
+ TODO: check
+CVE-2024-27783 (Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] ...)
+ TODO: check
+CVE-2024-27782 (Multiple insufficient session expiration vulnerabilities [CWE-613] in ...)
+ TODO: check
+CVE-2024-27363 (A vulnerability was discovered in Samsung Mobile Processor Exynos 850, ...)
+ TODO: check
+CVE-2024-27362 (A vulnerability was discovered in Samsung Mobile Processors Exynos 128 ...)
+ TODO: check
+CVE-2024-27361 (A vulnerability was discovered in Samsung Mobile Processor Exynos 980, ...)
+ TODO: check
+CVE-2024-27360 (A vulnerability was discovered in Samsung Mobile Processors Exynos 850 ...)
+ TODO: check
+CVE-2024-27183 (XSS vulnerability in DJ-HelpfulArticles component for Joomla.)
+ TODO: check
+CVE-2024-26279 (Inadequate content filtering leads to XSS vulnerabilities in various c ...)
+ TODO: check
+CVE-2024-26278 (The Custom Fields component not correctly filter inputs, leading to a ...)
+ TODO: check
+CVE-2024-26184 (Secure Boot Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-26015 (An incorrect parsing of numbers with different radices vulnerability [ ...)
+ TODO: check
+CVE-2024-23663 (An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4. ...)
+ TODO: check
+CVE-2024-22271 (In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0 ...)
+ TODO: check
+CVE-2024-21759 (An authorization bypass through user-controlled key in Fortinet FortiP ...)
+ TODO: check
+CVE-2024-21731 (Improper handling of input could lead to an XSS vector in the StringHe ...)
+ TODO: check
+CVE-2024-21730 (The fancyselect list field layout does not correctly escape inputs, le ...)
+ TODO: check
+CVE-2024-21729 (Inadequate input validation leads to XSS vulnerabilities in the access ...)
+ TODO: check
+CVE-2024-21449 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21428 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21425 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21415 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21414 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21398 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21373 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21335 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21333 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21332 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21331 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21317 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21308 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-21303 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-20785 (InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2024-20783 (InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2024-20782 (InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2024-20781 (InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2024-20701 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2023-52891 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...)
+ TODO: check
+CVE-2023-52238 (A vulnerability has been identified in RUGGEDCOM RST2228 (All versions ...)
+ TODO: check
+CVE-2023-52237 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
+ TODO: check
+CVE-2023-50807 (A vulnerability was discovered in Samsung Wearable Processor and Modem ...)
+ TODO: check
+CVE-2023-50806 (A vulnerability was discovered in Samsung Mobile Processor, Wearable P ...)
+ TODO: check
+CVE-2023-50805 (A vulnerability was discovered in Samsung Mobile Processor, Wearable P ...)
+ TODO: check
+CVE-2023-50181 (An improper access control vulnerability [CWE-284] in Fortinet FortiAD ...)
+ TODO: check
+CVE-2023-50179 (An improper certificate validation vulnerability [CWE-295] in FortiADC ...)
+ TODO: check
+CVE-2023-50178 (An improper certificate validation vulnerability [CWE-295] in FortiADC ...)
+ TODO: check
+CVE-2023-48194 (Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last ...)
+ TODO: check
+CVE-2023-40702 (PingOne MFA Integration Kit contains a vulnerability where the skipMFA ...)
+ TODO: check
+CVE-2023-40356 (PingOne MFA Integration Kit contains a vulnerability related to the Pr ...)
+ TODO: check
+CVE-2023-3290 (A BOLA vulnerability in POST /customers allows a low privileged user t ...)
+ TODO: check
+CVE-2023-3289 (A BOLA vulnerability in POST /services allows a low privileged user to ...)
+ TODO: check
+CVE-2023-3288 (A BOLA vulnerability in POST /providers allows a low privileged user t ...)
+ TODO: check
+CVE-2023-3287 (A BOLA vulnerability in POST /admins allows a low privileged user to c ...)
+ TODO: check
+CVE-2023-3286 (A BOLA vulnerability in POST /secretaries allows a low privileged user ...)
+ TODO: check
+CVE-2023-3285 (A BOLA vulnerability in POST /appointments allows a low privileged use ...)
+ TODO: check
+CVE-2023-38055 (A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows ...)
+ TODO: check
+CVE-2023-38054 (A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allow ...)
+ TODO: check
+CVE-2023-38053 (A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allow ...)
+ TODO: check
+CVE-2023-38052 (A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a lo ...)
+ TODO: check
+CVE-2023-38051 (A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} al ...)
+ TODO: check
+CVE-2023-38050 (A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows ...)
+ TODO: check
+CVE-2023-38049 (A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} ...)
+ TODO: check
+CVE-2023-38048 (A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allow ...)
+ TODO: check
+CVE-2023-38047 (A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allo ...)
+ TODO: check
+CVE-2023-32737 (A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All ...)
+ TODO: check
+CVE-2023-32735 (A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All ...)
+ TODO: check
+CVE-2024-6615 (Memory safety bugs present in Firefox 127. Some of these bugs showed e ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6615
-CVE-2024-6614
+CVE-2024-6614 (The frame iterator could get stuck in a loop when encountering certain ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6614
-CVE-2024-6613
+CVE-2024-6613 (The frame iterator could get stuck in a loop when encountering certain ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6613
-CVE-2024-6612
+CVE-2024-6612 (CSP violations generated links in the console tab of the developer too ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6612
-CVE-2024-6611
+CVE-2024-6611 (A nested iframe, triggering a cross-site navigation, could send SameSi ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6611
-CVE-2024-6610
+CVE-2024-6610 (Form validation popups could capture escape key presses. Therefore, sp ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6610
-CVE-2024-6609
+CVE-2024-6609 (When almost out-of-memory an elliptic curve key which was never alloca ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6609
TODO: check how its related to src:nss and if src:nss tracking is necessary
-CVE-2024-6608
+CVE-2024-6608 (It was possible to move the cursor using pointerlock from an iframe. T ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6608
-CVE-2024-6607
+CVE-2024-6607 (It was possible to prevent a user from exiting pointerlock when pressi ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6607
-CVE-2024-6606
+CVE-2024-6606 (Clipboard code failed to check the index on an array access. This coul ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6606
-CVE-2024-6605
+CVE-2024-6605 (Firefox Android allowed immediate interaction with permission prompts. ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6605
-CVE-2024-6604
+CVE-2024-6604 (Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thu ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6604
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6604
-CVE-2024-6603
+CVE-2024-6603 (In an out-of-memory scenario an allocation could fail but free would h ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6603
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6603
-CVE-2024-6602
+CVE-2024-6602 (A mismatch between allocator and deallocator could have lead to memory ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6602
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6602
TODO: check how its related to src:nss and if src:nss tracking is necessary
-CVE-2024-6601
+CVE-2024-6601 (A race condition could lead to a cross-origin container obtaining perm ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6601
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6601
-CVE-2024-6600
+CVE-2024-6600 (Due to large allocation checks in Angle for GLSL shaders being too len ...)
- firefox <not-affected> (Only affects Firefox on MacOS)
- firefox-esr <not-affected> (Only affects Firefox on MacOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6600
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6600
-CVE-2024-39487 [bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()]
+CVE-2024-39487 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e271ff53807e8f2c628758290f0e499dbe51cb3d (6.10-rc7)
CVE-2024-6365 (The Product Table by WBW plugin for WordPress is vulnerable to Remote ...)
@@ -276,7 +946,7 @@ CVE-2024-25639 (Khoj is an application that creates personal AI agents. The Khoj
CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVP ...)
- openvpn <not-affected> (Only affects Windows)
NOTE: https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
-CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure of sensi ...)
+CVE-2024-23562 (This vulnerability is re-assessed. Vulnerability details will be updat ...)
NOT-FOR-US: HCL Domino
CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the configuration ...)
NOT-FOR-US: Realtek rtl819x Jungle SDK
@@ -399,7 +1069,7 @@ CVE-2024-39182 (An information disclosure vulnerability in ISPmanager v6.98.0 al
NOT-FOR-US: ISPmanager
CVE-2024-33862 (A buffer-management vulnerability in OPC Foundation OPCFoundation.NetS ...)
NOT-FOR-US: OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core
-CVE-2024-6501
+CVE-2024-6501 (A flaw was found in NetworkManager. When a system running NetworkManag ...)
- network-manager <unfixed>
[bookworm] - network-manager <no-dsa> (Minor issue)
[bullseye] - network-manager <no-dsa> (Minor issue)
@@ -407,7 +1077,7 @@ CVE-2024-6501
CVE-2023-39329 [Resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c]
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1474
-CVE-2023-39328 [denail of service via crafted image file]
+CVE-2023-39328 (A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This f ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1471
NOTE: https://github.com/uclouvain/openjpeg/pull/1470
@@ -1668,7 +2338,7 @@ CVE-2024-37137 (Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cry
NOT-FOR-US: D-Link
CVE-2024-36755 (D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when ...)
NOT-FOR-US: D-Link
-CVE-2024-36075 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify thr ...)
+CVE-2024-36075 (The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7 ...)
NOT-FOR-US: CoSoSys
CVE-2024-36074 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify thr ...)
NOT-FOR-US: CoSoSys
@@ -2759,7 +3429,7 @@ CVE-2024-29868 (Use of Cryptographically Weak Pseudo-Random Number Generator (PR
NOT-FOR-US: Apache StreamPipes
CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the atta ...)
- jspwiki <removed>
-CVE-2024-28882 (OpenVPN 2.6.10 and earlier in a server role accepts multiple exit noti ...)
+CVE-2024-28882 (OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple ex ...)
- openvpn 2.6.11-1 (bug #1074488)
NOTE: https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f (v2.6.11)
CVE-2024-5594
@@ -11245,7 +11915,8 @@ CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise an
NOT-FOR-US: WordPress plugin
CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...)
+CVE-2024-3708
+ REJECTED
- lighttpd 1.4.52-1
NOTE: will only be published on July 9th, 2024, but said to be an issue fixed by maintainer in 2018 in version 1.4.51
CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...)
@@ -16845,7 +17516,7 @@ CVE-2024-33647 (A vulnerability has been identified in Polarion ALM (All version
NOT-FOR-US: Siemens
CVE-2024-33583 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
NOT-FOR-US: Siemens
-CVE-2024-33577 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...)
+CVE-2024-33577 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
CVE-2024-33499 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
NOT-FOR-US: Siemens
@@ -16906,27 +17577,27 @@ CVE-2024-32350 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contai
NOT-FOR-US: TOTOLINK
CVE-2024-32349 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...)
NOT-FOR-US: TOTOLINK
-CVE-2024-32066 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32066 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32065 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32065 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32064 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32064 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32063 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32063 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32062 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32062 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32061 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32061 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32060 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32060 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32059 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32059 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32058 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32058 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32057 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32057 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+CVE-2024-32055 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
{DLA-3844-1}
@@ -128146,8 +128817,8 @@ CVE-2022-45149 (A vulnerability was found in Moodle which exists due to insuffic
- moodle <removed>
CVE-2022-45148
REJECTED
-CVE-2022-45147
- RESERVED
+CVE-2022-45147 (A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versi ...)
+ TODO: check
CVE-2022-3959 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Drogon
CVE-2022-3958 (Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar exten ...)
@@ -186072,7 +186743,7 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
-CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31- ...)
+CVE-2022-25622 (The PROFINET (PNIO) stack, when integrated with the Interniche IP stac ...)
NOT-FOR-US: Siemens
CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...)
NOT-FOR-US: UUNIVERGE
@@ -379001,7 +379672,7 @@ CVE-2019-10938 (A vulnerability has been identified in SIPROTEC 5 devices with C
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...)
NOT-FOR-US: SIMATIC TDC CP51M1
-CVE-2019-10936 (A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP ...)
+CVE-2019-10936 (Affected devices improperly handle large amounts of specially crafted ...)
NOT-FOR-US: Siemens
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
@@ -478370,7 +479041,7 @@ CVE-2017-12743
RESERVED
CVE-2017-12742
RESERVED
-CVE-2017-12741 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+CVE-2017-12741 (Specially crafted packets sent to port 161/udp could cause a denial of ...)
NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...)
NOT-FOR-US: Siemens
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10fbba9491425ddba8f960b4351f6a28943c413
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10fbba9491425ddba8f960b4351f6a28943c413
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240709/72b187eb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list