[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 11 21:12:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
03ea5981 by security tracker role at 2024-06-11T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,66 +1,370 @@
-CVE-2024-5702
+CVE-2024-5851 (A vulnerability classified as problematic has been found in playSMS up ...)
+ TODO: check
+CVE-2024-5829 (A vulnerability classified as problematic was found in smallweigit Avu ...)
+ TODO: check
+CVE-2024-5825
+ REJECTED
+CVE-2024-5813 (A medium severity vulnerability in BIPS has been identified where an a ...)
+ TODO: check
+CVE-2024-5812 (A low severity vulnerability in BIPS has been identified where an atta ...)
+ TODO: check
+CVE-2024-5584 (The WordPress Online Booking and Scheduling Plugin \u2013 Bookly plugi ...)
+ TODO: check
+CVE-2024-5531 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-5398
+ REJECTED
+CVE-2024-5189 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-4387
+ REJECTED
+CVE-2024-4206
+ REJECTED
+CVE-2024-4190 (Stored Cross-Site Scripting (XSS) vulnerabilities have been identified ...)
+ TODO: check
+CVE-2024-4155
+ REJECTED
+CVE-2024-37325 (Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2024-37301 (Document Merge Service is a document template merge service providing ...)
+ TODO: check
+CVE-2024-37296 (The Aimeos HTML client provides Aimeos HTML components for e-commerce ...)
+ TODO: check
+CVE-2024-37295 (Aimeos is an Open Source e-commerce framework for online shops. Starti ...)
+ TODO: check
+CVE-2024-37294 (Aimeos is an Open Source e-commerce framework for online shops. All Sa ...)
+ TODO: check
+CVE-2024-37293 (The AWS Deployment Framework (ADF) is a framework to manage and deploy ...)
+ TODO: check
+CVE-2024-37161 (MeterSphere is an open source continuous testing platform. Prior to ve ...)
+ TODO: check
+CVE-2024-36821 (Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 a ...)
+ TODO: check
+CVE-2024-36702 (libiec61850 v1.5 was discovered to contain a heap overflow via the Ber ...)
+ TODO: check
+CVE-2024-36650 (TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1 ...)
+ TODO: check
+CVE-2024-36266 (A vulnerability has been identified in PowerSys (All versions < V3.11) ...)
+ TODO: check
+CVE-2024-35716 (Missing Authorization vulnerability in Copymatic Copymatic \u2013 AI C ...)
+ TODO: check
+CVE-2024-35692 (Missing Authorization vulnerability in Termly Cookie Consent.This issu ...)
+ TODO: check
+CVE-2024-35685 (Missing Authorization vulnerability in Anders Nor\xe9n Radcliffe 2.Thi ...)
+ TODO: check
+CVE-2024-35683 (Missing Authorization vulnerability in Teplitsa of social technologies ...)
+ TODO: check
+CVE-2024-35671 (Missing Authorization vulnerability in Minoji MJ Update History.This i ...)
+ TODO: check
+CVE-2024-35667 (Missing Authorization vulnerability in WP EasyCart.This issue affects ...)
+ TODO: check
+CVE-2024-35665 (Missing Authorization vulnerability in namithjawahar Insert Post Ads.T ...)
+ TODO: check
+CVE-2024-35663 (Missing Authorization vulnerability in HahnCreativeGroup WP Translate. ...)
+ TODO: check
+CVE-2024-35628 (Missing Authorization vulnerability in Photo Gallery Team Photo Galler ...)
+ TODO: check
+CVE-2024-35303 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-35292 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...)
+ TODO: check
+CVE-2024-35265 (Windows Perception Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-35263 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...)
+ TODO: check
+CVE-2024-35255 (Azure Identity Libraries and Microsoft Authentication Library Elevatio ...)
+ TODO: check
+CVE-2024-35254 (Azure Monitor Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-35253 (Microsoft Azure File Sync Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-35252 (Azure Storage Movement Client Library Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-35250 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-35249 (Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerab ...)
+ TODO: check
+CVE-2024-35248 (Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnera ...)
+ TODO: check
+CVE-2024-35213 (An improper input validation vulnerability in the SGI Image Codec of Q ...)
+ TODO: check
+CVE-2024-35212 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-35211 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-35210 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-35209 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-35208 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-35207 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-35206 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-35168 (Missing Authorization vulnerability in Discourse WP Discourse.This iss ...)
+ TODO: check
+CVE-2024-34826 (Missing Authorization vulnerability in Tobias Conrad Design for Contac ...)
+ TODO: check
+CVE-2024-34824 (Missing Authorization vulnerability in ThemeBoy SportsPress \u2013 Spo ...)
+ TODO: check
+CVE-2024-34822 (Missing Authorization vulnerability in weDevs weMail.This issue affect ...)
+ TODO: check
+CVE-2024-34821 (Missing Authorization vulnerability in Contact List PRO Contact List \ ...)
+ TODO: check
+CVE-2024-34820 (Missing Authorization vulnerability in If So Plugin If-So Dynamic Cont ...)
+ TODO: check
+CVE-2024-34819 (Missing Authorization vulnerability in MoreConvert MC Woocommerce Wish ...)
+ TODO: check
+CVE-2024-34815 (Missing Authorization vulnerability in Codection Import and export use ...)
+ TODO: check
+CVE-2024-34813 (Missing Authorization vulnerability in MoreConvert MC Woocommerce Wish ...)
+ TODO: check
+CVE-2024-34804 (Missing Authorization vulnerability in Tagembed.This issue affects Tag ...)
+ TODO: check
+CVE-2024-34799 (Missing Authorization vulnerability in Repute Infosystems BookingPress ...)
+ TODO: check
+CVE-2024-34768 (Missing Authorization vulnerability in Fastly.This issue affects Fastl ...)
+ TODO: check
+CVE-2024-34763 (Missing Authorization vulnerability in Tobias Conrad Builder for WooCo ...)
+ TODO: check
+CVE-2024-34758 (Missing Authorization vulnerability in Wpmet WP Fundraising Donation a ...)
+ TODO: check
+CVE-2024-34753 (Missing Authorization vulnerability in SoftLab Radio Player.This issue ...)
+ TODO: check
+CVE-2024-34442 (Missing Authorization vulnerability in weDevs weDocs.This issue affect ...)
+ TODO: check
+CVE-2024-34406 (Improper exception handling in McAfee Security: Antivirus VPN for Andr ...)
+ TODO: check
+CVE-2024-34405 (Improper deep link validation in McAfee Security: Antivirus VPN for An ...)
+ TODO: check
+CVE-2024-33500 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ TODO: check
+CVE-2024-32148 (Missing Authorization vulnerability in Salesforce Pardot.This issue af ...)
+ TODO: check
+CVE-2024-32146 (Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose ...)
+ TODO: check
+CVE-2024-32144 (Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce ...)
+ TODO: check
+CVE-2024-32143 (Missing Authorization vulnerability in Podlove Podlove Podcast Publish ...)
+ TODO: check
+CVE-2024-31495 (A improper neutralization of special elements used in an sql command ( ...)
+ TODO: check
+CVE-2024-30104 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30103 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30102 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30101 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30100 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30099 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30097 (Microsoft Speech Application Programming Interface (SAPI) Remote Code ...)
+ TODO: check
+CVE-2024-30096 (Windows Cryptographic Services Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-30095 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30094 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30093 (Windows Storage Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30091 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30090 (Microsoft Streaming Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30089 (Microsoft Streaming Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30088 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30087 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30086 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30085 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2024-30084 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30083 (Windows Standards-Based Storage Management Service Denial of Service V ...)
+ TODO: check
+CVE-2024-30082 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30080 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30078 (Windows Wi-Fi Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30077 (Windows OLE Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30076 (Windows Container Manager Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30075 (Windows Link Layer Topology Discovery Protocol Remote Code Execution V ...)
+ TODO: check
+CVE-2024-30074 (Windows Link Layer Topology Discovery Protocol Remote Code Execution V ...)
+ TODO: check
+CVE-2024-30072 (Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerabi ...)
+ TODO: check
+CVE-2024-30070 (DHCP Server Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30069 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ TODO: check
+CVE-2024-30068 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30067 (Winlogon Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30066 (Winlogon Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30065 (Windows Themes Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30064 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30063 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...)
+ TODO: check
+CVE-2024-30062 (Windows Standards-Based Storage Management Service Remote Code Executi ...)
+ TODO: check
+CVE-2024-30052 (Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-2462 (Allow attackers to intercept or falsify data exchanges between the cli ...)
+ TODO: check
+CVE-2024-2461 (If exploited an attacker could traverse the file system to access fil ...)
+ TODO: check
+CVE-2024-2013 (An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM se ...)
+ TODO: check
+CVE-2024-2012 (vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that i ...)
+ TODO: check
+CVE-2024-2011 (A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNE ...)
+ TODO: check
+CVE-2024-29060 (Visual Studio Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-28024 (A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive inform ...)
+ TODO: check
+CVE-2024-28023 (A vulnerability exists in the message queueing mechanism that if expl ...)
+ TODO: check
+CVE-2024-28022 (A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that ...)
+ TODO: check
+CVE-2024-28021 (A vulnerability exists in the FOXMAN-UN/UNEM server that affects the m ...)
+ TODO: check
+CVE-2024-28020 (A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM appli ...)
+ TODO: check
+CVE-2024-26330 (An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. ...)
+ TODO: check
+CVE-2024-26010 (A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1. ...)
+ TODO: check
+CVE-2024-24704 (Missing Authorization vulnerability in AddonMaster Load More Anything. ...)
+ TODO: check
+CVE-2024-24703 (Missing Authorization vulnerability in MultiVendorX WC Marketplace.Thi ...)
+ TODO: check
+CVE-2024-23521 (Missing Authorization vulnerability in Happyforms.This issue affects H ...)
+ TODO: check
+CVE-2024-23518 (Missing Authorization vulnerability in Navneil Naicker ACF Photo Galle ...)
+ TODO: check
+CVE-2024-23503 (Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables. ...)
+ TODO: check
+CVE-2024-23111 (A use of password hash with insufficient computational effort vulnerab ...)
+ TODO: check
+CVE-2024-23110 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 throug ...)
+ TODO: check
+CVE-2024-21754 (A use of password hash with insufficient computational effort vulnerab ...)
+ TODO: check
+CVE-2023-52233 (Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Emai ...)
+ TODO: check
+CVE-2023-52227 (Missing Authorization vulnerability in MailerLite MailerLite \u2013 Wo ...)
+ TODO: check
+CVE-2023-52224 (Missing Authorization vulnerability in Revolut Revolut Gateway for Woo ...)
+ TODO: check
+CVE-2023-52217 (Missing Authorization vulnerability in weDevs WooCommerce Conversion T ...)
+ TODO: check
+CVE-2023-52199 (Missing Authorization vulnerability in Matthias Pfefferle & Automattic ...)
+ TODO: check
+CVE-2023-52186 (Missing Authorization vulnerability in Woo WooCommerce Product Vendors ...)
+ TODO: check
+CVE-2023-52183 (Missing Authorization vulnerability in WebToffee WordPress Backup & Mi ...)
+ TODO: check
+CVE-2023-52179 (Missing Authorization vulnerability in WebCodingPlace Product Expiry f ...)
+ TODO: check
+CVE-2023-51682 (Missing Authorization vulnerability in ibericode MC4WP.This issue affe ...)
+ TODO: check
+CVE-2023-51519 (Missing Authorization vulnerability in Soliloquy Team Slider by Solilo ...)
+ TODO: check
+CVE-2023-51498 (Missing Authorization vulnerability in Woo WooCommerce Canada Post Shi ...)
+ TODO: check
+CVE-2023-50763 (A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6U ...)
+ TODO: check
+CVE-2023-4727 (A flaw was found in dogtag-pki and pki-core. The token authentication ...)
+ TODO: check
+CVE-2023-48273 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...)
+ TODO: check
+CVE-2023-46720 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 throug ...)
+ TODO: check
+CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All versions ...)
+ TODO: check
+CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...)
+ TODO: check
+CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...)
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
-CVE-2024-5701
+CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
-CVE-2024-5700
+CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700
-CVE-2024-5699
+CVE-2024-5699 (In violation of spec, cookie prefixes such as `__Secure` were being ig ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5699
-CVE-2024-5698
+CVE-2024-5698 (By manipulating the fullscreen feature while opening a data-list, an a ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5698
-CVE-2024-5697
+CVE-2024-5697 (A website was able to detect when a user took a screenshot of a page u ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
-CVE-2024-5696
+CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker could ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5696
-CVE-2024-5695
+CVE-2024-5695 (If an out-of-memory condition occurs at a specific point using allocat ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5695
-CVE-2024-5694
+CVE-2024-5694 (An attacker could have caused a use-after-free in the JavaScript engin ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
-CVE-2024-5693
+CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5693
-CVE-2024-5692
+CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker could ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
-CVE-2024-5691
+CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
-CVE-2024-5690
+CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5690
-CVE-2024-5689
+CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX), a ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
-CVE-2024-5688
+CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-after-f ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5688
-CVE-2024-5687
+CVE-2024-5687 (If a specific sequence of actions is performed when opening a new tab, ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5687
-CVE-2024-35235
+CVE-2024-35235 (OpenPrinting CUPS is an open source printing system for Linux and othe ...)
- cups <unfixed> (bug #1073002)
[bookworm] - cups <no-dsa> (Minor issue)
[bullseye] - cups <no-dsa> (Minor issue)
@@ -1634,6 +1938,7 @@ CVE-2024-1164 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable
CVE-2024-1161 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34055 (Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authentica ...)
+ {DSA-5708-1}
- cyrus-imapd 3.8.3-1
[bullseye] - cyrus-imapd <ignored> (Too intrusive to backport)
NOTE: https://cyrus.topicbox.com/groups/announce/Ta8e3998446caf7f8/cyrus-imap-3-8-3-3-6-5-and-3-4-8-released
@@ -22179,15 +22484,15 @@ CVE-2024-27247 (Improper privilege management in the installer for Zoom Desktop
NOT-FOR-US: Zoom
CVE-2024-27242 (Cross site scripting in Zoom Desktop Client for Linux before version 5 ...)
NOT-FOR-US: Zoom
-CVE-2024-26277 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+CVE-2024-26277 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
NOT-FOR-US: Siemens
-CVE-2024-26276 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+CVE-2024-26276 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
NOT-FOR-US: Siemens
-CVE-2024-26275 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+CVE-2024-26275 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
NOT-FOR-US: Siemens
CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-26256 (libarchive Remote Code Execution Vulnerability)
+CVE-2024-26256 (Libarchive Remote Code Execution Vulnerability)
{DSA-5706-1}
- libarchive 3.7.2-2.1 (bug #1072107)
[bullseye] - libarchive <not-affected> (Vulnerable code introduced in 3.6.0)
@@ -22213,7 +22518,7 @@ CVE-2024-26248 (Windows Kerberos Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-26245 (Windows SMB Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-26244 (Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vu ...)
+CVE-2024-26244 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
NOT-FOR-US: Microsoft
CVE-2024-26243 (Windows USB Print Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -22277,7 +22582,7 @@ CVE-2024-26212 (DHCP Server Service Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-26211 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2024-26210 (Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vu ...)
+CVE-2024-26210 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
NOT-FOR-US: Microsoft
CVE-2024-26209 (Microsoft Local Security Authority Subsystem Service Information Discl ...)
NOT-FOR-US: Microsoft
@@ -89787,8 +90092,8 @@ CVE-2023-28777 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: Lightbox plugin
-CVE-2023-28775
- RESERVED
+CVE-2023-28775 (Missing Authorization vulnerability in Yoast Yoast SEO Premium.This is ...)
+ TODO: check
CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -98858,8 +99163,8 @@ CVE-2023-25801 (TensorFlow is an open source machine learning platform. Prior to
- tensorflow <itp> (bug #804612)
CVE-2023-25800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25799
- RESERVED
+CVE-2023-25799 (Missing Authorization vulnerability in Themeum Tutor LMS.This issue af ...)
+ TODO: check
CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25797 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlid ...)
@@ -105092,8 +105397,8 @@ CVE-2023-23777 (An improper neutralization of special elements used in an OS com
NOT-FOR-US: Fortinet
CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
NOT-FOR-US: Fortinet
-CVE-2023-23775
- RESERVED
+CVE-2023-23775 (Multiple improper neutralization of special elements used inSQL comman ...)
+ TODO: check
CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 ...)
- check-mk <removed>
CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...)
@@ -118165,7 +118470,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export
NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2)
CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...)
NOT-FOR-US: authentik
-CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C (All versions ...)
+CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS0 ...)
NOT-FOR-US: Siemens
CVE-2022-46143 (Affected devices do not check the TFTP blocksize correctly. This could ...)
NOT-FOR-US: Siemens
@@ -127593,9 +127898,9 @@ CVE-2022-43770 (Hitachi Vantara Pentaho Business Analytics Server versions befor
NOT-FOR-US: Hitachi
CVE-2022-43769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
NOT-FOR-US: Hitachi
-CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
+CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7 ...)
NOT-FOR-US: Siemens
-CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
+CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7 ...)
NOT-FOR-US: Siemens
CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...)
NOT-FOR-US: Apache IoTDB
@@ -127764,7 +128069,7 @@ CVE-2022-43718 (Upload data forms do not correctly render user input leading to
CVE-2022-43717 (Dashboard rendering does not sufficiently sanitize the content of mark ...)
NOT-FOR-US: Apache Superset
NOTE: https://github.com/apache/superset/pull/21895
-CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
+CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7 ...)
NOT-FOR-US: Siemens
CVE-2022-43715
RESERVED
@@ -137450,8 +137755,8 @@ CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panel
NOT-FOR-US: Siemens
CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...)
NOT-FOR-US: Siemens
-CVE-2022-40225
- REJECTED
+CVE-2022-40225 (A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1M ...)
+ TODO: check
CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Foru ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech Tera ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ea59811fc2bbd3f466c6ae6622cb0bf4c1fd0d
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ea59811fc2bbd3f466c6ae6622cb0bf4c1fd0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240611/9aa33a7e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list