[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 13 21:16:43 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dcc96146 by security tracker role at 2024-06-13T20:14:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2024-5952 (Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-S ...)
+ TODO: check
+CVE-2024-5951 (Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denia ...)
+ TODO: check
+CVE-2024-5950 (Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffe ...)
+ TODO: check
+CVE-2024-5949 (Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of ...)
+ TODO: check
+CVE-2024-5948 (Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Over ...)
+ TODO: check
+CVE-2024-5947 (Deep Sea Electronics DSE855 Configuration Backup Missing Authenticatio ...)
+ TODO: check
+CVE-2024-5927
+ REJECTED
+CVE-2024-5924 (Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. T ...)
+ TODO: check
+CVE-2024-4696 (A privilege escalation vulnerability was reported in Lenovo Service Br ...)
+ TODO: check
+CVE-2024-4371 (The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Chec ...)
+ TODO: check
+CVE-2024-4176 (An Cross site scripting vulnerability in the EDR XConsole before this ...)
+ TODO: check
+CVE-2024-3073 (The Easy WP SMTP by SendLayer \u2013 WordPress SMTP and Email Log Plug ...)
+ TODO: check
+CVE-2024-38313 (In certain scenarios a malicious website could attempt to display a fa ...)
+ TODO: check
+CVE-2024-38312 (When browsing private tabs, some data related to location history or w ...)
+ TODO: check
+CVE-2024-38285 (Logs storing credentials are insufficiently protected and can be decod ...)
+ TODO: check
+CVE-2024-38284 (Transmitted data is logged between the device and the backend service. ...)
+ TODO: check
+CVE-2024-38283 (Sensitive customer information is stored in the device without encrypt ...)
+ TODO: check
+CVE-2024-38282 (Utilizing default credentials, an attacker is able to log into the cam ...)
+ TODO: check
+CVE-2024-38281 (An attacker can access the maintenance console using hard coded creden ...)
+ TODO: check
+CVE-2024-38280 (An unauthorized user is able to gain access to sensitive data, includi ...)
+ TODO: check
+CVE-2024-38279 (The affected product is vulnerable to an attacker modifying the bootlo ...)
+ TODO: check
+CVE-2024-38083 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-37877 (UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is s ...)
+ TODO: check
+CVE-2024-37849 (A SQL Injection vulnerability in itsourcecode Billing System 1.0 allow ...)
+ TODO: check
+CVE-2024-37635 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-37634 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-37633 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-37632 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-37631 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-37630 (D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded passwor ...)
+ TODO: check
+CVE-2024-37309 (CrateDB is a distributed SQL database. A high-risk vulnerability has b ...)
+ TODO: check
+CVE-2024-37308 (The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent ...)
+ TODO: check
+CVE-2024-37307 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2024-37306 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
+ TODO: check
+CVE-2024-37164 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
+ TODO: check
+CVE-2024-37131 (SCG Policy Manager, all versions, contains an overly permissive Cross- ...)
+ TODO: check
+CVE-2024-37029 (Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based ...)
+ TODO: check
+CVE-2024-37022 (Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-boun ...)
+ TODO: check
+CVE-2024-36760 (A stack overflow vulnerability was found in version 1.18.0 of rhai. Th ...)
+ TODO: check
+CVE-2024-36647 (A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 ...)
+ TODO: check
+CVE-2024-36589 (An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2 ...)
+ TODO: check
+CVE-2024-36588 (An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit ...)
+ TODO: check
+CVE-2024-36587 (Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows n ...)
+ TODO: check
+CVE-2024-36586 (An issue in AdGuardHome v0.93 to latest allows unprivileged attackers ...)
+ TODO: check
+CVE-2024-36396 (Verint - CWE-434: Unrestricted Upload of File with Dangerous Type)
+ TODO: check
+CVE-2024-36395 (Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags i ...)
+ TODO: check
+CVE-2024-35328 (libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the fu ...)
+ TODO: check
+CVE-2024-35326 (libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issu ...)
+ TODO: check
+CVE-2024-35325 (A vulnerability was found in libyaml up to 0.2.5. Affected by this iss ...)
+ TODO: check
+CVE-2024-34130 (Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affe ...)
+ TODO: check
+CVE-2024-34129 (Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affe ...)
+ TODO: check
+CVE-2024-34116 (Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by ...)
+ TODO: check
+CVE-2024-34115 (Substance3D - Stager versions 2.1.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-34113 (ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak ...)
+ TODO: check
+CVE-2024-34112 (ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2024-34111 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34110 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34109 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34108 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34107 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34106 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34105 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34104 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34103 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-34102 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...)
+ TODO: check
+CVE-2024-32860 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
+ TODO: check
+CVE-2024-32859 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
+ TODO: check
+CVE-2024-32858 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
+ TODO: check
+CVE-2024-32856 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
+ TODO: check
+CVE-2024-32504 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...)
+ TODO: check
+CVE-2024-31956 (An issue was discovered in Samsung Mobile Processor Exynos 2200, Exyno ...)
+ TODO: check
+CVE-2024-30472 (Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive ...)
+ TODO: check
+CVE-2024-30300 (Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier ...)
+ TODO: check
+CVE-2024-30299 (Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier ...)
+ TODO: check
+CVE-2024-30285 (Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Poin ...)
+ TODO: check
+CVE-2024-30278 (Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected b ...)
+ TODO: check
+CVE-2024-30276 (Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an ...)
+ TODO: check
+CVE-2024-30058 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-30057 (Microsoft Edge for iOS Spoofing Vulnerability)
+ TODO: check
+CVE-2024-29169 (Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulner ...)
+ TODO: check
+CVE-2024-29168 (Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulner ...)
+ TODO: check
+CVE-2024-28969 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...)
+ TODO: check
+CVE-2024-28968 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...)
+ TODO: check
+CVE-2024-28967 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...)
+ TODO: check
+CVE-2024-28966 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...)
+ TODO: check
+CVE-2024-28965 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...)
+ TODO: check
+CVE-2024-25052 (IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clea ...)
+ TODO: check
+CVE-2024-22441 (HPE Cray Parallel Application Launch Service (PALS) is subject to an a ...)
+ TODO: check
+CVE-2024-22333 (IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8 ...)
+ TODO: check
+CVE-2024-20753 (Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an ...)
+ TODO: check
+CVE-2024-1565 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...)
+ TODO: check
+CVE-2024-0979 (The Dashboard Widgets Suite plugin for WordPress is vulnerable to Refl ...)
+ TODO: check
+CVE-2023-35860 (A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 ...)
+ TODO: check
+CVE-2023-35859 (A Reflected Cross-Site Scripting (XSS) vulnerability in the blog funct ...)
+ TODO: check
+CVE-2023-35858 (XPath Injection vulnerabilities in the blog and RSS functions of Moder ...)
+ TODO: check
CVE-2024-5469
- gitlab <unfixed>
CVE-2024-5787 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...)
@@ -942,14 +1132,14 @@ CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All ve
CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...)
- {DSA-5709-1}
+ {DSA-5709-1 DLA-3825-1}
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...)
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ...)
- {DSA-5709-1}
+ {DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
@@ -964,7 +1154,7 @@ CVE-2024-5697 (A website was able to detect when a user took a screenshot of a p
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker could ...)
- {DSA-5709-1}
+ {DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
@@ -976,7 +1166,7 @@ CVE-2024-5694 (An attacker could have caused a use-after-free in the JavaScript
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
- {DSA-5709-1}
+ {DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
@@ -987,13 +1177,13 @@ CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker c
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...)
- {DSA-5709-1}
+ {DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...)
- {DSA-5709-1}
+ {DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
@@ -1002,7 +1192,7 @@ CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-after-f ...)
- {DSA-5709-1}
+ {DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
@@ -1937,11 +2127,11 @@ CVE-2023-49222 (Precor touchscreen console P82 contains a private SSH key that c
NOT-FOR-US: Precor touchscreen console
CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a remote atta ...)
NOT-FOR-US: Precor touchscreen console
-CVE-2024-37280
+CVE-2024-37280 (A flaw was discovered in Elasticsearch, affecting document ingestion w ...)
- elasticsearch <removed>
CVE-2024-23445 (It was identified that if a cross-cluster API key https://www.elastic ...)
- elasticsearch <removed>
-CVE-2024-37279
+CVE-2024-37279 (A flaw was discovered in Kibana, allowing view-only users of alerting ...)
- kibana <itp> (bug #700337)
CVE-2024-5154 (A flaw was found in cri-o. A malicious container can create a symbolic ...)
- cri-o <itp> (bug #979702)
@@ -2326,7 +2516,8 @@ CVE-2023-45192 (IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0
NOT-FOR-US: IBM
CVE-2024-5665 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPr ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-5656 (The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site ...)
+CVE-2024-5656
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-5653 (A vulnerability, which was classified as critical, has been found in C ...)
NOT-FOR-US: Chanjet Smooth T+system
@@ -147430,7 +147621,7 @@ CVE-2021-4238 (Randomly-generated alphanumeric strings contain significantly les
NOTE: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
NOTE: https://pkg.go.dev/vuln/GO-2022-0411
CVE-2021-4237
- RESERVED
+ REJECTED
CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...)
NOT-FOR-US: ecnepsnai/web
CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc9614649079f1bb94efa9fbf9e0735b86e0d89
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc9614649079f1bb94efa9fbf9e0735b86e0d89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240613/40af4f13/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list