[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 14 21:12:19 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
52088067 by security tracker role at 2024-05-14T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,73 +1,475 @@
-CVE-2024-4778
+CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...)
+ TODO: check
+CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...)
+ TODO: check
+CVE-2024-4859 (Solidus <= 4.3.4is affected by a Stored Cross-Site Scripting vulnerabi ...)
+ TODO: check
+CVE-2024-4624 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-4473 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-4440 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...)
+ TODO: check
+CVE-2024-4392 (The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for Wor ...)
+ TODO: check
+CVE-2024-4333 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...)
+ TODO: check
+CVE-2024-3676 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...)
+ TODO: check
+CVE-2024-3579 (Open-source project Online Shopping System Advanced is vulnerable to R ...)
+ TODO: check
+CVE-2024-3374 (An unauthenticated user can trigger a fatal assertion in the server wh ...)
+ TODO: check
+CVE-2024-3372 (Improper validation of certain metadata input may result in the server ...)
+ TODO: check
+CVE-2024-35012 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35011 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35010 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-35009 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-34950 (D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer ...)
+ TODO: check
+CVE-2024-34914 (php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a wea ...)
+ TODO: check
+CVE-2024-34773 (A vulnerability has been identified in Solid Edge (All versions < V224 ...)
+ TODO: check
+CVE-2024-34772 (A vulnerability has been identified in Solid Edge (All versions < V224 ...)
+ TODO: check
+CVE-2024-34771 (A vulnerability has been identified in Solid Edge (All versions < V224 ...)
+ TODO: check
+CVE-2024-34717 (PrestaShop is an open source e-commerce web application. In PrestaShop ...)
+ TODO: check
+CVE-2024-34716 (PrestaShop is an open source e-commerce web application. A cross-site ...)
+ TODO: check
+CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hoppscotch ...)
+ TODO: check
+CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...)
+ TODO: check
+CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...)
+ TODO: check
+CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...)
+ TODO: check
+CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version ...)
+ TODO: check
+CVE-2024-34356 (TYPO3 is an enterprise content management system. Starting in version ...)
+ TODO: check
+CVE-2024-34355 (TYPO3 is an enterprise content management system. Starting in version ...)
+ TODO: check
+CVE-2024-34256 (OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function ...)
+ TODO: check
+CVE-2024-34243 (Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the user ...)
+ TODO: check
+CVE-2024-34191 (htmly v2.9.6 was discovered to contain an arbitrary file deletion vuln ...)
+ TODO: check
+CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
+ TODO: check
+CVE-2024-34085 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
+ TODO: check
+CVE-2024-33868 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is L ...)
+ TODO: check
+CVE-2024-33867 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...)
+ TODO: check
+CVE-2024-33866 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...)
+ TODO: check
+CVE-2024-33865 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...)
+ TODO: check
+CVE-2024-33864 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is S ...)
+ TODO: check
+CVE-2024-33863 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...)
+ TODO: check
+CVE-2024-33647 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
+ TODO: check
+CVE-2024-33583 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-33577 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...)
+ TODO: check
+CVE-2024-33499 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-33498 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-33497 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-33496 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-33495 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-33494 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-33493 (A vulnerability has been identified in Solid Edge (All versions < V224 ...)
+ TODO: check
+CVE-2024-33492 (A vulnerability has been identified in Solid Edge (All versions < V224 ...)
+ TODO: check
+CVE-2024-33491 (A vulnerability has been identified in Solid Edge (All versions < V224 ...)
+ TODO: check
+CVE-2024-33490 (A vulnerability has been identified in Solid Edge (All versions < V224 ...)
+ TODO: check
+CVE-2024-33489 (A vulnerability has been identified in Solid Edge (All versions < V224 ...)
+ TODO: check
+CVE-2024-33485 (SQL Injection vulnerability in CASAP Automated Enrollment System using ...)
+ TODO: check
+CVE-2024-32977 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
+ TODO: check
+CVE-2024-32742 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2024-32741 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2024-32740 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2024-32639 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-32637 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+ TODO: check
+CVE-2024-32636 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+ TODO: check
+CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+ TODO: check
+CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid ...)
+ TODO: check
+CVE-2024-32355 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-32354 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-32353 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-32352 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...)
+ TODO: check
+CVE-2024-32351 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...)
+ TODO: check
+CVE-2024-32350 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...)
+ TODO: check
+CVE-2024-32349 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...)
+ TODO: check
+CVE-2024-32066 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32065 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32064 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32063 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32062 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32061 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32060 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32059 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32058 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32057 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
+ TODO: check
+CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
+ TODO: check
+CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
+ TODO: check
+CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
+ TODO: check
+CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
+ TODO: check
+CVE-2024-31980 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+ TODO: check
+CVE-2024-31491 (A client-side enforcement of server-side security in Fortinet FortiSan ...)
+ TODO: check
+CVE-2024-31488 (An improper neutralization of inputs during web page generation vulner ...)
+ TODO: check
+CVE-2024-31486 (A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions ...)
+ TODO: check
+CVE-2024-31485 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
+ TODO: check
+CVE-2024-31484 (A vulnerability has been identified in CPC80 Central Processing/Commun ...)
+ TODO: check
+CVE-2024-30209 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-30208 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-30207 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-30206 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ TODO: check
+CVE-2024-30059 (Microsoft Intune for Android Mobile Application Management Tampering V ...)
+ TODO: check
+CVE-2024-30054 (Microsoft Power BI Client JavaScript SDK Information Disclosure Vulner ...)
+ TODO: check
+CVE-2024-30053 (Azure Migrate Cross-Site Scripting Vulnerability)
+ TODO: check
+CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30050 (Windows Mark of the Web Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-30049 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30048 (Dynamics 365 Customer Insights Spoofing Vulnerability)
+ TODO: check
+CVE-2024-30047 (Dynamics 365 Customer Insights Spoofing Vulnerability)
+ TODO: check
+CVE-2024-30046 (Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30045 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30044 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30043 (Microsoft SharePoint Server Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-30042 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30041 (Microsoft Bing Search Spoofing Vulnerability)
+ TODO: check
+CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-30039 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ TODO: check
+CVE-2024-30038 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30037 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2024-30036 (Windows Deployment Services Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-30035 (Windows DWM Core Library Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30034 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...)
+ TODO: check
+CVE-2024-30033 (Windows Search Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30032 (Windows DWM Core Library Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30031 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30030 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30029 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30028 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30027 (NTFS Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30025 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2024-30024 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30023 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30022 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30021 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30020 (Windows Cryptographic Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30019 (DHCP Server Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30018 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30017 (Windows Hyper-V Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30016 (Windows Cryptographic Services Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-30015 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30014 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30012 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30011 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-30010 (Windows Hyper-V Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30009 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-30008 (Windows DWM Core Library Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-30007 (Microsoft Brokering File System Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-30006 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-30005 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30004 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30003 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30002 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30001 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-30000 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-2637 (An authenticated local attacker who successfully exploited this vulner ...)
+ TODO: check
+CVE-2024-29999 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-29998 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-29997 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-29996 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2024-29994 (Microsoft Windows SCSI Class System File Elevation of Privilege Vulner ...)
+ TODO: check
+CVE-2024-28137 (A local attacker with low privileges canperform a privilege escalation ...)
+ TODO: check
+CVE-2024-28136 (A local attacker with low privileges can use a command injection vulne ...)
+ TODO: check
+CVE-2024-28135 (A low privileged remote attacker can usea command injection vulnerabil ...)
+ TODO: check
+CVE-2024-28134 (An unauthenticated remote attacker can extract a session token with a ...)
+ TODO: check
+CVE-2024-28133 (A local low privileged attacker can use an untrusted search path in aC ...)
+ TODO: check
+CVE-2024-27947 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27946 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27945 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27944 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27943 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27942 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27941 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27940 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27939 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
+ TODO: check
+CVE-2024-27110 (Elevation of privilege vulnerability in GE HealthCare EchoPAC products)
+ TODO: check
+CVE-2024-27109 (Insufficiently protected credentials in GE HealthCare EchoPAC products)
+ TODO: check
+CVE-2024-27108 (Non privileged access to critical file vulnerability in GE HealthCare ...)
+ TODO: check
+CVE-2024-27107 (Weak account password in GE HealthCare EchoPAC products)
+ TODO: check
+CVE-2024-27106 (Vulnerable data in transit in GE HealthCare EchoPAC products)
+ TODO: check
+CVE-2024-26367 (Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firm ...)
+ TODO: check
+CVE-2024-26238 (Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2024-26007 (An improper check or handling of exceptional conditions vulnerability ...)
+ TODO: check
+CVE-2024-23105 (A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet Forti ...)
+ TODO: check
+CVE-2024-22270 (VMware Workstation and Fusion contain an information disclosure vulner ...)
+ TODO: check
+CVE-2024-22269 (VMware Workstation and Fusion contain an information disclosure vulner ...)
+ TODO: check
+CVE-2024-22268 (VMware Workstation and Fusion contain a heap buffer-overflow vulnerabi ...)
+ TODO: check
+CVE-2024-22267 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...)
+ TODO: check
+CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities could cau ...)
+ TODO: check
+CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities could cau ...)
+ TODO: check
+CVE-2024-1630 (Path traversal vulnerability in \u201cgetAllFolderContents\u201d funct ...)
+ TODO: check
+CVE-2024-1629 (Path traversal vulnerability in \u201cdeleteFiles\u201d function of Co ...)
+ TODO: check
+CVE-2024-1628 (OS command injection vulnerabilities in GE HealthCare ultrasound devic ...)
+ TODO: check
+CVE-2024-1598 (Potential buffer overflow in unsafe UEFI variable handling in Phoen ...)
+ TODO: check
+CVE-2024-1486 (Elevation of privileges via misconfigured access control list in GE He ...)
+ TODO: check
+CVE-2024-0862 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...)
+ TODO: check
+CVE-2024-0762 (Potential buffer overflow in unsafe UEFI variable handling in Phoen ...)
+ TODO: check
+CVE-2023-50180 (An exposure of sensitive system information to an unauthorized control ...)
+ TODO: check
+CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...)
+ TODO: check
+CVE-2023-46280 (A vulnerability has been identified in S7-PCT (All versions), Security ...)
+ TODO: check
+CVE-2023-45586 (An insufficient verification of data authenticity vulnerability [CWE-3 ...)
+ TODO: check
+CVE-2023-45583 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
+ TODO: check
+CVE-2023-44247 (A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 ...)
+ TODO: check
+CVE-2023-40720 (An authorization bypass through user-controlled key vulnerability [CWE ...)
+ TODO: check
+CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
+ TODO: check
+CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...)
+ TODO: check
+CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs showed e ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778
-CVE-2024-4777
+CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4777
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4777
-CVE-2024-4776
+CVE-2024-4776 (A file dialog shown while in full-screen mode could have resulted in t ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4776
-CVE-2024-4775
+CVE-2024-4775 (An iterator stop condition was missing when handling WASM code in the ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4775
-CVE-2024-4774
+CVE-2024-4774 (The `ShmemCharMapHashEntry()` code was susceptible to potentially unde ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4774
-CVE-2024-4773
+CVE-2024-4773 (When a network error occurred during page load, the prior content coul ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4773
-CVE-2024-4772
+CVE-2024-4772 (An HTTP digest authentication nonce value was generated using `rand()` ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4772
-CVE-2024-4771
+CVE-2024-4771 (A memory allocation check was missing which would lead to a use-after- ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771
-CVE-2024-4770
+CVE-2024-4770 (When saving a page to PDF, certain font styles could have led to a pot ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4770
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
-CVE-2024-4769
+CVE-2024-4769 (When importing resources using Web Workers, error messages would disti ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4769
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
-CVE-2024-4768
+CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it easier ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4768
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768
-CVE-2024-4767
+CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is enabled, Inde ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4767
-CVE-2024-4766
+CVE-2024-4766 (Different techniques existed to obscure the fullscreen notification in ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4766
-CVE-2024-4765
+CVE-2024-4765 (Web application manifests were stored by using an insecure MD5 hash wh ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765
-CVE-2024-4367
+CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which would al ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4367
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4367
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4367
-CVE-2024-4764
+CVE-2024-4764 (Multiple WebRTC threads could have claimed a newly connected audio inp ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4764
CVE-2024-4855 (Use after free issue in editcap could cause denial of service via craf ...)
@@ -298,7 +700,7 @@ CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in Thoma ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-34353 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
+CVE-2024-34353 (The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is a ...)
TODO: check
CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...)
TODO: check
@@ -6993,7 +7395,7 @@ CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon Tool
NOT-FOR-US: WordPress plugin
CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-32077
+CVE-2024-32077 (Apache Airflow version 2.9.0 has a vulnerability that allows an authen ...)
- airflow <itp> (bug #819700)
CVE-2024-32051 (Insertion of sensitive information into log file issue exists in RoamW ...)
NOT-FOR-US: RoamWiFi
@@ -27431,7 +27833,7 @@ CVE-2024-24751 (sf_event_mgt is an event management and registration extension f
NOT-FOR-US: TYPO3 extension
CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...)
NOT-FOR-US: Siemens
-CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions). Th ...)
+CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
NOT-FOR-US: Siemens
CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...)
NOT-FOR-US: Siemens
@@ -27657,7 +28059,7 @@ CVE-2023-51440 (A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343
NOT-FOR-US: Siemens
CVE-2023-50808 (Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based ...)
NOT-FOR-US: Zimbra
-CVE-2023-50236 (A vulnerability has been identified in Polarion ALM (All versions). Th ...)
+CVE-2023-50236 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
NOT-FOR-US: Siemens
CVE-2023-49125 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...)
NOT-FOR-US: Siemens
@@ -93466,10 +93868,10 @@ CVE-2023-24206 (Davinci v0.3.0-rc was discovered to contain a SQL injection vuln
NOT-FOR-US: Davinci
CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote code exe ...)
NOT-FOR-US: Clash for Windows
-CVE-2023-24204
- RESERVED
-CVE-2023-24203
- RESERVED
+CVE-2023-24204 (SQL injection vulnerability in SourceCodester Simple Customer Relation ...)
+ TODO: check
+CVE-2023-24203 (Cross Site Scripting vulnerability in SourceCodester Simple Customer R ...)
+ TODO: check
CVE-2023-24202 (Raffle Draw System v1.0 was discovered to contain a local file inclusi ...)
NOT-FOR-US: Raffle Draw System
CVE-2023-24201 (Raffle Draw System v1.0 was discovered to contain a SQL injection vuln ...)
@@ -168487,7 +168889,7 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
-CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA ...)
+CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31- ...)
NOT-FOR-US: Siemens
CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...)
NOT-FOR-US: UUNIVERGE
@@ -246712,8 +247114,8 @@ CVE-2021-22282 (Improper Control of Generation of Code ('Code Injection') vulner
NOT-FOR-US: B&R Industrial Automation Automation Studio
CVE-2021-22281 (: Relative Path Traversal vulnerability in B&R Industrial Automation A ...)
NOT-FOR-US: B&R Industrial Automation Automation Studio
-CVE-2021-22280
- RESERVED
+CVE-2021-22280 (Improper DLL loading algorithms in B&R Automation Studio may allow an ...)
+ TODO: check
CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the OmniCore r ...)
NOT-FOR-US: ABB / OmniCore robot controller
CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52088067b7084d893ef2ef63b27e72fd7c8b1350
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52088067b7084d893ef2ef63b27e72fd7c8b1350
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240514/af2427df/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list