[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 29 21:12:18 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2a6af29 by security tracker role at 2024-05-29T20:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,92 @@
-CVE-2023-52881 [tcp: do not accept ACK of bytes we never sent]
+CVE-2024-5185 (The EmbedAI application is susceptible to security issues that enable ...)
+ TODO: check
+CVE-2024-5039 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
+ TODO: check
+CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...)
+ TODO: check
+CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore ...)
+ TODO: check
+CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...)
+ TODO: check
+CVE-2024-36378 (In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS a ...)
+ TODO: check
+CVE-2024-36377 (In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints ...)
+ TODO: check
+CVE-2024-36376 (In JetBrains TeamCity before 2024.03.2 users could perform actions tha ...)
+ TODO: check
+CVE-2024-36375 (In JetBrains TeamCity before 2024.03.2 technical information regarding ...)
+ TODO: check
+CVE-2024-36374 (In JetBrains TeamCity before 2024.03.2 stored XSS via build step setti ...)
+ TODO: check
+CVE-2024-36373 (In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted ...)
+ TODO: check
+CVE-2024-36372 (In JetBrains TeamCity before 2023.05.5 reflected XSS on the subscripti ...)
+ TODO: check
+CVE-2024-36371 (In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit ...)
+ TODO: check
+CVE-2024-36370 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36369 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36368 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36367 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36366 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36365 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36364 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+ TODO: check
+CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Service ( ...)
+ TODO: check
+CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...)
+ TODO: check
+CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset_decl ...)
+ TODO: check
+CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...)
+ TODO: check
+CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
+ TODO: check
+CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact Center Busi ...)
+ TODO: check
+CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
+ TODO: check
+CVE-2024-34715 (Fides is an open-source privacy engineering platform. The Fides webser ...)
+ TODO: check
+CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
+ TODO: check
+CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
+ TODO: check
+CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
+ TODO: check
+CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequat ...)
+ TODO: check
+CVE-2024-28826 (Improper restriction of local upload and download paths in check_sftp ...)
+ TODO: check
+CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. Th ...)
+ TODO: check
+CVE-2024-25977 (The application does not change the session token when using the login ...)
+ TODO: check
+CVE-2024-25976 (When LDAP authentication is activated in the configuration it is possi ...)
+ TODO: check
+CVE-2024-25975 (The application implements an up- and downvote function which alters a ...)
+ TODO: check
+CVE-2023-46297 (An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 ...)
+ TODO: check
+CVE-2023-42005 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data ...)
+ TODO: check
+CVE-2023-52881 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.69-1
[bullseye] - linux 5.10.205-1
@@ -1889,7 +1977,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Galler
CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...)
NOT-FOR-US: WinRAR
CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...)
- {DLA-3822-1}
+ {DSA-5700-1 DLA-3822-1}
- python-pymysql 1.1.1-1 (bug #1071628)
NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp
NOTE: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c (v1.1.1)
@@ -120201,7 +120289,7 @@ CVE-2022-44675 (Windows Bluetooth Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-44673 (Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privileg ...)
+CVE-2022-44673 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...)
NOT-FOR-US: Microsoft
CVE-2022-44672
RESERVED
@@ -140624,7 +140712,7 @@ CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2022-37968 (<p>Microsoft has identified a vulnerability affecting the cluster conn ...)
+CVE-2022-37968 (Microsoft has identified a vulnerability affecting the cluster connect ...)
NOT-FOR-US: Microsoft
CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
@@ -195724,7 +195812,7 @@ CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43890 (<p>We have investigated reports of a spoofing vulnerability in AppX in ...)
+CVE-2021-43890 (We have investigated reports of a spoofing vulnerability in AppX insta ...)
NOT-FOR-US: Microsoft
CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -229622,7 +229710,7 @@ CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-31957 (ASP.NET Denial of Service Vulnerability)
+CVE-2021-31957 (ASP.NET Core Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -397317,7 +397405,7 @@ CVE-2019-1200 (A remote code execution vulnerability exists in Microsoft Outlook
NOT-FOR-US: Microsoft
CVE-2019-1199 (A remote code execution vulnerability exists in Microsoft Outlook when ...)
NOT-FOR-US: Microsoft
-CVE-2019-1198 (An elevation of privilege exists in SyncController.dll, aka 'Microsoft ...)
+CVE-2019-1198 (An elevation of privilege exists in SyncController.dll. An attacker wh ...)
NOT-FOR-US: Microsoft
CVE-2019-1197 (A remote code execution vulnerability exists in the way that the Chakr ...)
NOT-FOR-US: Microsoft
@@ -397347,7 +397435,7 @@ CVE-2019-1185 (An elevation of privilege vulnerability exists due to a stack cor
NOT-FOR-US: Microsoft
CVE-2019-1184 (An elevation of privilege vulnerability exists when Windows Core Shell ...)
NOT-FOR-US: Microsoft
-CVE-2019-1183 (A remote code execution vulnerability exists in the way that the VBScr ...)
+CVE-2019-1183 (This information is being revised to indicate that this CVE (CVE-2019- ...)
NOT-FOR-US: Microsoft
CVE-2019-1182 (A remote code execution vulnerability exists in Remote Desktop Service ...)
NOT-FOR-US: Microsoft
@@ -397655,7 +397743,7 @@ CVE-2019-1032 (A cross-site-scripting (XSS) vulnerability exists when Microsoft
NOT-FOR-US: Microsoft
CVE-2019-1031 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
NOT-FOR-US: Microsoft
-CVE-2019-1030 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
+CVE-2019-1030 (An information disclosure vulnerability exists when Microsoft Edge bas ...)
NOT-FOR-US: Microsoft
CVE-2019-1029 (A denial of service vulnerability exists in Skype for Business, aka 'S ...)
NOT-FOR-US: Skype
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2a6af29ad358ac1cf2e4f27c856972085ffa15a
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2a6af29ad358ac1cf2e4f27c856972085ffa15a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240529/c2dba1bc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list