[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 10 21:12:16 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
500677f5 by security tracker role at 2024-09-10T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,359 @@
+CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...)
+ TODO: check
+CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leading to ...)
+ TODO: check
+CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...)
+ TODO: check
+CVE-2024-8543 (The Slider comparison image before and after plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-8504 (An attacker with authenticated access to VICIdial as an "agent" can ex ...)
+ TODO: check
+CVE-2024-8503 (An unauthenticated attacker can leverage a time-based SQL injection vu ...)
+ TODO: check
+CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
+ TODO: check
+CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in Electron ...)
+ TODO: check
+CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could allow an ...)
+ TODO: check
+CVE-2024-7770 (The Bit File Manager \u2013 100% Free & Open Source File Manager and C ...)
+ TODO: check
+CVE-2024-7699 (An low privileged remote attacker can execute OS commands with root pr ...)
+ TODO: check
+CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens of highe ...)
+ TODO: check
+CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows an loca ...)
+ TODO: check
+CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
+ TODO: check
+CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a symlink in a ...)
+ TODO: check
+CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting D-Tal ...)
+ TODO: check
+CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug in Ni ...)
+ TODO: check
+CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, integrates audi ...)
+ TODO: check
+CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes the hi ...)
+ TODO: check
+CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...)
+ TODO: check
+CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
+ TODO: check
+CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a SAML au ...)
+ TODO: check
+CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight. Clients that ...)
+ TODO: check
+CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
+ TODO: check
+CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR Manager ...)
+ TODO: check
+CVE-2024-45044 (Bareos is open source software for backup, archiving, and recovery of ...)
+ TODO: check
+CVE-2024-45032 (A vulnerability has been identified in Industrial Edge Management Pro ...)
+ TODO: check
+CVE-2024-44893 (An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport ...)
+ TODO: check
+CVE-2024-44872 (A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 ...)
+ TODO: check
+CVE-2024-44871 (An arbitrary file upload vulnerability in the component /admin/index.p ...)
+ TODO: check
+CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read vulnerabil ...)
+ TODO: check
+CVE-2024-44815 (An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physica ...)
+ TODO: check
+CVE-2024-44677 (eladmin v2.7 and before is vulnerable to Server-Side Request Forgery ( ...)
+ TODO: check
+CVE-2024-44676 (eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) wh ...)
+ TODO: check
+CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628 ...)
+ TODO: check
+CVE-2024-44087 (A vulnerability has been identified in Automation License Manager V5 ( ...)
+ TODO: check
+CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted user i ...)
+ TODO: check
+CVE-2024-43799 (Send is a library for streaming files from the file system as a http r ...)
+ TODO: check
+CVE-2024-43796 (Express.js minimalist web framework for node. In express < 4.20.0, pas ...)
+ TODO: check
+CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All versions ...)
+ TODO: check
+CVE-2024-43647 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...)
+ TODO: check
+CVE-2024-43495 (Windows libarchive Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43492 (Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43491 (Microsoft is aware of a vulnerability in Servicing Stack that has roll ...)
+ TODO: check
+CVE-2024-43487 (Windows Mark of the Web Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-43482 (Microsoft Outlook for iOS Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-43479 (Microsoft Power Automate Desktop Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43476 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2024-43475 (Microsoft Windows Admin Center Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-43474 (Microsoft SQL Server Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-43470 (Azure Network Watcher VM Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43469 (Azure CycleCloud Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43467 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-43466 (Microsoft SharePoint Server Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43465 (Microsoft Excel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43464 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43463 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43461 (Windows MSHTML Platform Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43458 (Windows Networking Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-43457 (Windows Setup and Deployment Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43455 (Windows Remote Desktop Licensing Service Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43454 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-43393 (A low privileged remote attacker can perform configuration changes of ...)
+ TODO: check
+CVE-2024-43392 (A low privileged remote attacker can perform configuration changes of ...)
+ TODO: check
+CVE-2024-43391 (A low privileged remote attacker can perform configuration changes of ...)
+ TODO: check
+CVE-2024-43390 (A low privileged remote attacker can perform configuration changes of ...)
+ TODO: check
+CVE-2024-43389 (A low privileged remote attacker can perform configuration changes of ...)
+ TODO: check
+CVE-2024-43388 (A low privileged remote attacker with write permissions can reconfigur ...)
+ TODO: check
+CVE-2024-43387 (A low privileged remote attacker can read and write files as root due ...)
+ TODO: check
+CVE-2024-43386 (A low privileged remote attacker can trigger the execution of arbitrar ...)
+ TODO: check
+CVE-2024-43385 (A low privileged remote attacker can trigger theexecution of arbitrary ...)
+ TODO: check
+CVE-2024-43040 (Renwoxing Enterprise Intelligent Management System before v3.0 was dis ...)
+ TODO: check
+CVE-2024-42425 (Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains ...)
+ TODO: check
+CVE-2024-42423 (Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains ...)
+ TODO: check
+CVE-2024-42345 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2024-42344 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
+ TODO: check
+CVE-2024-41171 (A vulnerability has been identified in SINUMERIK 828D V4 (All versions ...)
+ TODO: check
+CVE-2024-41170 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-40754 (Heap-based Buffer Overflow vulnerability in Samsung Open Source Escarg ...)
+ TODO: check
+CVE-2024-39583 (Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of ...)
+ TODO: check
+CVE-2024-39582 (Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Cr ...)
+ TODO: check
+CVE-2024-39581 (Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File o ...)
+ TODO: check
+CVE-2024-39580 (Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Impro ...)
+ TODO: check
+CVE-2024-39574 (Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege ...)
+ TODO: check
+CVE-2024-38263 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-38260 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-38259 (Microsoft Management Console Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38258 (Windows Remote Desktop Licensing Service Information Disclosure Vulner ...)
+ TODO: check
+CVE-2024-38257 (Microsoft AllJoyn API Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38256 (Windows Kernel-Mode Driver Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38254 (Windows Authentication Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-38253 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38252 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38250 (Windows Graphics Component Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38249 (Windows Graphics Component Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38248 (Windows Storage Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38247 (Windows Graphics Component Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38246 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38245 (Kernel Streaming Service Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38244 (Kernel Streaming Service Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38243 (Kernel Streaming Service Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38242 (Kernel Streaming Service Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38241 (Kernel Streaming Service Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38240 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ TODO: check
+CVE-2024-38239 (Windows Kerberos Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38238 (Kernel Streaming Service Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38237 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2024-38236 (DHCP Server Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38235 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38234 (Windows Networking Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38233 (Windows Networking Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38232 (Windows Networking Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-38231 (Windows Remote Desktop Licensing Service Denial of Service Vulnerabili ...)
+ TODO: check
+CVE-2024-38230 (Windows Standards-Based Storage Management Service Denial of Service V ...)
+ TODO: check
+CVE-2024-38228 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38227 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38226 (Microsoft Publisher Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38225 (Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnera ...)
+ TODO: check
+CVE-2024-38220 (Azure Stack Hub Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38217 (Windows Mark of the Web Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-38216 (Azure Stack Hub Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38194 (An authenticated attacker can exploit an improper authorization vulner ...)
+ TODO: check
+CVE-2024-38188 (Azure Network Watcher VM Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38119 (Windows Network Address Translation (NAT) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2024-38046 (PowerShell Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-38045 (Windows TCP/IP Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38018 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38014 (Windows Installer Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-37995 (A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6G ...)
+ TODO: check
+CVE-2024-37994 (A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6G ...)
+ TODO: check
+CVE-2024-37993 (A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6G ...)
+ TODO: check
+CVE-2024-37992 (A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6G ...)
+ TODO: check
+CVE-2024-37991 (A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6G ...)
+ TODO: check
+CVE-2024-37990 (A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6G ...)
+ TODO: check
+CVE-2024-37980 (Microsoft SQL Server Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-37966 (Microsoft SQL Server Native Scoring Information Disclosure Vulnerabili ...)
+ TODO: check
+CVE-2024-37965 (Microsoft SQL Server Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-37728 (Arbitrary File Read vulnerability in Xi'an Daxi Information Technology ...)
+ TODO: check
+CVE-2024-37342 (Microsoft SQL Server Native Scoring Information Disclosure Vulnerabili ...)
+ TODO: check
+CVE-2024-37341 (Microsoft SQL Server Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-37340 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2024-37339 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2024-37338 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2024-37337 (Microsoft SQL Server Native Scoring Information Disclosure Vulnerabili ...)
+ TODO: check
+CVE-2024-37335 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2024-36511 (An improperly implemented security check for standard vulnerability [C ...)
+ TODO: check
+CVE-2024-35783 (A vulnerability has been identified in SIMATIC BATCH V9.1 (All version ...)
+ TODO: check
+CVE-2024-35282 (A cleartext storage of sensitive information in memory vulnerability [ ...)
+ TODO: check
+CVE-2024-34831 (cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allow ...)
+ TODO: check
+CVE-2024-33698 (A vulnerability has been identified in SIMATIC Information Server 2022 ...)
+ TODO: check
+CVE-2024-33508 (An improper neutralization of special elements used in a command('Comm ...)
+ TODO: check
+CVE-2024-32006 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
+ TODO: check
+CVE-2024-31960 (An issue was discovered in Samsung Mobile Processor Exynos 1480, Exyno ...)
+ TODO: check
+CVE-2024-31490 (An exposure of sensitive information to an unauthorized actor in Forti ...)
+ TODO: check
+CVE-2024-31489 (AAn improper certificate validation vulnerability [CWE-295] in FortiCl ...)
+ TODO: check
+CVE-2024-30073 (Windows Security Zone Mapping Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-27257 (IBM OpenPages 8.3 and 9.0 potentially exposes information about client ...)
+ TODO: check
+CVE-2024-26191 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2024-26186 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2024-25074 (An issue was discovered in Samsung Semiconductor Mobile Processor, Aut ...)
+ TODO: check
+CVE-2024-25073 (An issue was discovered in Samsung Semiconductor Mobile Processor, Aut ...)
+ TODO: check
+CVE-2024-21753 (A improper limitation of a pathname to a restricted directory ('path t ...)
+ TODO: check
+CVE-2024-21416 (Windows TCP/IP Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-6841 (A denial of service vulnerability was found in keycloak where the amou ...)
+ TODO: check
+CVE-2023-49069 (A vulnerability has been identified in Mendix Runtime V10 (All version ...)
+ TODO: check
+CVE-2023-44254 (An authorization bypass through user-controlled key[CWE-639] vulnerabi ...)
+ TODO: check
+CVE-2023-37234 (Loftware Spectrum through 4.6 has unprotected JMX Registry.)
+ TODO: check
+CVE-2023-37233 (Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.)
+ TODO: check
+CVE-2023-37232 (Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to ...)
+ TODO: check
+CVE-2023-37231 (Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.)
+ TODO: check
+CVE-2023-37230 (Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.)
+ TODO: check
+CVE-2023-37229 (Loftware Spectrum before 5.1 allows SSRF.)
+ TODO: check
+CVE-2023-37227 (Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.)
+ TODO: check
+CVE-2023-37226 (Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Cri ...)
+ TODO: check
+CVE-2023-36103 (Command Injection vulnerability in goform/SetIPTVCfg interface of Tend ...)
+ TODO: check
+CVE-2023-2919 (The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
CVE-2024-8611 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2024-8610 (A vulnerability classified as problematic has been found in SourceCode ...)
@@ -346,7 +702,7 @@ CVE-2024-44839 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulner
NOT-FOR-US: RapidCMS
CVE-2024-44838 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...)
NOT-FOR-US: RapidCMS
-CVE-2024-8443
+CVE-2024-8443 (A heap-based buffer overflow vulnerability was found in the libopensc ...)
- opensc <unfixed>
[bookworm] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310494
@@ -3050,7 +3406,7 @@ CVE-2024-43790 (Vim is an open source command line text editor. When performing
NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm
NOTE: https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc (v9.1.0689)
-CVE-2024-43477 (Improper access control in Decentralized Identity Services allows an u ...)
+CVE-2024-43477 (Improper access control in Decentralized Identity Services resulted in ...)
NOT-FOR-US: Microsoft
CVE-2024-43105 (Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict con ...)
NOT-FOR-US: Mattermost plugin
@@ -5289,13 +5645,13 @@ CVE-2024-43374 (The UNIX editor Vim prior to version 9.1.0678 has a use-after-fr
NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/vim/vim/security/GHSA-2w8m-443v-cgvw
NOTE: https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 (v9.1.0678)
-CVE-2024-23185
+CVE-2024-23185 (Very large headers can cause resource exhaustion when parsing message. ...)
{DSA-5752-1 DLA-3860-1}
- dovecot 1:2.3.21.1+dfsg1-1 (bug #1078877)
NOTE: https://www.openwall.com/lists/oss-security/2024/08/15/4
NOTE: Fixed by: https://github.com/dovecot/core/commit/f020e139c519121d9630a966310ea8e100ee33b7 (2.3.21.1)
NOTE: Fixed by: https://github.com/dovecot/core/commit/ce88c33abc37e408592eff70aeefa28f803effb9 (2.3.21.1)
-CVE-2024-23184
+CVE-2024-23184 (Having a large number of address headers (From, To, Cc, Bcc, etc.) bec ...)
{DSA-5752-1 DLA-3860-1}
- dovecot 1:2.3.21.1+dfsg1-1 (bug #1078876)
[buster] - dovecot <not-affected> (Vulnerable code not present)
@@ -32421,7 +32777,7 @@ CVE-2023-50180 (An exposure of sensitive system information to an unauthorized c
NOT-FOR-US: ForiGuard
CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...)
NOT-FOR-US: FortiGuard
-CVE-2023-46280 (A vulnerability has been identified in SINEC NMS (All versions < V3.0) ...)
+CVE-2023-46280 (A vulnerability has been identified in S7-PCT (All versions), Security ...)
NOT-FOR-US: Siemens
CVE-2023-45586 (An insufficient verification of data authenticity vulnerability [CWE-3 ...)
NOT-FOR-US: FortiGuard
@@ -60528,9 +60884,9 @@ CVE-2023-49125 (A vulnerability has been identified in Parasolid V35.0 (All vers
NOT-FOR-US: Siemens
CVE-2023-48432 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...)
NOT-FOR-US: Zimbra
-CVE-2023-48364 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), ...)
+CVE-2023-48364 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2023-48363 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), ...)
+CVE-2023-48363 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < ...)
NOT-FOR-US: Siemens
CVE-2023-45207 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...)
NOT-FOR-US: Zimbra
@@ -82295,7 +82651,7 @@ CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph rout
CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With it, a T ...)
NOT-FOR-US: XXL-RPC
CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...)
- {DSA-5610-1 DLA-3627-1}
+ {DSA-5610-1 DLA-3885-1 DLA-3627-1}
- redis 5:7.0.14-1 (bug #1054225)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx
NOTE: https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 (unstable)
@@ -84561,7 +84917,7 @@ CVE-2023-45303 (ThingsBoard before 3.5 allows Server-Side Template Injection if
NOT-FOR-US: ThingsBoard
CVE-2023-45282 (In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can o ...)
NOT-FOR-US: NASA Open MCT (aka openmct)
-CVE-2023-45246 (Sensitive information disclosure and manipulation due to improper auth ...)
+CVE-2023-45246 (Sensitive information disclosure and manipulation due to missing autho ...)
NOT-FOR-US: Acronis
CVE-2023-45245 (Sensitive information disclosure due to missing authorization. The fol ...)
NOT-FOR-US: Acronis
@@ -106270,10 +106626,10 @@ CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) co
NOTE: https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks
CVE-2023-30757 (A vulnerability has been identified in Totally Integrated Automation P ...)
NOT-FOR-US: Siemens
-CVE-2023-30756
- RESERVED
-CVE-2023-30755
- RESERVED
+CVE-2023-30756 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...)
+ TODO: check
+CVE-2023-30755 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...)
+ TODO: check
CVE-2023-30754 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chu ...)
@@ -111995,7 +112351,7 @@ CVE-2023-1626 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It
CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on solution for ...)
NOT-FOR-US: Apereo CAS
CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...)
- {DLA-3396-1}
+ {DLA-3885-1 DLA-3396-1}
- redis 5:7.0.11-1 (bug #1034613)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
NOTE: https://github.com/redis/redis/commit/1c1bd618c95e26a8ff5c12e70cbf0117233ef073 (7.0.11)
@@ -112076,8 +112432,8 @@ CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V
NOT-FOR-US: Siemens
CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
NOT-FOR-US: Siemens
-CVE-2023-28827
- RESERVED
+CVE-2023-28827 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...)
+ TODO: check
CVE-2023-28379 (A memory corruption vulnerability exists in the HTTP Server form bound ...)
NOT-FOR-US: Weston Embedded uC-HTTP
CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the vpnserver Wpc ...)
@@ -123555,6 +123911,7 @@ CVE-2023-25157 (GeoServer is an open source software server written in Java that
CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-25155 (Redis is an in-memory database that persists on disk. Authenticated us ...)
+ {DLA-3885-1}
- redis 5:7.0.9-1 (bug #1032279)
[buster] - redis <postponed> (Minor issue, DoS)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83
@@ -141352,8 +141709,8 @@ CVE-2022-45858 (A use of a weak cryptographic algorithm vulnerability [CWE-327]
NOT-FOR-US: FortiGuard
CVE-2022-45857 (An incorrect user management vulnerability [CWE-286] in the FortiManag ...)
NOT-FOR-US: Fortinet
-CVE-2022-45856
- RESERVED
+CVE-2022-45856 (An improper certificate validation vulnerability [CWE-295] in FortiCli ...)
+ TODO: check
CVE-2022-45855 (SpringEL injection in the metrics source in Apache Ambari version 2.7. ...)
NOT-FOR-US: Apache Ambari
CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...)
@@ -153126,7 +153483,7 @@ CVE-2022-42786 (Multiple W&T Products of the ComServer Series are prone to an XS
NOT-FOR-US: Wiesemann & Theis GmbH products
CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an authenti ...)
NOT-FOR-US: Wiesemann & Theis GmbH products
-CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (All versions >= ...)
+CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
NOT-FOR-US: Siemens
CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb prior to ...)
- rdiffweb <itp> (bug #969974)
@@ -170517,11 +170874,11 @@ CVE-2022-2507 (In affected versions of Octopus Deploy it is possible to render u
NOT-FOR-US: Octopus Deploy
CVE-2022-2506
RESERVED
-CVE-2022-36363 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...)
+CVE-2022-36363 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
NOT-FOR-US: LOGO!
-CVE-2022-36362 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...)
+CVE-2022-36362 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
NOT-FOR-US: LOGO!
-CVE-2022-36361 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...)
+CVE-2022-36361 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
NOT-FOR-US: LOGO!
CVE-2022-36360 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: LOGO!
@@ -171514,7 +171871,7 @@ CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distribut
CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training deep lea ...)
NOT-FOR-US: Deeplearning4J
CVE-2022-36021 (Redis is an in-memory database that persists on disk. Authenticated us ...)
- {DLA-3361-1}
+ {DLA-3885-1 DLA-3361-1}
- redis 5:7.0.9-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
NOTE: https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
@@ -188161,7 +188518,7 @@ CVE-2022-30161 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code
NOT-FOR-US: Microsoft
CVE-2022-30160 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
NOT-FOR-US: Microsoft
-CVE-2022-30159 (Microsoft Office Information Disclosure Vulnerability. This CVE ID is ...)
+CVE-2022-30159 (Microsoft Office Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30158 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -188205,7 +188562,7 @@ CVE-2022-30139 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code
NOT-FOR-US: Microsoft
CVE-2022-30138 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-30137 (<p><strong>Executive Summary</strong></p> <p>An Elevation of Privilege ...)
+CVE-2022-30137 (Executive Summary An Elevation of Privilege (EOP) vulnerability has be ...)
NOT-FOR-US: Microsoft
CVE-2022-30136 (Windows Network File System Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -191230,7 +191587,7 @@ CVE-2022-29151 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulne
NOT-FOR-US: Microsoft
CVE-2022-29150 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-29149 (Azure Open Management Infrastructure (OMI) Elevation of Privilege Vuln ...)
+CVE-2022-29149 (Open Management Infrastructure (OMI) Elevation of Privilege Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2022-29148 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -203870,7 +204227,7 @@ CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogi
CVE-2022-24835
RESERVED
CVE-2022-24834 (Redis is an in-memory database that persists on disk. A specially craf ...)
- {DSA-5610-1}
+ {DSA-5610-1 DLA-3885-1}
- redis 5:7.0.12-1
[buster] - redis <no-dsa> (Minor issue)
NOTE: https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES
@@ -304703,7 +305060,7 @@ CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration C
NOT-FOR-US: Siemens
CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...)
NOT-FOR-US: Siemens
-CVE-2020-25236 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...)
+CVE-2020-25236 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
NOT-FOR-US: Siemens
CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
@@ -322552,7 +322909,7 @@ CVE-2020-17051 (Windows Network File System Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2020-17050
RESERVED
-CVE-2020-17049 (<p>A security feature bypass vulnerability exists in the way Key Distr ...)
+CVE-2020-17049 (A security feature bypass vulnerability exists in the way Key Distribu ...)
NOT-FOR-US: Microsoft
CVE-2020-17048 (Chakra Scripting Engine Memory Corruption Vulnerability)
NOT-FOR-US: Microsoft
@@ -381417,19 +381774,19 @@ CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS.
NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2012-6713 (The job-manager plugin before 0.7.19 for WordPress has multiple XSS is ...)
NOT-FOR-US: job-manager plugin for WordPress
-CVE-2019-14931 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+CVE-2019-14931 (An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devi ...)
NOT-FOR-US: Mitsubishi Electric ME-RTU devices
-CVE-2019-14930 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+CVE-2019-14930 (An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devi ...)
NOT-FOR-US: Mitsubishi Electric ME-RTU devices
-CVE-2019-14929 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+CVE-2019-14929 (An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devi ...)
NOT-FOR-US: Mitsubishi Electric ME-RTU devices
-CVE-2019-14928 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+CVE-2019-14928 (An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devi ...)
NOT-FOR-US: Mitsubishi Electric ME-RTU devices
-CVE-2019-14927 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+CVE-2019-14927 (An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devi ...)
NOT-FOR-US: Mitsubishi Electric ME-RTU devices
-CVE-2019-14926 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+CVE-2019-14926 (An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devi ...)
NOT-FOR-US: Mitsubishi Electric ME-RTU devices
-CVE-2019-14925 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...)
+CVE-2019-14925 (An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devi ...)
NOT-FOR-US: Mitsubishi Electric ME-RTU devices
CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The method moveI ...)
NOT-FOR-US: GCDWebServer
@@ -394500,7 +394857,7 @@ CVE-2019-10925 (A vulnerability has been identified in SIMATIC MV400 family (All
NOT-FOR-US: Siemens
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
NOT-FOR-US: Siemens
-CVE-2019-10923 (A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP ...)
+CVE-2019-10923 (An attacker with network access to an affected product may cause a den ...)
NOT-FOR-US: Siemens
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
@@ -434935,9 +435292,9 @@ CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils befo
- elfutils 0.175-1 (bug #907562)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
-CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...)
+CVE-2018-16061 (Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the use ...)
NOT-FOR-US: Mitsubishi
-CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to obtain ...)
+CVE-2018-16060 (Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attacker ...)
NOT-FOR-US: Mitsubishi
CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...)
NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500677f5baf6f7252e55a12ee817f41dd3640073
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500677f5baf6f7252e55a12ee817f41dd3640073
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240910/107089ce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list