[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 1 08:12:12 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ee2b4d50 by security tracker role at 2025-01-01T08:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,360 @@
-CVE-2023-6603 [Null Pointer Dereference in FFmpeg HLS Parsing]
+CVE-2024-56803 (Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by ...)
+ TODO: check
+CVE-2024-56802 (Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 ...)
+ TODO: check
+CVE-2024-56265 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56256 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56235 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56234 (Missing Authorization vulnerability in VW THEMES VW Automobile Lite al ...)
+ TODO: check
+CVE-2024-56233 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56232 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP ...)
+ TODO: check
+CVE-2024-56231 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56230 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-56229 (Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.T ...)
+ TODO: check
+CVE-2024-56228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56227 (Missing Authorization vulnerability in WP Royal Royal Elementor Addons ...)
+ TODO: check
+CVE-2024-56226 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56225 (Missing Authorization vulnerability in Leap13 Premium Addons for Eleme ...)
+ TODO: check
+CVE-2024-56224 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56223 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56222 (Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard H ...)
+ TODO: check
+CVE-2024-56221 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56220 (Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wirel ...)
+ TODO: check
+CVE-2024-56219 (Missing Authorization vulnerability in MarketingFire Widget Options al ...)
+ TODO: check
+CVE-2024-56218 (Cross-Site Request Forgery (CSRF) vulnerability in AuRise Creative, Se ...)
+ TODO: check
+CVE-2024-56217 (Missing Authorization vulnerability in W3 Eden, Inc. Download Manager ...)
+ TODO: check
+CVE-2024-56216 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-56215 (Missing Authorization vulnerability in Stephen Sherrard Member Directo ...)
+ TODO: check
+CVE-2024-56214 (Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allo ...)
+ TODO: check
+CVE-2024-56213 (Path Traversal: '.../...//' vulnerability in Themewinter Eventin allow ...)
+ TODO: check
+CVE-2024-56212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-56211 (Missing Authorization vulnerability in DeluxeThemes Userpro.This issue ...)
+ TODO: check
+CVE-2024-56210 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56209 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56207 (Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard Dev Te ...)
+ TODO: check
+CVE-2024-56206 (Cross-Site Request Forgery (CSRF) vulnerability in Amarjeet Amar allow ...)
+ TODO: check
+CVE-2024-56205 (Incorrect Privilege Assignment vulnerability in AI Magic allows Privil ...)
+ TODO: check
+CVE-2024-56204 (Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of ...)
+ TODO: check
+CVE-2024-56203 (Cross-Site Request Forgery (CSRF) vulnerability in George Holmes II Wa ...)
+ TODO: check
+CVE-2024-56198 (path-sanitizer is a simple lightweight npm package for sanitizing path ...)
+ TODO: check
+CVE-2024-56071 (Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simpl ...)
+ TODO: check
+CVE-2024-56070 (Missing Authorization vulnerability in Azzaroco WP SuperBackup allows ...)
+ TODO: check
+CVE-2024-56068 (Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBa ...)
+ TODO: check
+CVE-2024-56067 (Missing Authorization vulnerability in Azzaroco WP SuperBackup allows ...)
+ TODO: check
+CVE-2024-56066 (Missing Authorization vulnerability in Inspry Agency Toolkit allows Pr ...)
+ TODO: check
+CVE-2024-56064 (Unrestricted Upload of File with Dangerous Type vulnerability in Azzar ...)
+ TODO: check
+CVE-2024-56063 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56062 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56061 (Missing Authorization vulnerability in Webful Creations Computer Repai ...)
+ TODO: check
+CVE-2024-56046 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
+ TODO: check
+CVE-2024-56045 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows P ...)
+ TODO: check
+CVE-2024-56044 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-56043 (Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allow ...)
+ TODO: check
+CVE-2024-56042 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-56041 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-56040 (Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP allo ...)
+ TODO: check
+CVE-2024-56039 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-56031 (Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shop ...)
+ TODO: check
+CVE-2024-56021 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56020 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56002 (Missing Authorization vulnerability in Porthas Inc. Contact Form, Surv ...)
+ TODO: check
+CVE-2024-55995 (Missing Authorization vulnerability in Torod Holding LTD Torod allows ...)
+ TODO: check
+CVE-2024-55991 (Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exp ...)
+ TODO: check
+CVE-2024-55955 (An incorrect permissions assignment vulnerability in Trend Micro Deep ...)
+ TODO: check
+CVE-2024-55917 (An origin validation error vulnerability in Trend Micro Apex One could ...)
+ TODO: check
+CVE-2024-55632 (A security agent link following vulnerability in Trend Micro Apex One ...)
+ TODO: check
+CVE-2024-55631 (An engine link following vulnerability in Trend Micro Apex One could a ...)
+ TODO: check
+CVE-2024-53647 (Trend Micro ID Security, version 3.0 and below contains a vulnerabilit ...)
+ TODO: check
+CVE-2024-52050 (A LogServer arbitrary file creation vulnerability in Trend Micro Apex ...)
+ TODO: check
+CVE-2024-52049 (A LogServer link following vulnerability in Trend Micro Apex One could ...)
+ TODO: check
+CVE-2024-52048 (A LogServer link following vulnerability in Trend Micro Apex One could ...)
+ TODO: check
+CVE-2024-52047 (A widget local file inclusion vulnerability in Trend Micro Apex One co ...)
+ TODO: check
+CVE-2024-51667 (Missing Authorization vulnerability in David de Boer Paytium.This issu ...)
+ TODO: check
+CVE-2024-49698 (Missing Authorization vulnerability in PriceListo Best Restaurant Menu ...)
+ TODO: check
+CVE-2024-49694 (Missing Authorization vulnerability in imw3 My Wp Brand \u2013 Hide me ...)
+ TODO: check
+CVE-2024-49687 (Missing Authorization vulnerability in StoreApps Smart Manager.This is ...)
+ TODO: check
+CVE-2024-49686 (Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.Th ...)
+ TODO: check
+CVE-2024-49422 (Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Relea ...)
+ TODO: check
+CVE-2024-25133 (A flaw was found in the Hive ClusterDeployments resource in OpenShift ...)
+ TODO: check
+CVE-2024-23438
+ REJECTED
+CVE-2024-23437
+ REJECTED
+CVE-2024-23436
+ REJECTED
+CVE-2024-23435
+ REJECTED
+CVE-2024-23434
+ REJECTED
+CVE-2024-23433
+ REJECTED
+CVE-2024-23432
+ REJECTED
+CVE-2024-23431
+ REJECTED
+CVE-2024-23430
+ REJECTED
+CVE-2024-23429
+ REJECTED
+CVE-2024-23428
+ REJECTED
+CVE-2024-23427
+ REJECTED
+CVE-2024-23426
+ REJECTED
+CVE-2024-23425
+ REJECTED
+CVE-2024-23424
+ REJECTED
+CVE-2024-23423
+ REJECTED
+CVE-2024-23422
+ REJECTED
+CVE-2024-23421
+ REJECTED
+CVE-2024-23420
+ REJECTED
+CVE-2024-23419
+ REJECTED
+CVE-2024-23418
+ REJECTED
+CVE-2024-23417
+ REJECTED
+CVE-2024-23416
+ REJECTED
+CVE-2024-23415
+ REJECTED
+CVE-2024-23414
+ REJECTED
+CVE-2024-23413
+ REJECTED
+CVE-2024-23412
+ REJECTED
+CVE-2024-23411
+ REJECTED
+CVE-2024-23410
+ REJECTED
+CVE-2024-23409
+ REJECTED
+CVE-2024-23408
+ REJECTED
+CVE-2024-23407
+ REJECTED
+CVE-2024-23406
+ REJECTED
+CVE-2024-23405
+ REJECTED
+CVE-2024-23404
+ REJECTED
+CVE-2024-23403
+ REJECTED
+CVE-2024-23402
+ REJECTED
+CVE-2024-23401
+ REJECTED
+CVE-2024-23400
+ REJECTED
+CVE-2024-23399
+ REJECTED
+CVE-2024-23398
+ REJECTED
+CVE-2024-23397
+ REJECTED
+CVE-2024-23396
+ REJECTED
+CVE-2024-23395
+ REJECTED
+CVE-2024-23394
+ REJECTED
+CVE-2024-23393
+ REJECTED
+CVE-2024-23392
+ REJECTED
+CVE-2024-23391
+ REJECTED
+CVE-2024-23390
+ REJECTED
+CVE-2024-23389
+ REJECTED
+CVE-2024-21721
+ REJECTED
+CVE-2024-21720
+ REJECTED
+CVE-2024-21719
+ REJECTED
+CVE-2024-21718
+ REJECTED
+CVE-2024-21717
+ REJECTED
+CVE-2024-21716
+ REJECTED
+CVE-2024-21715
+ REJECTED
+CVE-2024-21714
+ REJECTED
+CVE-2024-21713
+ REJECTED
+CVE-2024-21712
+ REJECTED
+CVE-2024-21711
+ REJECTED
+CVE-2024-21710
+ REJECTED
+CVE-2024-21709
+ REJECTED
+CVE-2024-21708
+ REJECTED
+CVE-2024-21705
+ REJECTED
+CVE-2024-21704
+ REJECTED
+CVE-2024-21702
+ REJECTED
+CVE-2024-21701
+ REJECTED
+CVE-2024-21696
+ REJECTED
+CVE-2024-21695
+ REJECTED
+CVE-2024-21694
+ REJECTED
+CVE-2024-21693
+ REJECTED
+CVE-2024-21692
+ REJECTED
+CVE-2024-21691
+ REJECTED
+CVE-2024-21688
+ REJECTED
+CVE-2024-21679
+ REJECTED
+CVE-2024-21675
+ REJECTED
+CVE-2024-13085 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2024-13084 (A vulnerability classified as critical was found in PHPGurukul Land Re ...)
+ TODO: check
+CVE-2024-13083 (A vulnerability classified as problematic has been found in PHPGurukul ...)
+ TODO: check
+CVE-2024-13082 (A vulnerability was found in PHPGurukul Land Record System 1.0. It has ...)
+ TODO: check
+CVE-2024-13081 (A vulnerability was found in PHPGurukul Land Record System 1.0. It has ...)
+ TODO: check
+CVE-2024-13080 (A vulnerability was found in PHPGurukul Land Record System 1.0. It has ...)
+ TODO: check
+CVE-2024-13079 (A vulnerability was found in PHPGurukul Land Record System 1.0 and cla ...)
+ TODO: check
+CVE-2024-13078 (A vulnerability has been found in PHPGurukul Land Record System 1.0 an ...)
+ TODO: check
+CVE-2024-13077 (A vulnerability, which was classified as problematic, was found in PHP ...)
+ TODO: check
+CVE-2024-13076 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-13075 (A vulnerability classified as problematic was found in PHPGurukul Land ...)
+ TODO: check
+CVE-2024-13074 (A vulnerability classified as problematic has been found in PHPGurukul ...)
+ TODO: check
+CVE-2024-13072 (A vulnerability was found in 1000 Projects Beauty Parlour Management S ...)
+ TODO: check
+CVE-2024-13070 (A vulnerability was found in CodeAstro Online Food Ordering System 1.0 ...)
+ TODO: check
+CVE-2024-13069 (A vulnerability was found in SourceCodester Multi Role Login System 1. ...)
+ TODO: check
+CVE-2024-13067 (A vulnerability was found in CodeAstro Online Food Ordering System 1.0 ...)
+ TODO: check
+CVE-2024-13061 (The Electronic Official Document Management System from 2100 Technolog ...)
+ TODO: check
+CVE-2024-12108 (In WhatsUp Gold versions released before 2024.0.2, an attacker can gai ...)
+ TODO: check
+CVE-2024-12106 (In WhatsUp Gold versions released before 2024.0.2, an unauthenticated ...)
+ TODO: check
+CVE-2024-12105 (In WhatsUp Gold versions released before 2024.0.2, an authenticated us ...)
+ TODO: check
+CVE-2024-11846 (The does not sanitise and escape a parameter before outputting it bac ...)
+ TODO: check
+CVE-2023-50850 (Missing Authorization vulnerability in Woo WooCommerce Subscriptions a ...)
+ TODO: check
+CVE-2023-48775 (Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exp ...)
+ TODO: check
+CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability ...)
- ffmpeg <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334335
TODO: check upstream status
-CVE-2023-6602 [Improper Handling of Input Format in TTY Demuxer of FFmpeg]
+CVE-2023-6602 (A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows po ...)
- ffmpeg <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334338
TODO: check upstream status
@@ -6695,6 +7047,7 @@ CVE-2024-53908 (An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5
NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5 (4.2.17)
CVE-2024-53907 (An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...)
+ {DLA-4006-1}
- python-django 3:4.2.17-1
NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b (4.2.17)
@@ -9434,6 +9787,7 @@ CVE-2024-52998 (Substance3D - Stager versions 3.0.2 and earlier are affected by
CVE-2024-52814 (Argo Helm is a collection of community maintained charts for `argoproj ...)
NOT-FOR-US: Argo Helm
CVE-2024-52804 (Tornado is a Python web framework and asynchronous networking library. ...)
+ {DLA-4007-1}
- python-tornado 6.4.2-1 (bug #1088112)
[bookworm] - python-tornado <no-dsa> (will be fixed via point release)
NOTE: https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c
@@ -57155,7 +57509,8 @@ CVE-2024-2119 (The LuckyWP Table of Contents plugin for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
+CVE-2024-21683
+ REJECTED
NOT-FOR-US: Atlassian
CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
NOT-FOR-US: WordPress plugin
@@ -98001,7 +98356,7 @@ CVE-2024-20663 (Windows Message Queuing Client (MSMQC) Information Disclosure)
NOT-FOR-US: Microsoft
CVE-2024-20662 (Windows Online Certificate Status Protocol (OCSP) Information Disclosu ...)
NOT-FOR-US: Microsoft
-CVE-2024-20661 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2024-20661 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-20660 (Microsoft Message Queuing Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
@@ -103390,7 +103745,7 @@ CVE-2023-36004 (Windows DPAPI (Data Protection Application Programming Interface
NOT-FOR-US: Microsoft
CVE-2023-36003 (XAML Diagnostics Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-35644 (Windows Sysmain Service Elevation of Privilege)
+CVE-2023-35644 (Windows Sysmain Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-35643 (DHCP Server Service Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
@@ -107980,7 +108335,7 @@ CVE-2023-38543 (A vulnerability exists on all versions of the Ivanti Secure Acce
NOT-FOR-US: Ivanti
CVE-2023-38043 (A vulnerability exists on all versions of the Ivanti Secure Access Cli ...)
NOT-FOR-US: Ivanti
-CVE-2023-36558 (ASP.NET Core - Security Feature Bypass Vulnerability)
+CVE-2023-36558 (ASP.NET Core Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36437 (Azure DevOps Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -123680,7 +124035,7 @@ CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All vers
NOT-FOR-US: Siemens
CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...)
NOT-FOR-US: Siemens
-CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-38254 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -123702,13 +124057,13 @@ CVE-2023-38176 (Azure Arc-Enabled Servers Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38175 (Microsoft Windows Defender Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-38172 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38169 (Microsoft SQL OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege Vulnerabili ...)
+CVE-2023-38167 (Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnera ...)
NOT-FOR-US: Microsoft
CVE-2023-38154 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -123742,13 +124097,13 @@ CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature B
NOT-FOR-US: Microsoft
CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36912 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-36912 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36911 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36910 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36909 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-36909 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36908 (Windows Hyper-V Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
@@ -123858,9 +124213,9 @@ CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng) Elevati
NOT-FOR-US: Microsoft
CVE-2023-35378 (Windows Projected File System Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-35377 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-35376 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -127788,9 +128143,9 @@ CVE-2023-32047 (Paint 3D Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-32046 (Windows MSHTML Platform Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-32045 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-32045 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-32044 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-32044 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-32043 (Windows Remote Desktop Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
@@ -130809,7 +131164,7 @@ CVE-2023-33131 (Microsoft Outlook Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-33130 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-33129 (Microsoft SharePoint Denial of Service Vulnerability)
+CVE-2023-33129 (Microsoft SharePoint Server Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-33128 (.NET and Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -132943,6 +133298,7 @@ CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for W
CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.12598. ...)
NOT-FOR-US: M-Files
CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...)
+ {DLA-4007-1}
- python-tornado 6.3.2-1 (bug #1036875)
[bookworm] - python-tornado <no-dsa> (Minor issue)
[buster] - python-tornado <no-dsa> (Minor issue)
@@ -144460,7 +144816,7 @@ CVE-2023-28304 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28303 (Windows Snipping Tool Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-28302 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-28302 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28301 (Microsoft Edge (Chromium-based) Tampering Vulnerability)
NOT-FOR-US: Microsoft
@@ -166865,7 +167221,7 @@ CVE-2023-21771 (Windows Local Session Manager (LSM) Elevation of Privilege Vulne
NOT-FOR-US: Microsoft
CVE-2023-21770
RESERVED
-CVE-2023-21769 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-21769 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21768 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
NOT-FOR-US: Microsoft
@@ -167049,7 +167405,7 @@ CVE-2023-21717 (Microsoft SharePoint Server Elevation of Privilege Vulnerability
NOT-FOR-US: Microsoft
CVE-2023-21716 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-21715 (Microsoft Publisher Security Features Bypass Vulnerability)
+CVE-2023-21715 (Microsoft Publisher Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21714 (Microsoft Office Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee2b4d50fd6e6a616346741e00b08125d2cda506
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee2b4d50fd6e6a616346741e00b08125d2cda506
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250101/e79ddd43/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list