Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 11d3ebd8 by Salvatore Bonaccorso at 2024-03-12T21:25:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,11 @@ CVE-2024-2394 (A vulnerability was found in SourceCodester Employee Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Employee Management System CVE-2024-2393 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) - TODO: check + NOT-FOR-US: SourceCodester CRUD without Page Reload CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as problem ...) - TODO: check + NOT-FOR-US: EVE-NG CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 affecting fi ...) - TODO: check + NOT-FOR-US: Korenix JetI/O 6550 CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored Cross-S ...) TODO: check CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium E ...) @@ -13,197 +13,197 @@ CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Prem CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) TODO: check CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entr ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitI ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-28340 (An information leak in the currentsetting.htm component of Netgear CBR ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-28339 (An information leak in the debuginfo.htm component of Netgear CBR40 2. ...) - TODO: check + NOT-FOR-US: Netgear CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attacke ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built with PHP. ...) - TODO: check + NOT-FOR-US: FreeScout CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both Rails a ...) TODO: check CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a Server Si ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering Manager < ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28112 (Peering Manager is a BGP session management tool. Affected versions of ...) - TODO: check + NOT-FOR-US: Peering Manager CVE-2024-28098 (The vulnerability allows authenticated users with only produce or cons ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27907 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-27894 (The Pulsar Functions Worker includes a capability that permits authent ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27758 (In RPyC before 6.0.0, when a server exposes a method that calls the at ...) TODO: check CVE-2024-27317 (In Pulsar Functions Worker, authenticated users can upload functions i ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-27279 (Directory traversal vulnerability exists in a-blog cms Ver.3.1.x serie ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-27135 (Improper input validation in the Pulsar Function Worker allows a malic ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-26288 (An unauthenticated remote attacker can influence the communication due ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-26204 (Outlook for Android Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26203 (Azure Data Studio Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26201 (Microsoft Intune Linux Agent Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26199 (Microsoft Office Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26198 (Microsoft Exchange Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26197 (Windows Standards-Based Storage Management Service Denial of Service V ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26190 (Microsoft QUIC Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26185 (Windows Compressed Folder Tampering Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26182 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26181 (Windows Kernel Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26178 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26177 (Windows Kernel Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26176 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26174 (Windows Kernel Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26173 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26170 (Windows Composite Image File System (CimFS) Elevation of Privilege Vul ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26169 (Windows Error Reporting Service Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26166 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26165 (Visual Studio Code Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26164 (Microsoft Django Backend for SQL Server Remote Code Execution Vulnerab ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26162 (Microsoft ODBC Driver Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26161 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26160 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26159 (Microsoft ODBC Driver Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-26005 (An unauthenticated remote attackercan gain service level privileges th ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-26004 (An unauthenticated remote attacker can DoS a control agent due to acce ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-26003 (An unauthenticated remote attacker can DoS the control agent due to a ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-26002 (An improper input validation in the Qualcom plctool allows a local att ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-26001 (An unauthenticated remote attacker can writememory out of bounds due t ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-26000 (An unauthenticated remote attacker can read memory out of bounds due t ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-25999 (An unauthenticated local attacker can perform a privilege escalation d ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-25998 (An unauthenticated remote attacker can perform a command injectionin t ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-25997 (An unauthenticated remote attacker can perform a log injection due to ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-25996 (An unauthenticated remote attacker can perform a remote code execution ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-25995 (An unauthenticated remote attacker can modify configurations to perfor ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-25994 (An unauthenticated remote attacker can upload a arbitrary script file ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-23112 (An authorization bypass through user-controlled key vulnerability [CWE ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2024-22045 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-22044 (A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Modu ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-22041 (A vulnerability has been identified in Cerberus PRO EN Engineering Too ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-22040 (A vulnerability has been identified in Cerberus PRO EN Engineering Too ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-22039 (A vulnerability has been identified in Cerberus PRO EN Engineering Too ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-21761 (An improper authorization vulnerability [CWE-285] in FortiPortal versi ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2024-21483 (A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-21451 (Microsoft ODBC Driver Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21450 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21448 (Microsoft Teams for Android Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21446 (NTFS Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21445 (Windows USB Print Driver Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21444 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21443 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21442 (Windows USB Print Driver Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21441 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21440 (Microsoft ODBC Driver Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21439 (Windows Telephony Server Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21438 (Microsoft AllJoyn API Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21437 (Windows Graphics Component Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21436 (Windows Installer Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21435 (Windows OLE Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21434 (Microsoft Windows SCSI Class System File Elevation of Privilege Vulner ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21433 (Windows Print Spooler Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21432 (Windows Update Stack Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21431 (Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vul ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21430 (Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21429 (Windows USB Hub Driver Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21427 (Windows Kerberos Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21426 (Microsoft SharePoint Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21421 (Azure SDK Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21419 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21418 (Software for Open Networking in the Cloud (SONiC) Elevation of Privile ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21411 (Skype for Consumer Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21408 (Windows Hyper-V Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21407 (Windows Hyper-V Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21400 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21392 (.NET and Visual Studio Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21390 (Microsoft Authenticator Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21334 (Open Management Infrastructure (OMI) Remote Code Execution Vulnerabili ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21330 (Open Management Infrastructure (OMI) Elevation of Privilege Vulnerabil ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-20671 (Microsoft Defender Security Feature Bypass Vulnerability) TODO: check CVE-2024-1765 (Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an u ...) @@ -324,13 +324,13 @@ CVE-2024-2193 [GhostRace: Speculative Race Conditions] NOTE: https://www.vusec.net/projects/ghostrace/ NOTE: https://xenbits.xen.org/xsa/advisory-453.html CVE-2024-28199 (phlex is an open source framework for building object-oriented views i ...) - TODO: check + NOT-FOR-US: phlex framework CVE-2024-28163 (Under certain conditions, Support Web Pages of SAP NetWeaver Process I ...) NOT-FOR-US: SAP CVE-2024-28120 (codeium-chrome is an open source code completion plugin for the chrome ...) - TODO: check + NOT-FOR-US: codeium-chrome CVE-2024-27938 (Postal is an open source SMTP server. Postal versions less than 3.0.0 ...) - TODO: check + NOT-FOR-US: Postal SMTP server (not the same as src:postal) CVE-2024-27902 (Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - vers ...) NOT-FOR-US: SAP CVE-2024-27900 (Due to missing authorization check, attacker with business user accoun ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d3ebd8ea0aefe19e3b7a31421f317b651d4b9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d3ebd8ea0aefe19e3b7a31421f317b651d4b9c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits