Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 52088067 by security tracker role at 2024-05-14T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,73 +1,475 @@ -CVE-2024-4778 +CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...) + TODO: check +CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...) + TODO: check +CVE-2024-4859 (Solidus <= 4.3.4is affected by a Stored Cross-Site Scripting vulnerabi ...) + TODO: check +CVE-2024-4624 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4473 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-4440 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) + TODO: check +CVE-2024-4392 (The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for Wor ...) + TODO: check +CVE-2024-4333 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-3676 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) + TODO: check +CVE-2024-3579 (Open-source project Online Shopping System Advanced is vulnerable to R ...) + TODO: check +CVE-2024-3374 (An unauthenticated user can trigger a fatal assertion in the server wh ...) + TODO: check +CVE-2024-3372 (Improper validation of certain metadata input may result in the server ...) + TODO: check +CVE-2024-35012 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35011 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35010 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35009 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-34950 (D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-34914 (php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a wea ...) + TODO: check +CVE-2024-34773 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34772 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34771 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34717 (PrestaShop is an open source e-commerce web application. In PrestaShop ...) + TODO: check +CVE-2024-34716 (PrestaShop is an open source e-commerce web application. A cross-site ...) + TODO: check +CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hoppscotch ...) + TODO: check +CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...) + TODO: check +CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...) + TODO: check +CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34356 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34355 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34256 (OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function ...) + TODO: check +CVE-2024-34243 (Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the user ...) + TODO: check +CVE-2024-34191 (htmly v2.9.6 was discovered to contain an arbitrary file deletion vuln ...) + TODO: check +CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) + TODO: check +CVE-2024-34085 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) + TODO: check +CVE-2024-33868 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is L ...) + TODO: check +CVE-2024-33867 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) + TODO: check +CVE-2024-33866 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) + TODO: check +CVE-2024-33865 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) + TODO: check +CVE-2024-33864 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is S ...) + TODO: check +CVE-2024-33863 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) + TODO: check +CVE-2024-33647 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) + TODO: check +CVE-2024-33583 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-33577 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...) + TODO: check +CVE-2024-33499 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-33498 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-33497 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-33496 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-33495 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-33494 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-33493 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-33492 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-33491 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-33490 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-33489 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-33485 (SQL Injection vulnerability in CASAP Automated Enrollment System using ...) + TODO: check +CVE-2024-32977 (OctoPrint provides a web interface for controlling consumer 3D printer ...) + TODO: check +CVE-2024-32742 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) + TODO: check +CVE-2024-32741 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) + TODO: check +CVE-2024-32740 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) + TODO: check +CVE-2024-32639 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...) + TODO: check +CVE-2024-32637 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) + TODO: check +CVE-2024-32636 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) + TODO: check +CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) + TODO: check +CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid ...) + TODO: check +CVE-2024-32355 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) + TODO: check +CVE-2024-32354 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) + TODO: check +CVE-2024-32353 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) + TODO: check +CVE-2024-32352 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) + TODO: check +CVE-2024-32351 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) + TODO: check +CVE-2024-32350 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) + TODO: check +CVE-2024-32349 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) + TODO: check +CVE-2024-32066 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32065 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32064 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32063 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32062 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32061 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32060 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32059 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32058 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32057 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) + TODO: check +CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) + TODO: check +CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) + TODO: check +CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) + TODO: check +CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) + TODO: check +CVE-2024-31980 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) + TODO: check +CVE-2024-31491 (A client-side enforcement of server-side security in Fortinet FortiSan ...) + TODO: check +CVE-2024-31488 (An improper neutralization of inputs during web page generation vulner ...) + TODO: check +CVE-2024-31486 (A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions ...) + TODO: check +CVE-2024-31485 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...) + TODO: check +CVE-2024-31484 (A vulnerability has been identified in CPC80 Central Processing/Commun ...) + TODO: check +CVE-2024-30209 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-30208 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-30207 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-30206 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + TODO: check +CVE-2024-30059 (Microsoft Intune for Android Mobile Application Management Tampering V ...) + TODO: check +CVE-2024-30054 (Microsoft Power BI Client JavaScript SDK Information Disclosure Vulner ...) + TODO: check +CVE-2024-30053 (Azure Migrate Cross-Site Scripting Vulnerability) + TODO: check +CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30050 (Windows Mark of the Web Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-30049 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30048 (Dynamics 365 Customer Insights Spoofing Vulnerability) + TODO: check +CVE-2024-30047 (Dynamics 365 Customer Insights Spoofing Vulnerability) + TODO: check +CVE-2024-30046 (Visual Studio Denial of Service Vulnerability) + TODO: check +CVE-2024-30045 (.NET and Visual Studio Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30044 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30043 (Microsoft SharePoint Server Information Disclosure Vulnerability) + TODO: check +CVE-2024-30042 (Microsoft Excel Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30041 (Microsoft Bing Search Spoofing Vulnerability) + TODO: check +CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-30039 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + TODO: check +CVE-2024-30038 (Win32k Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30037 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + TODO: check +CVE-2024-30036 (Windows Deployment Services Information Disclosure Vulnerability) + TODO: check +CVE-2024-30035 (Windows DWM Core Library Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30034 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) + TODO: check +CVE-2024-30033 (Windows Search Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30032 (Windows DWM Core Library Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30031 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30030 (Win32k Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30029 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30028 (Win32k Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30027 (NTFS Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30025 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + TODO: check +CVE-2024-30024 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30023 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30022 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30021 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30020 (Windows Cryptographic Services Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30019 (DHCP Server Service Denial of Service Vulnerability) + TODO: check +CVE-2024-30018 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30017 (Windows Hyper-V Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30016 (Windows Cryptographic Services Information Disclosure Vulnerability) + TODO: check +CVE-2024-30015 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30014 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30012 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30011 (Windows Hyper-V Denial of Service Vulnerability) + TODO: check +CVE-2024-30010 (Windows Hyper-V Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30009 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30008 (Windows DWM Core Library Information Disclosure Vulnerability) + TODO: check +CVE-2024-30007 (Microsoft Brokering File System Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30006 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + TODO: check +CVE-2024-30005 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30004 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30003 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30002 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30001 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30000 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-2637 (An authenticated local attacker who successfully exploited this vulner ...) + TODO: check +CVE-2024-29999 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-29998 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-29997 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-29996 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + TODO: check +CVE-2024-29994 (Microsoft Windows SCSI Class System File Elevation of Privilege Vulner ...) + TODO: check +CVE-2024-28137 (A local attacker with low privileges canperform a privilege escalation ...) + TODO: check +CVE-2024-28136 (A local attacker with low privileges can use a command injection vulne ...) + TODO: check +CVE-2024-28135 (A low privileged remote attacker can usea command injection vulnerabil ...) + TODO: check +CVE-2024-28134 (An unauthenticated remote attacker can extract a session token with a ...) + TODO: check +CVE-2024-28133 (A local low privileged attacker can use an untrusted search path in aC ...) + TODO: check +CVE-2024-27947 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27946 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27945 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27944 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27943 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27942 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27941 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27940 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27939 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + TODO: check +CVE-2024-27110 (Elevation of privilege vulnerability in GE HealthCare EchoPAC products) + TODO: check +CVE-2024-27109 (Insufficiently protected credentials in GE HealthCare EchoPAC products) + TODO: check +CVE-2024-27108 (Non privileged access to critical file vulnerability in GE HealthCare ...) + TODO: check +CVE-2024-27107 (Weak account password in GE HealthCare EchoPAC products) + TODO: check +CVE-2024-27106 (Vulnerable data in transit in GE HealthCare EchoPAC products) + TODO: check +CVE-2024-26367 (Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firm ...) + TODO: check +CVE-2024-26238 (Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerab ...) + TODO: check +CVE-2024-26007 (An improper check or handling of exceptional conditions vulnerability ...) + TODO: check +CVE-2024-23105 (A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet Forti ...) + TODO: check +CVE-2024-22270 (VMware Workstation and Fusion contain an information disclosure vulner ...) + TODO: check +CVE-2024-22269 (VMware Workstation and Fusion contain an information disclosure vulner ...) + TODO: check +CVE-2024-22268 (VMware Workstation and Fusion contain a heap buffer-overflow vulnerabi ...) + TODO: check +CVE-2024-22267 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...) + TODO: check +CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities could cau ...) + TODO: check +CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities could cau ...) + TODO: check +CVE-2024-1630 (Path traversal vulnerability in \u201cgetAllFolderContents\u201d funct ...) + TODO: check +CVE-2024-1629 (Path traversal vulnerability in \u201cdeleteFiles\u201d function of Co ...) + TODO: check +CVE-2024-1628 (OS command injection vulnerabilities in GE HealthCare ultrasound devic ...) + TODO: check +CVE-2024-1598 (Potential buffer overflow in unsafe UEFI variable handling in Phoen ...) + TODO: check +CVE-2024-1486 (Elevation of privileges via misconfigured access control list in GE He ...) + TODO: check +CVE-2024-0862 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) + TODO: check +CVE-2024-0762 (Potential buffer overflow in unsafe UEFI variable handling in Phoen ...) + TODO: check +CVE-2023-50180 (An exposure of sensitive system information to an unauthorized control ...) + TODO: check +CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...) + TODO: check +CVE-2023-46280 (A vulnerability has been identified in S7-PCT (All versions), Security ...) + TODO: check +CVE-2023-45586 (An insufficient verification of data authenticity vulnerability [CWE-3 ...) + TODO: check +CVE-2023-45583 (A use of externally-controlled format string in Fortinet FortiProxy ve ...) + TODO: check +CVE-2023-44247 (A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 ...) + TODO: check +CVE-2023-40720 (An authorization bypass through user-controlled key vulnerability [CWE ...) + TODO: check +CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiProxy ve ...) + TODO: check +CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...) + TODO: check +CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs showed e ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778 -CVE-2024-4777 +CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ...) - firefox <unfixed> - firefox-esr <unfixed> - thunderbird <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4777 -CVE-2024-4776 +CVE-2024-4776 (A file dialog shown while in full-screen mode could have resulted in t ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4776 -CVE-2024-4775 +CVE-2024-4775 (An iterator stop condition was missing when handling WASM code in the ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4775 -CVE-2024-4774 +CVE-2024-4774 (The `ShmemCharMapHashEntry()` code was susceptible to potentially unde ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4774 -CVE-2024-4773 +CVE-2024-4773 (When a network error occurred during page load, the prior content coul ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4773 -CVE-2024-4772 +CVE-2024-4772 (An HTTP digest authentication nonce value was generated using `rand()` ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4772 -CVE-2024-4771 +CVE-2024-4771 (A memory allocation check was missing which would lead to a use-after- ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771 -CVE-2024-4770 +CVE-2024-4770 (When saving a page to PDF, certain font styles could have led to a pot ...) - firefox <unfixed> - firefox-esr <unfixed> - thunderbird <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 -CVE-2024-4769 +CVE-2024-4769 (When importing resources using Web Workers, error messages would disti ...) - firefox <unfixed> - firefox-esr <unfixed> - thunderbird <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 -CVE-2024-4768 +CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it easier ...) - firefox <unfixed> - firefox-esr <unfixed> - thunderbird <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768 -CVE-2024-4767 +CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is enabled, Inde ...) - firefox <unfixed> - firefox-esr <unfixed> - thunderbird <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4767 -CVE-2024-4766 +CVE-2024-4766 (Different techniques existed to obscure the fullscreen notification in ...) - firefox <not-affected> (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4766 -CVE-2024-4765 +CVE-2024-4765 (Web application manifests were stored by using an insecure MD5 hash wh ...) - firefox <not-affected> (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765 -CVE-2024-4367 +CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which would al ...) - firefox <unfixed> - firefox-esr <unfixed> - thunderbird <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4367 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4367 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4367 -CVE-2024-4764 +CVE-2024-4764 (Multiple WebRTC threads could have claimed a newly connected audio inp ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4764 CVE-2024-4855 (Use after free issue in editcap could cause denial of service via craf ...) @@ -298,7 +700,7 @@ CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in NOT-FOR-US: WordPress plugin CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in Thoma ...) NOT-FOR-US: WordPress plugin -CVE-2024-34353 (matrix-rust-sdk is an implementation of a Matrix client-server library ...) +CVE-2024-34353 (The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is a ...) TODO: check CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check @@ -6993,7 +7395,7 @@ CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon Tool NOT-FOR-US: WordPress plugin CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) NOT-FOR-US: WordPress plugin -CVE-2024-32077 +CVE-2024-32077 (Apache Airflow version 2.9.0 has a vulnerability that allows an authen ...) - airflow <itp> (bug #819700) CVE-2024-32051 (Insertion of sensitive information into log file issue exists in RoamW ...) NOT-FOR-US: RoamWiFi @@ -27431,7 +27833,7 @@ CVE-2024-24751 (sf_event_mgt is an event management and registration extension f NOT-FOR-US: TYPO3 extension CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...) NOT-FOR-US: Siemens -CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions). Th ...) +CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) NOT-FOR-US: Siemens @@ -27657,7 +28059,7 @@ CVE-2023-51440 (A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343 NOT-FOR-US: Siemens CVE-2023-50808 (Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based ...) NOT-FOR-US: Zimbra -CVE-2023-50236 (A vulnerability has been identified in Polarion ALM (All versions). Th ...) +CVE-2023-50236 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2023-49125 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) NOT-FOR-US: Siemens @@ -93466,10 +93868,10 @@ CVE-2023-24206 (Davinci v0.3.0-rc was discovered to contain a SQL injection vuln NOT-FOR-US: Davinci CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote code exe ...) NOT-FOR-US: Clash for Windows -CVE-2023-24204 - RESERVED -CVE-2023-24203 - RESERVED +CVE-2023-24204 (SQL injection vulnerability in SourceCodester Simple Customer Relation ...) + TODO: check +CVE-2023-24203 (Cross Site Scripting vulnerability in SourceCodester Simple Customer R ...) + TODO: check CVE-2023-24202 (Raffle Draw System v1.0 was discovered to contain a local file inclusi ...) NOT-FOR-US: Raffle Draw System CVE-2023-24201 (Raffle Draw System v1.0 was discovered to contain a SQL injection vuln ...) @@ -168487,7 +168889,7 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5. [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2 NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ -CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA ...) +CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31- ...) NOT-FOR-US: Siemens CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...) NOT-FOR-US: UUNIVERGE @@ -246712,8 +247114,8 @@ CVE-2021-22282 (Improper Control of Generation of Code ('Code Injection') vulner NOT-FOR-US: B&R Industrial Automation Automation Studio CVE-2021-22281 (: Relative Path Traversal vulnerability in B&R Industrial Automation A ...) NOT-FOR-US: B&R Industrial Automation Automation Studio -CVE-2021-22280 - RESERVED +CVE-2021-22280 (Improper DLL loading algorithms in B&R Automation Studio may allow an ...) + TODO: check CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the OmniCore r ...) NOT-FOR-US: ABB / OmniCore robot controller CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52088067b7084d893ef2ef63b27e72fd7c8b1350 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52088067b7084d893ef2ef63b27e72fd7c8b1350 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits