Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3fa11a25 by security tracker role at 2024-05-29T08:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,49 @@
-CVE-2024-36015 [ppdev: Add an error check in register_device]
+CVE-2024-5437 (A vulnerability was found in SourceCodester Simple Online
Bidding Syst ...)
+ TODO: check
+CVE-2024-5204 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to
authent ...)
+ TODO: check
+CVE-2024-5150 (The Login with phone number plugin for WordPress is vulnerable
to auth ...)
+ TODO: check
+CVE-2024-5086 (The Essential Addons for Elementor PRO \u2013 Best Elementor
Templates ...)
+ TODO: check
+CVE-2024-4611 (The AppPresser plugin for WordPress is vulnerable to improper
missing ...)
+ TODO: check
+CVE-2024-4419 (The Fetch JFT plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-3937 (The Playlist for Youtube WordPress plugin through 1.32 does not
saniti ...)
+ TODO: check
+CVE-2024-3921 (The Gianism WordPress plugin through 5.1.0 does not sanitise
and escap ...)
+ TODO: check
+CVE-2024-3050 (The Site Reviews WordPress plugin before 7.0.0 retrieves client
IP add ...)
+ TODO: check
+CVE-2024-36112 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
+ TODO: check
+CVE-2024-35548 (A SQL injection vulnerability in Mybatis plus versions below
3.5.6 all ...)
+ TODO: check
+CVE-2024-35511 (phpgurukul Men Salon Management System v2.0 is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution.
In affec ...)
+ TODO: check
+CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution.
In affec ...)
+ TODO: check
+CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the
separation of pr ...)
+ TODO: check
+CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure
encryption of ...)
+ TODO: check
+CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure
encryption of ...)
+ TODO: check
+CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular
Express ...)
+ TODO: check
+CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to
Prototyp ...)
+ TODO: check
+CVE-2024-0434 (The WordPress Tour & Travel Booking Plugin for WooCommerce
\u2013 WpTr ...)
+ TODO: check
+CVE-2023-6743 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
+ TODO: check
+CVE-2024-36015 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e (6.10-rc1)
-CVE-2024-36014 [drm/arm/malidp: fix a possible null pointer dereference]
+CVE-2024-36014 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1)
CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web
authentication crede ...)
@@ -7111,7 +7153,8 @@ CVE-2024-4853 (Memory handling issue in editcap could
cause denial of service vi
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19724
CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a
toolse ...)
NOT-FOR-US: Red Hat OpenStack Platform
-CVE-2024-4810 (In register_device, the return value of ida_simple_get is
unchecked, i ...)
+CVE-2024-4810
+ REJECTED
TODO: check
CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut
NG/MF that ...)
NOT-FOR-US: PaperCut NG/MF
@@ -17316,11 +17359,13 @@ CVE-2024-3651 [potential DoS via resource consumption
via specially crafted inpu
NOTE:
https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274779
NOTE: Fixed by:
https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
(v3.7)
-CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with
kzalloc, bu ...)
+CVE-2024-24863
+ REJECTED
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1)
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8750
-CVE-2024-24862 (In function pci1xxxx_spi_probe, there is a potential null
pointer that ...)
+CVE-2024-24862
+ REJECTED
- linux 6.8.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -58220,7 +58265,7 @@ CVE-2023-36701 (Microsoft Resilient File System (ReFS)
Elevation of Privilege Vu
NOT-FOR-US: Microsoft
CVE-2023-36698 (Windows Kernel Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36697 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36697 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36637 (An improper neutralization of input during web page generation
vulnera ...)
NOT-FOR-US: Microsoft
@@ -58238,45 +58283,45 @@ CVE-2023-36596 (Remote Procedure Call Information
Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36594 (Windows Graphics Component Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36593 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36593 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36592 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36592 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36591 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36591 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36590 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36590 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36589 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36589 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36585 (Windows upnphost.dll Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36584 (Windows Mark of the Web Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36583 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36583 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36582 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36582 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36581 (Microsoft Message Queuing Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36579 (Microsoft Message Queuing Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36578 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36578 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36577 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
NOT-FOR-US: Microsoft
CVE-2023-36576 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36575 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36575 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36574 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36574 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36573 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36573 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36572 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36572 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36571 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36571 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36570 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-36570 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36569 (Microsoft Office Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -58345,7 +58390,7 @@ CVE-2023-36380 (A vulnerability has been identified in
CP-8031 MASTER MODULE (Al
NOT-FOR-US: Siemens
CVE-2023-35796 (A vulnerability has been identified in SINEMA Server V14 (All
versions ...)
NOT-FOR-US: Siemens
-CVE-2023-35349 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-35349 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-34993 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: Fortinet
@@ -71501,7 +71546,7 @@ CVE-2023-35311 (Microsoft Outlook Security Feature
Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-35310 (Windows DNS Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-35309 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-35309 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-35308 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
@@ -71619,7 +71664,7 @@ CVE-2023-32084 (HTTP.sys Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-32083 (Microsoft Failover Cluster Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-32057 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-32057 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-32056 (Windows Server Update Service (WSUS) Elevation of Privilege
Vulnerabil ...)
NOT-FOR-US: Microsoft
@@ -81935,12 +81980,12 @@ CVE-2023-30316
RESERVED
CVE-2023-30315
RESERVED
-CVE-2023-30314
- RESERVED
+CVE-2023-30314 (An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1
routers a ...)
+ TODO: check
CVE-2023-30313 (An issue discovered in Wavlink QUANTUM D2G routers allows
attackers to ...)
TODO: check
-CVE-2023-30312
- RESERVED
+CVE-2023-30312 (An issue discovered in routers running Openwrt 18.06, 19.07,
21.02, 22 ...)
+ TODO: check
CVE-2023-30311 (An issue discovered in H3C Magic R365 and H3C Magic R100
routers allow ...)
TODO: check
CVE-2023-30310 (An issue discovered in Comfast Comfast CF-616AC routers allows
attacke ...)
@@ -113986,7 +114031,7 @@ CVE-2023-21556 (Windows Layer 2 Tunneling Protocol
(L2TP) Remote Code Execution
NOT-FOR-US: Microsoft
CVE-2023-21555 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2023-21554 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+CVE-2023-21554 (Microsoft Message Queuing (MSMQ) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21553 (Azure DevOps Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -120150,7 +120195,7 @@ CVE-2022-44675 (Windows Bluetooth Driver Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-44673 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of
Privileg ...)
+CVE-2022-44673 (Windows Client Server Run-Time Subsystem (CSRSS) Elevation of
Privileg ...)
NOT-FOR-US: Microsoft
CVE-2022-44672
RESERVED
@@ -156208,7 +156253,8 @@ CVE-2022-32203
RESERVED
CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does
not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1970 (keycloak 18.0.0: open redirect in auth endpoint via the
redirect_uri p ...)
+CVE-2022-1970
+ REJECTED
NOT-FOR-US: Keycloak
CVE-2022-1969 (The Mobile browser color select plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: Mobile browser color select plugin for WordPress
@@ -162323,7 +162369,7 @@ CVE-2022-30192 (Microsoft Edge (Chromium-based)
Elevation of Privilege Vulnerabi
NOT-FOR-US: Microsoft
CVE-2022-30191
RESERVED
-CVE-2022-30190 (<p>A remote code execution vulnerability exists when MSDT is
called us ...)
+CVE-2022-30190 (A remote code execution vulnerability exists when MSDT is
called using ...)
NOT-FOR-US: Microsoft
CVE-2022-30189 (Windows Autopilot Device Management and Enrollment Client
Spoofing Vul ...)
NOT-FOR-US: Microsoft
@@ -203193,7 +203239,7 @@ CVE-2021-42308 (Microsoft Edge (Chromium-based)
Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42307 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42306 (<p>An information disclosure vulnerability manifests when a
user or an ...)
+CVE-2021-42306 (An information disclosure vulnerability manifests when a user
or an ap ...)
NOT-FOR-US: Microsoft
CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -205577,7 +205623,7 @@ CVE-2021-41374 (Azure Sphere Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-41373 (FSLogix Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-41372 (<p>A Cross-Site Scripting (XSS) and Cross-Site Request Forgery
(CSRF) ...)
+CVE-2021-41372 (A Cross-Site Scripting (XSS) and Cross-Site Request Forgery
(CSRF) vul ...)
NOT-FOR-US: Microsoft
CVE-2021-41371 (Windows Remote Desktop Protocol (RDP) Information Disclosure
Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -341937,7 +341983,7 @@ CVE-2020-1338 (<p>A remote code execution
vulnerability exists in Microsoft Word
NOT-FOR-US: Microsoft
CVE-2020-1337 (An elevation of privilege vulnerability exists when the Windows
Print ...)
NOT-FOR-US: Microsoft
-CVE-2020-1336 (<p>An elevation of privilege vulnerability exists in the way
that the ...)
+CVE-2020-1336 (An elevation of privilege vulnerability exists in the way that
the Win ...)
NOT-FOR-US: Microsoft
CVE-2020-1335 (<p>A remote code execution vulnerability exists in Microsoft
Excel sof ...)
NOT-FOR-US: Microsoft
@@ -342559,7 +342605,7 @@ CVE-2020-1027 (An elevation of privilege
vulnerability exists in the way that th
NOT-FOR-US: Microsoft
CVE-2020-1026 (A Security Feature Bypass vulnerability exists in the MSR
JavaScript C ...)
NOT-FOR-US: Microsoft
-CVE-2020-1025 (<p>An elevation of privilege vulnerability exists when
Microsoft Share ...)
+CVE-2020-1025 (An elevation of privilege vulnerability exists when Microsoft
SharePoi ...)
NOT-FOR-US: Microsoft
CVE-2020-1024 (A remote code execution vulnerability exists in Microsoft
SharePoint w ...)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fa11a25d9f401570280e6ffd545369bf04cba31
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fa11a25d9f401570280e6ffd545369bf04cba31
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
