Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 03ea5981 by security tracker role at 2024-06-11T20:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,66 +1,370 @@ -CVE-2024-5702 +CVE-2024-5851 (A vulnerability classified as problematic has been found in playSMS up ...) + TODO: check +CVE-2024-5829 (A vulnerability classified as problematic was found in smallweigit Avu ...) + TODO: check +CVE-2024-5825 + REJECTED +CVE-2024-5813 (A medium severity vulnerability in BIPS has been identified where an a ...) + TODO: check +CVE-2024-5812 (A low severity vulnerability in BIPS has been identified where an atta ...) + TODO: check +CVE-2024-5584 (The WordPress Online Booking and Scheduling Plugin \u2013 Bookly plugi ...) + TODO: check +CVE-2024-5531 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-5398 + REJECTED +CVE-2024-5189 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4387 + REJECTED +CVE-2024-4206 + REJECTED +CVE-2024-4190 (Stored Cross-Site Scripting (XSS) vulnerabilities have been identified ...) + TODO: check +CVE-2024-4155 + REJECTED +CVE-2024-37325 (Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerabil ...) + TODO: check +CVE-2024-37301 (Document Merge Service is a document template merge service providing ...) + TODO: check +CVE-2024-37296 (The Aimeos HTML client provides Aimeos HTML components for e-commerce ...) + TODO: check +CVE-2024-37295 (Aimeos is an Open Source e-commerce framework for online shops. Starti ...) + TODO: check +CVE-2024-37294 (Aimeos is an Open Source e-commerce framework for online shops. All Sa ...) + TODO: check +CVE-2024-37293 (The AWS Deployment Framework (ADF) is a framework to manage and deploy ...) + TODO: check +CVE-2024-37161 (MeterSphere is an open source continuous testing platform. Prior to ve ...) + TODO: check +CVE-2024-36821 (Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 a ...) + TODO: check +CVE-2024-36702 (libiec61850 v1.5 was discovered to contain a heap overflow via the Ber ...) + TODO: check +CVE-2024-36650 (TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1 ...) + TODO: check +CVE-2024-36266 (A vulnerability has been identified in PowerSys (All versions < V3.11) ...) + TODO: check +CVE-2024-35716 (Missing Authorization vulnerability in Copymatic Copymatic \u2013 AI C ...) + TODO: check +CVE-2024-35692 (Missing Authorization vulnerability in Termly Cookie Consent.This issu ...) + TODO: check +CVE-2024-35685 (Missing Authorization vulnerability in Anders Nor\xe9n Radcliffe 2.Thi ...) + TODO: check +CVE-2024-35683 (Missing Authorization vulnerability in Teplitsa of social technologies ...) + TODO: check +CVE-2024-35671 (Missing Authorization vulnerability in Minoji MJ Update History.This i ...) + TODO: check +CVE-2024-35667 (Missing Authorization vulnerability in WP EasyCart.This issue affects ...) + TODO: check +CVE-2024-35665 (Missing Authorization vulnerability in namithjawahar Insert Post Ads.T ...) + TODO: check +CVE-2024-35663 (Missing Authorization vulnerability in HahnCreativeGroup WP Translate. ...) + TODO: check +CVE-2024-35628 (Missing Authorization vulnerability in Photo Gallery Team Photo Galler ...) + TODO: check +CVE-2024-35303 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...) + TODO: check +CVE-2024-35292 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...) + TODO: check +CVE-2024-35265 (Windows Perception Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35263 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) + TODO: check +CVE-2024-35255 (Azure Identity Libraries and Microsoft Authentication Library Elevatio ...) + TODO: check +CVE-2024-35254 (Azure Monitor Agent Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35253 (Microsoft Azure File Sync Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35252 (Azure Storage Movement Client Library Denial of Service Vulnerability) + TODO: check +CVE-2024-35250 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-35249 (Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerab ...) + TODO: check +CVE-2024-35248 (Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnera ...) + TODO: check +CVE-2024-35213 (An improper input validation vulnerability in the SGI Image Codec of Q ...) + TODO: check +CVE-2024-35212 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...) + TODO: check +CVE-2024-35211 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...) + TODO: check +CVE-2024-35210 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...) + TODO: check +CVE-2024-35209 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...) + TODO: check +CVE-2024-35208 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...) + TODO: check +CVE-2024-35207 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...) + TODO: check +CVE-2024-35206 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...) + TODO: check +CVE-2024-35168 (Missing Authorization vulnerability in Discourse WP Discourse.This iss ...) + TODO: check +CVE-2024-34826 (Missing Authorization vulnerability in Tobias Conrad Design for Contac ...) + TODO: check +CVE-2024-34824 (Missing Authorization vulnerability in ThemeBoy SportsPress \u2013 Spo ...) + TODO: check +CVE-2024-34822 (Missing Authorization vulnerability in weDevs weMail.This issue affect ...) + TODO: check +CVE-2024-34821 (Missing Authorization vulnerability in Contact List PRO Contact List \ ...) + TODO: check +CVE-2024-34820 (Missing Authorization vulnerability in If So Plugin If-So Dynamic Cont ...) + TODO: check +CVE-2024-34819 (Missing Authorization vulnerability in MoreConvert MC Woocommerce Wish ...) + TODO: check +CVE-2024-34815 (Missing Authorization vulnerability in Codection Import and export use ...) + TODO: check +CVE-2024-34813 (Missing Authorization vulnerability in MoreConvert MC Woocommerce Wish ...) + TODO: check +CVE-2024-34804 (Missing Authorization vulnerability in Tagembed.This issue affects Tag ...) + TODO: check +CVE-2024-34799 (Missing Authorization vulnerability in Repute Infosystems BookingPress ...) + TODO: check +CVE-2024-34768 (Missing Authorization vulnerability in Fastly.This issue affects Fastl ...) + TODO: check +CVE-2024-34763 (Missing Authorization vulnerability in Tobias Conrad Builder for WooCo ...) + TODO: check +CVE-2024-34758 (Missing Authorization vulnerability in Wpmet WP Fundraising Donation a ...) + TODO: check +CVE-2024-34753 (Missing Authorization vulnerability in SoftLab Radio Player.This issue ...) + TODO: check +CVE-2024-34442 (Missing Authorization vulnerability in weDevs weDocs.This issue affect ...) + TODO: check +CVE-2024-34406 (Improper exception handling in McAfee Security: Antivirus VPN for Andr ...) + TODO: check +CVE-2024-34405 (Improper deep link validation in McAfee Security: Antivirus VPN for An ...) + TODO: check +CVE-2024-33500 (A vulnerability has been identified in Mendix Applications using Mendi ...) + TODO: check +CVE-2024-32148 (Missing Authorization vulnerability in Salesforce Pardot.This issue af ...) + TODO: check +CVE-2024-32146 (Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose ...) + TODO: check +CVE-2024-32144 (Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce ...) + TODO: check +CVE-2024-32143 (Missing Authorization vulnerability in Podlove Podlove Podcast Publish ...) + TODO: check +CVE-2024-31495 (A improper neutralization of special elements used in an sql command ( ...) + TODO: check +CVE-2024-30104 (Microsoft Office Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30103 (Microsoft Outlook Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30102 (Microsoft Office Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30101 (Microsoft Office Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30100 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30099 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30097 (Microsoft Speech Application Programming Interface (SAPI) Remote Code ...) + TODO: check +CVE-2024-30096 (Windows Cryptographic Services Information Disclosure Vulnerability) + TODO: check +CVE-2024-30095 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30094 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + TODO: check +CVE-2024-30093 (Windows Storage Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30091 (Win32k Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30090 (Microsoft Streaming Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30089 (Microsoft Streaming Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30088 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30087 (Win32k Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30086 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30085 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + TODO: check +CVE-2024-30084 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30083 (Windows Standards-Based Storage Management Service Denial of Service V ...) + TODO: check +CVE-2024-30082 (Win32k Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30080 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30078 (Windows Wi-Fi Driver Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30077 (Windows OLE Remote Code Execution Vulnerability) + TODO: check +CVE-2024-30076 (Windows Container Manager Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30075 (Windows Link Layer Topology Discovery Protocol Remote Code Execution V ...) + TODO: check +CVE-2024-30074 (Windows Link Layer Topology Discovery Protocol Remote Code Execution V ...) + TODO: check +CVE-2024-30072 (Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerabi ...) + TODO: check +CVE-2024-30070 (DHCP Server Service Denial of Service Vulnerability) + TODO: check +CVE-2024-30069 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + TODO: check +CVE-2024-30068 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30067 (Winlogon Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30066 (Winlogon Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30065 (Windows Themes Denial of Service Vulnerability) + TODO: check +CVE-2024-30064 (Windows Kernel Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-30063 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...) + TODO: check +CVE-2024-30062 (Windows Standards-Based Storage Management Service Remote Code Executi ...) + TODO: check +CVE-2024-30052 (Visual Studio Remote Code Execution Vulnerability) + TODO: check +CVE-2024-2462 (Allow attackers to intercept or falsify data exchanges between the cli ...) + TODO: check +CVE-2024-2461 (If exploited an attacker could traverse the file system to access fil ...) + TODO: check +CVE-2024-2013 (An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM se ...) + TODO: check +CVE-2024-2012 (vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that i ...) + TODO: check +CVE-2024-2011 (A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNE ...) + TODO: check +CVE-2024-29060 (Visual Studio Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-28024 (A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive inform ...) + TODO: check +CVE-2024-28023 (A vulnerability exists in the message queueing mechanism that if expl ...) + TODO: check +CVE-2024-28022 (A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that ...) + TODO: check +CVE-2024-28021 (A vulnerability exists in the FOXMAN-UN/UNEM server that affects the m ...) + TODO: check +CVE-2024-28020 (A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM appli ...) + TODO: check +CVE-2024-26330 (An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. ...) + TODO: check +CVE-2024-26010 (A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1. ...) + TODO: check +CVE-2024-24704 (Missing Authorization vulnerability in AddonMaster Load More Anything. ...) + TODO: check +CVE-2024-24703 (Missing Authorization vulnerability in MultiVendorX WC Marketplace.Thi ...) + TODO: check +CVE-2024-23521 (Missing Authorization vulnerability in Happyforms.This issue affects H ...) + TODO: check +CVE-2024-23518 (Missing Authorization vulnerability in Navneil Naicker ACF Photo Galle ...) + TODO: check +CVE-2024-23503 (Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables. ...) + TODO: check +CVE-2024-23111 (A use of password hash with insufficient computational effort vulnerab ...) + TODO: check +CVE-2024-23110 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 throug ...) + TODO: check +CVE-2024-21754 (A use of password hash with insufficient computational effort vulnerab ...) + TODO: check +CVE-2023-52233 (Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Emai ...) + TODO: check +CVE-2023-52227 (Missing Authorization vulnerability in MailerLite MailerLite \u2013 Wo ...) + TODO: check +CVE-2023-52224 (Missing Authorization vulnerability in Revolut Revolut Gateway for Woo ...) + TODO: check +CVE-2023-52217 (Missing Authorization vulnerability in weDevs WooCommerce Conversion T ...) + TODO: check +CVE-2023-52199 (Missing Authorization vulnerability in Matthias Pfefferle & Automattic ...) + TODO: check +CVE-2023-52186 (Missing Authorization vulnerability in Woo WooCommerce Product Vendors ...) + TODO: check +CVE-2023-52183 (Missing Authorization vulnerability in WebToffee WordPress Backup & Mi ...) + TODO: check +CVE-2023-52179 (Missing Authorization vulnerability in WebCodingPlace Product Expiry f ...) + TODO: check +CVE-2023-51682 (Missing Authorization vulnerability in ibericode MC4WP.This issue affe ...) + TODO: check +CVE-2023-51519 (Missing Authorization vulnerability in Soliloquy Team Slider by Solilo ...) + TODO: check +CVE-2023-51498 (Missing Authorization vulnerability in Woo WooCommerce Canada Post Shi ...) + TODO: check +CVE-2023-50763 (A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6U ...) + TODO: check +CVE-2023-4727 (A flaw was found in dogtag-pki and pki-core. The token authentication ...) + TODO: check +CVE-2023-48273 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...) + TODO: check +CVE-2023-46720 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 throug ...) + TODO: check +CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All versions ...) + TODO: check +CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...) + TODO: check +CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...) - firefox-esr <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702 -CVE-2024-5701 +CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701 -CVE-2024-5700 +CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ...) - firefox <unfixed> - firefox-esr <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700 -CVE-2024-5699 +CVE-2024-5699 (In violation of spec, cookie prefixes such as `__Secure` were being ig ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5699 -CVE-2024-5698 +CVE-2024-5698 (By manipulating the fullscreen feature while opening a data-list, an a ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5698 -CVE-2024-5697 +CVE-2024-5697 (A website was able to detect when a user took a screenshot of a page u ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697 -CVE-2024-5696 +CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker could ...) - firefox <unfixed> - firefox-esr <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5696 -CVE-2024-5695 +CVE-2024-5695 (If an out-of-memory condition occurs at a specific point using allocat ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5695 -CVE-2024-5694 +CVE-2024-5694 (An attacker could have caused a use-after-free in the JavaScript engin ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694 -CVE-2024-5693 +CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, which c ...) - firefox <unfixed> - firefox-esr <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5693 -CVE-2024-5692 +CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker could ...) - firefox <not-affected> (Windows-specific) - firefox-esr <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692 -CVE-2024-5691 +CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...) - firefox <not-affected> (Windows-specific) - firefox-esr <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691 -CVE-2024-5690 +CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...) - firefox <unfixed> - firefox-esr <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5690 -CVE-2024-5689 +CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX), a ...) - firefox <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689 -CVE-2024-5688 +CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-after-f ...) - firefox <unfixed> - firefox-esr <unfixed> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5688 -CVE-2024-5687 +CVE-2024-5687 (If a specific sequence of actions is performed when opening a new tab, ...) - firefox <not-affected> (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5687 -CVE-2024-35235 +CVE-2024-35235 (OpenPrinting CUPS is an open source printing system for Linux and othe ...) - cups <unfixed> (bug #1073002) [bookworm] - cups <no-dsa> (Minor issue) [bullseye] - cups <no-dsa> (Minor issue) @@ -1634,6 +1938,7 @@ CVE-2024-1164 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable CVE-2024-1161 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-34055 (Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authentica ...) + {DSA-5708-1} - cyrus-imapd 3.8.3-1 [bullseye] - cyrus-imapd <ignored> (Too intrusive to backport) NOTE: https://cyrus.topicbox.com/groups/announce/Ta8e3998446caf7f8/cyrus-imap-3-8-3-3-6-5-and-3-4-8-released @@ -22179,15 +22484,15 @@ CVE-2024-27247 (Improper privilege management in the installer for Zoom Desktop NOT-FOR-US: Zoom CVE-2024-27242 (Cross site scripting in Zoom Desktop Client for Linux before version 5 ...) NOT-FOR-US: Zoom -CVE-2024-26277 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) +CVE-2024-26277 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) NOT-FOR-US: Siemens -CVE-2024-26276 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) +CVE-2024-26276 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) NOT-FOR-US: Siemens -CVE-2024-26275 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) +CVE-2024-26275 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) NOT-FOR-US: Siemens CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2024-26256 (libarchive Remote Code Execution Vulnerability) +CVE-2024-26256 (Libarchive Remote Code Execution Vulnerability) {DSA-5706-1} - libarchive 3.7.2-2.1 (bug #1072107) [bullseye] - libarchive <not-affected> (Vulnerable code introduced in 3.6.0) @@ -22213,7 +22518,7 @@ CVE-2024-26248 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26245 (Windows SMB Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2024-26244 (Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vu ...) +CVE-2024-26244 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-26243 (Windows USB Print Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft @@ -22277,7 +22582,7 @@ CVE-2024-26212 (DHCP Server Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26211 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft -CVE-2024-26210 (Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vu ...) +CVE-2024-26210 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-26209 (Microsoft Local Security Authority Subsystem Service Information Discl ...) NOT-FOR-US: Microsoft @@ -89787,8 +90092,8 @@ CVE-2023-28777 (Improper Neutralization of Special Elements used in an SQL Comma NOT-FOR-US: WordPress plugin CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: Lightbox plugin -CVE-2023-28775 - RESERVED +CVE-2023-28775 (Missing Authorization vulnerability in Yoast Yoast SEO Premium.This is ...) + TODO: check CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grad ...) NOT-FOR-US: WordPress plugin CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -98858,8 +99163,8 @@ CVE-2023-25801 (TensorFlow is an open source machine learning platform. Prior to - tensorflow <itp> (bug #804612) CVE-2023-25800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin -CVE-2023-25799 - RESERVED +CVE-2023-25799 (Missing Authorization vulnerability in Themeum Tutor LMS.This issue af ...) + TODO: check CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-25797 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlid ...) @@ -105092,8 +105397,8 @@ CVE-2023-23777 (An improper neutralization of special elements used in an OS com NOT-FOR-US: Fortinet CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) NOT-FOR-US: Fortinet -CVE-2023-23775 - RESERVED +CVE-2023-23775 (Multiple improper neutralization of special elements used inSQL comman ...) + TODO: check CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 ...) - check-mk <removed> CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...) @@ -118165,7 +118470,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2) CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...) NOT-FOR-US: authentik -CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C (All versions ...) +CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS0 ...) NOT-FOR-US: Siemens CVE-2022-46143 (Affected devices do not check the TFTP blocksize correctly. This could ...) NOT-FOR-US: Siemens @@ -127593,9 +127898,9 @@ CVE-2022-43770 (Hitachi Vantara Pentaho Business Analytics Server versions befor NOT-FOR-US: Hitachi CVE-2022-43769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi -CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) +CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7 ...) NOT-FOR-US: Siemens -CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) +CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7 ...) NOT-FOR-US: Siemens CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...) NOT-FOR-US: Apache IoTDB @@ -127764,7 +128069,7 @@ CVE-2022-43718 (Upload data forms do not correctly render user input leading to CVE-2022-43717 (Dashboard rendering does not sufficiently sanitize the content of mark ...) NOT-FOR-US: Apache Superset NOTE: https://github.com/apache/superset/pull/21895 -CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) +CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7 ...) NOT-FOR-US: Siemens CVE-2022-43715 RESERVED @@ -137450,8 +137755,8 @@ CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panel NOT-FOR-US: Siemens CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...) NOT-FOR-US: Siemens -CVE-2022-40225 - REJECTED +CVE-2022-40225 (A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1M ...) + TODO: check CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Foru ...) NOT-FOR-US: WordPress plugin CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech Tera ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ea59811fc2bbd3f466c6ae6622cb0bf4c1fd0d -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ea59811fc2bbd3f466c6ae6622cb0bf4c1fd0d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits