Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: dcc96146 by security tracker role at 2024-06-13T20:14:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,193 @@ +CVE-2024-5952 (Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-S ...) + TODO: check +CVE-2024-5951 (Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denia ...) + TODO: check +CVE-2024-5950 (Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffe ...) + TODO: check +CVE-2024-5949 (Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of ...) + TODO: check +CVE-2024-5948 (Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Over ...) + TODO: check +CVE-2024-5947 (Deep Sea Electronics DSE855 Configuration Backup Missing Authenticatio ...) + TODO: check +CVE-2024-5927 + REJECTED +CVE-2024-5924 (Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. T ...) + TODO: check +CVE-2024-4696 (A privilege escalation vulnerability was reported in Lenovo Service Br ...) + TODO: check +CVE-2024-4371 (The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Chec ...) + TODO: check +CVE-2024-4176 (An Cross site scripting vulnerability in the EDR XConsole before this ...) + TODO: check +CVE-2024-3073 (The Easy WP SMTP by SendLayer \u2013 WordPress SMTP and Email Log Plug ...) + TODO: check +CVE-2024-38313 (In certain scenarios a malicious website could attempt to display a fa ...) + TODO: check +CVE-2024-38312 (When browsing private tabs, some data related to location history or w ...) + TODO: check +CVE-2024-38285 (Logs storing credentials are insufficiently protected and can be decod ...) + TODO: check +CVE-2024-38284 (Transmitted data is logged between the device and the backend service. ...) + TODO: check +CVE-2024-38283 (Sensitive customer information is stored in the device without encrypt ...) + TODO: check +CVE-2024-38282 (Utilizing default credentials, an attacker is able to log into the cam ...) + TODO: check +CVE-2024-38281 (An attacker can access the maintenance console using hard coded creden ...) + TODO: check +CVE-2024-38280 (An unauthorized user is able to gain access to sensitive data, includi ...) + TODO: check +CVE-2024-38279 (The affected product is vulnerable to an attacker modifying the bootlo ...) + TODO: check +CVE-2024-38083 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-37877 (UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is s ...) + TODO: check +CVE-2024-37849 (A SQL Injection vulnerability in itsourcecode Billing System 1.0 allow ...) + TODO: check +CVE-2024-37635 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37634 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37633 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37632 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37631 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...) + TODO: check +CVE-2024-37630 (D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded passwor ...) + TODO: check +CVE-2024-37309 (CrateDB is a distributed SQL database. A high-risk vulnerability has b ...) + TODO: check +CVE-2024-37308 (The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent ...) + TODO: check +CVE-2024-37307 (Cilium is a networking, observability, and security solution with an e ...) + TODO: check +CVE-2024-37306 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...) + TODO: check +CVE-2024-37164 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...) + TODO: check +CVE-2024-37131 (SCG Policy Manager, all versions, contains an overly permissive Cross- ...) + TODO: check +CVE-2024-37029 (Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based ...) + TODO: check +CVE-2024-37022 (Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-boun ...) + TODO: check +CVE-2024-36760 (A stack overflow vulnerability was found in version 1.18.0 of rhai. Th ...) + TODO: check +CVE-2024-36647 (A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 ...) + TODO: check +CVE-2024-36589 (An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2 ...) + TODO: check +CVE-2024-36588 (An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit ...) + TODO: check +CVE-2024-36587 (Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows n ...) + TODO: check +CVE-2024-36586 (An issue in AdGuardHome v0.93 to latest allows unprivileged attackers ...) + TODO: check +CVE-2024-36396 (Verint - CWE-434: Unrestricted Upload of File with Dangerous Type) + TODO: check +CVE-2024-36395 (Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags i ...) + TODO: check +CVE-2024-35328 (libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the fu ...) + TODO: check +CVE-2024-35326 (libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issu ...) + TODO: check +CVE-2024-35325 (A vulnerability was found in libyaml up to 0.2.5. Affected by this iss ...) + TODO: check +CVE-2024-34130 (Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affe ...) + TODO: check +CVE-2024-34129 (Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affe ...) + TODO: check +CVE-2024-34116 (Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by ...) + TODO: check +CVE-2024-34115 (Substance3D - Stager versions 2.1.4 and earlier are affected by an out ...) + TODO: check +CVE-2024-34113 (ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak ...) + TODO: check +CVE-2024-34112 (ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Imp ...) + TODO: check +CVE-2024-34111 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34110 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34109 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34108 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34107 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34106 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34105 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34104 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34103 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-34102 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlie ...) + TODO: check +CVE-2024-32860 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...) + TODO: check +CVE-2024-32859 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...) + TODO: check +CVE-2024-32858 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...) + TODO: check +CVE-2024-32856 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...) + TODO: check +CVE-2024-32504 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...) + TODO: check +CVE-2024-31956 (An issue was discovered in Samsung Mobile Processor Exynos 2200, Exyno ...) + TODO: check +CVE-2024-30472 (Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive ...) + TODO: check +CVE-2024-30300 (Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier ...) + TODO: check +CVE-2024-30299 (Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier ...) + TODO: check +CVE-2024-30285 (Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Poin ...) + TODO: check +CVE-2024-30278 (Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected b ...) + TODO: check +CVE-2024-30276 (Audition versions 24.2, 23.6.4 and earlier Answer: are affected by an ...) + TODO: check +CVE-2024-30058 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-30057 (Microsoft Edge for iOS Spoofing Vulnerability) + TODO: check +CVE-2024-29169 (Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulner ...) + TODO: check +CVE-2024-29168 (Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulner ...) + TODO: check +CVE-2024-28969 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...) + TODO: check +CVE-2024-28968 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...) + TODO: check +CVE-2024-28967 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...) + TODO: check +CVE-2024-28966 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...) + TODO: check +CVE-2024-28965 (Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Con ...) + TODO: check +CVE-2024-25052 (IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clea ...) + TODO: check +CVE-2024-22441 (HPE Cray Parallel Application Launch Service (PALS) is subject to an a ...) + TODO: check +CVE-2024-22333 (IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8 ...) + TODO: check +CVE-2024-20753 (Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an ...) + TODO: check +CVE-2024-1565 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...) + TODO: check +CVE-2024-0979 (The Dashboard Widgets Suite plugin for WordPress is vulnerable to Refl ...) + TODO: check +CVE-2023-35860 (A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 ...) + TODO: check +CVE-2023-35859 (A Reflected Cross-Site Scripting (XSS) vulnerability in the blog funct ...) + TODO: check +CVE-2023-35858 (XPath Injection vulnerabilities in the blog and RSS functions of Moder ...) + TODO: check CVE-2024-5469 - gitlab <unfixed> CVE-2024-5787 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) @@ -942,14 +1132,14 @@ CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All ve CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...) NOT-FOR-US: WordPress plugin CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...) - {DSA-5709-1} + {DSA-5709-1 DLA-3825-1} - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702 CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...) - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701 CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ...) - {DSA-5709-1} + {DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700 @@ -964,7 +1154,7 @@ CVE-2024-5697 (A website was able to detect when a user took a screenshot of a p - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697 CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker could ...) - {DSA-5709-1} + {DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696 @@ -976,7 +1166,7 @@ CVE-2024-5694 (An attacker could have caused a use-after-free in the JavaScript - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694 CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, which c ...) - {DSA-5709-1} + {DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693 @@ -987,13 +1177,13 @@ CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker c NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692 CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...) - {DSA-5709-1} + {DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691 CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...) - {DSA-5709-1} + {DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690 @@ -1002,7 +1192,7 @@ CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689 CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-after-f ...) - {DSA-5709-1} + {DSA-5709-1 DLA-3825-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688 @@ -1937,11 +2127,11 @@ CVE-2023-49222 (Precor touchscreen console P82 contains a private SSH key that c NOT-FOR-US: Precor touchscreen console CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a remote atta ...) NOT-FOR-US: Precor touchscreen console -CVE-2024-37280 +CVE-2024-37280 (A flaw was discovered in Elasticsearch, affecting document ingestion w ...) - elasticsearch <removed> CVE-2024-23445 (It was identified that if a cross-cluster API key https://www.elastic ...) - elasticsearch <removed> -CVE-2024-37279 +CVE-2024-37279 (A flaw was discovered in Kibana, allowing view-only users of alerting ...) - kibana <itp> (bug #700337) CVE-2024-5154 (A flaw was found in cri-o. A malicious container can create a symbolic ...) - cri-o <itp> (bug #979702) @@ -2326,7 +2516,8 @@ CVE-2023-45192 (IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0 NOT-FOR-US: IBM CVE-2024-5665 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPr ...) NOT-FOR-US: WordPress plugin -CVE-2024-5656 (The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site ...) +CVE-2024-5656 + REJECTED NOT-FOR-US: WordPress plugin CVE-2024-5653 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Chanjet Smooth T+system @@ -147430,7 +147621,7 @@ CVE-2021-4238 (Randomly-generated alphanumeric strings contain significantly les NOTE: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 NOTE: https://pkg.go.dev/vuln/GO-2022-0411 CVE-2021-4237 - RESERVED + REJECTED CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...) NOT-FOR-US: ecnepsnai/web CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc9614649079f1bb94efa9fbf9e0735b86e0d89 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc9614649079f1bb94efa9fbf9e0735b86e0d89 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits