[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 13 Jun 2024 13:17:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dcc96146 by security tracker role at 2024-06-13T20:14:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2024-5952 (Deep Sea Electronics DSE855 Restart Missing Authentication 
Denial-of-S ...)
+       TODO: check
+CVE-2024-5951 (Deep Sea Electronics DSE855 Factory Reset Missing 
Authentication Denia ...)
+       TODO: check
+CVE-2024-5950 (Deep Sea Electronics DSE855 Multipart Value Handling 
Stack-Based Buffe ...)
+       TODO: check
+CVE-2024-5949 (Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop 
Denial-of ...)
+       TODO: check
+CVE-2024-5948 (Deep Sea Electronics DSE855 Multipart Boundary Stack-Based 
Buffer Over ...)
+       TODO: check
+CVE-2024-5947 (Deep Sea Electronics DSE855 Configuration Backup Missing 
Authenticatio ...)
+       TODO: check
+CVE-2024-5927
+       REJECTED
+CVE-2024-5924 (Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass 
Vulnerability. T ...)
+       TODO: check
+CVE-2024-4696 (A privilege escalation vulnerability was reported in Lenovo 
Service Br ...)
+       TODO: check
+CVE-2024-4371 (The CoDesigner WooCommerce Builder for Elementor \u2013 
Customize Chec ...)
+       TODO: check
+CVE-2024-4176 (An Cross site scripting vulnerability in the EDR XConsole 
before this  ...)
+       TODO: check
+CVE-2024-3073 (The Easy WP SMTP by SendLayer \u2013 WordPress SMTP and Email 
Log Plug ...)
+       TODO: check
+CVE-2024-38313 (In certain scenarios a malicious website could attempt to 
display a fa ...)
+       TODO: check
+CVE-2024-38312 (When browsing private tabs, some data related to location 
history or w ...)
+       TODO: check
+CVE-2024-38285 (Logs storing credentials are insufficiently protected and can 
be decod ...)
+       TODO: check
+CVE-2024-38284 (Transmitted data is logged between the device and the backend 
service. ...)
+       TODO: check
+CVE-2024-38283 (Sensitive customer information is stored in the device without 
encrypt ...)
+       TODO: check
+CVE-2024-38282 (Utilizing default credentials, an attacker is able to log into 
the cam ...)
+       TODO: check
+CVE-2024-38281 (An attacker can access the maintenance console using hard 
coded creden ...)
+       TODO: check
+CVE-2024-38280 (An unauthorized user is able to gain access to sensitive data, 
includi ...)
+       TODO: check
+CVE-2024-38279 (The affected product is vulnerable to an attacker modifying 
the bootlo ...)
+       TODO: check
+CVE-2024-38083 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2024-37877 (UERANSIM before 3.2.6 allows out-of-bounds read when a RLS 
packet is s ...)
+       TODO: check
+CVE-2024-37849 (A SQL Injection vulnerability in itsourcecode Billing System 
1.0 allow ...)
+       TODO: check
+CVE-2024-37635 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to 
contain a stac ...)
+       TODO: check
+CVE-2024-37634 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to 
contain a stac ...)
+       TODO: check
+CVE-2024-37633 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to 
contain a stac ...)
+       TODO: check
+CVE-2024-37632 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to 
contain a stac ...)
+       TODO: check
+CVE-2024-37631 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to 
contain a stac ...)
+       TODO: check
+CVE-2024-37630 (D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded 
passwor ...)
+       TODO: check
+CVE-2024-37309 (CrateDB is a distributed SQL database. A high-risk 
vulnerability has b ...)
+       TODO: check
+CVE-2024-37308 (The Cooked Pro recipe plugin for WordPress is vulnerable to 
Persistent ...)
+       TODO: check
+CVE-2024-37307 (Cilium is a networking, observability, and security solution 
with an e ...)
+       TODO: check
+CVE-2024-37306 (Computer Vision Annotation Tool (CVAT) is an interactive video 
and ima ...)
+       TODO: check
+CVE-2024-37164 (Computer Vision Annotation Tool (CVAT) is an interactive video 
and ima ...)
+       TODO: check
+CVE-2024-37131 (SCG Policy Manager, all versions, contains an overly 
permissive Cross- ...)
+       TODO: check
+CVE-2024-37029 (Fuji Electric Tellus Lite V-Simulator  is vulnerable to a 
stack-based  ...)
+       TODO: check
+CVE-2024-37022 (Fuji Electric Tellus Lite V-Simulator  is vulnerable to an 
out-of-boun ...)
+       TODO: check
+CVE-2024-36760 (A stack overflow vulnerability was found in version 1.18.0 of 
rhai. Th ...)
+       TODO: check
+CVE-2024-36647 (A stored cross-site scripting (XSS) vulnerability in Church 
CRM v5.8.0 ...)
+       TODO: check
+CVE-2024-36589 (An issue in Annonshop.app DecentralizeJustice/anonymousLocker 
commit 2 ...)
+       TODO: check
+CVE-2024-36588 (An issue in Annonshop.app DecentralizeJustice/ anonymousLocker 
commit  ...)
+       TODO: check
+CVE-2024-36587 (Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 
allows n ...)
+       TODO: check
+CVE-2024-36586 (An issue in AdGuardHome v0.93 to latest allows unprivileged 
attackers  ...)
+       TODO: check
+CVE-2024-36396 (Verint - CWE-434: Unrestricted Upload of File with Dangerous 
Type)
+       TODO: check
+CVE-2024-36395 (Verint - CWE-80: Improper Neutralization of Script-Related 
HTML Tags i ...)
+       TODO: check
+CVE-2024-35328 (libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue 
is the fu ...)
+       TODO: check
+CVE-2024-35326 (libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by 
this issu ...)
+       TODO: check
+CVE-2024-35325 (A vulnerability was found in libyaml up to 0.2.5. Affected by 
this iss ...)
+       TODO: check
+CVE-2024-34130 (Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier 
are affe ...)
+       TODO: check
+CVE-2024-34129 (Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier 
are affe ...)
+       TODO: check
+CVE-2024-34116 (Creative Cloud Desktop versions 6.1.0.587 and earlier are 
affected by  ...)
+       TODO: check
+CVE-2024-34115 (Substance3D - Stager versions 2.1.4 and earlier are affected 
by an out ...)
+       TODO: check
+CVE-2024-34113 (ColdFusion versions 2023u7, 2021u13 and earlier are affected 
by a Weak ...)
+       TODO: check
+CVE-2024-34112 (ColdFusion versions 2023u7, 2021u13 and earlier are affected 
by an Imp ...)
+       TODO: check
+CVE-2024-34111 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34110 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34109 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34108 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34107 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34106 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34105 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34104 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34103 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-34102 (Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 
and earlie ...)
+       TODO: check
+CVE-2024-32860 (Dell Client Platform BIOS contains an Improper Input 
Validation vulner ...)
+       TODO: check
+CVE-2024-32859 (Dell Client Platform BIOS contains an Improper Input 
Validation vulner ...)
+       TODO: check
+CVE-2024-32858 (Dell Client Platform BIOS contains an Improper Input 
Validation vulner ...)
+       TODO: check
+CVE-2024-32856 (Dell Client Platform BIOS contains an Improper Input 
Validation vulner ...)
+       TODO: check
+CVE-2024-32504 (An issue was discovered in Samsung Mobile Processor and 
Wearable Proce ...)
+       TODO: check
+CVE-2024-31956 (An issue was discovered in Samsung Mobile Processor Exynos 
2200, Exyno ...)
+       TODO: check
+CVE-2024-30472 (Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a 
sensitive ...)
+       TODO: check
+CVE-2024-30300 (Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and 
earlier ...)
+       TODO: check
+CVE-2024-30299 (Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and 
earlier ...)
+       TODO: check
+CVE-2024-30285 (Audition versions 24.2, 23.6.4 and earlier are affected by a 
NULL Poin ...)
+       TODO: check
+CVE-2024-30278 (Media Encoder versions 23.6.5, 24.3 and earlier Answer: are 
affected b ...)
+       TODO: check
+CVE-2024-30276 (Audition versions 24.2, 23.6.4 and earlier Answer: are 
affected by an  ...)
+       TODO: check
+CVE-2024-30058 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2024-30057 (Microsoft Edge for iOS Spoofing Vulnerability)
+       TODO: check
+CVE-2024-29169 (Dell SCG, versions prior to 5.22.00.00, contain a SQL 
Injection Vulner ...)
+       TODO: check
+CVE-2024-29168 (Dell SCG, versions prior to 5.22.00.00, contain a SQL 
Injection Vulner ...)
+       TODO: check
+CVE-2024-28969 (Dell SCG, versions prior to 5.24.00.00, contain an Improper 
Access Con ...)
+       TODO: check
+CVE-2024-28968 (Dell SCG, versions prior to 5.24.00.00, contain an Improper 
Access Con ...)
+       TODO: check
+CVE-2024-28967 (Dell SCG, versions prior to 5.24.00.00, contain an Improper 
Access Con ...)
+       TODO: check
+CVE-2024-28966 (Dell SCG, versions prior to 5.24.00.00, contain an Improper 
Access Con ...)
+       TODO: check
+CVE-2024-28965 (Dell SCG, versions prior to 5.24.00.00, contain an Improper 
Access Con ...)
+       TODO: check
+CVE-2024-25052 (IBM Jazz Reporting Service 7.0.3 stores user credentials in 
plain clea ...)
+       TODO: check
+CVE-2024-22441 (HPE Cray Parallel Application Launch Service (PALS) is subject 
to an a ...)
+       TODO: check
+CVE-2024-22333 (IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application 
Suite 8 ...)
+       TODO: check
+CVE-2024-20753 (Photoshop Desktop versions 24.7.3, 25.7 and earlier are 
affected by an ...)
+       TODO: check
+CVE-2024-1565 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, 
Wistia V ...)
+       TODO: check
+CVE-2024-0979 (The Dashboard Widgets Suite plugin for WordPress is vulnerable 
to Refl ...)
+       TODO: check
+CVE-2023-35860 (A Directory Traversal vulnerability in Modern Campus - Omni 
CMS 2023.1 ...)
+       TODO: check
+CVE-2023-35859 (A Reflected Cross-Site Scripting (XSS) vulnerability in the 
blog funct ...)
+       TODO: check
+CVE-2023-35858 (XPath Injection vulnerabilities in the blog and RSS functions 
of Moder ...)
+       TODO: check
 CVE-2024-5469
        - gitlab <unfixed>
 CVE-2024-5787 (The PowerPack Addons for Elementor (Free Widgets, Extensions 
and Templ ...)
@@ -942,14 +1132,14 @@ CVE-2023-38533 (A vulnerability has been identified in 
TIA Administrator (All ve
 CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor 
Website Bui ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-5702 (Memory corruption in the networking stack could have led to a 
potentia ...)
-       {DSA-5709-1}
+       {DSA-5709-1 DLA-3825-1}
        - firefox-esr 115.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
 CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs 
showed e ...)
        - firefox 127.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
 CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, 
and Thu ...)
-       {DSA-5709-1}
+       {DSA-5709-1 DLA-3825-1}
        - firefox 127.0-1
        - firefox-esr 115.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
@@ -964,7 +1154,7 @@ CVE-2024-5697 (A website was able to detect when a user 
took a screenshot of a p
        - firefox 127.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
 CVE-2024-5696 (By manipulating the text in an `&lt;input&gt;` tag, an attacker 
could  ...)
-       {DSA-5709-1}
+       {DSA-5709-1 DLA-3825-1}
        - firefox 127.0-1
        - firefox-esr 115.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
@@ -976,7 +1166,7 @@ CVE-2024-5694 (An attacker could have caused a 
use-after-free in the JavaScript
        - firefox 127.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
 CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, 
which c ...)
-       {DSA-5709-1}
+       {DSA-5709-1 DLA-3825-1}
        - firefox 127.0-1
        - firefox-esr 115.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
@@ -987,13 +1177,13 @@ CVE-2024-5692 (On Windows, when using the 'Save As' 
functionality, an attacker c
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
 CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a 
sandboxed i ...)
-       {DSA-5709-1}
+       {DSA-5709-1 DLA-3825-1}
        - firefox 127.0-1
        - firefox-esr 115.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
 CVE-2024-5690 (By monitoring the time certain operations take, an attacker 
could have ...)
-       {DSA-5709-1}
+       {DSA-5709-1 DLA-3825-1}
        - firefox 127.0-1
        - firefox-esr 115.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
@@ -1002,7 +1192,7 @@ CVE-2024-5689 (In addition to detecting when a user was 
taking a screenshot (XXX
        - firefox 127.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
 CVE-2024-5688 (If a garbage collection was triggered at the right time, a 
use-after-f ...)
-       {DSA-5709-1}
+       {DSA-5709-1 DLA-3825-1}
        - firefox 127.0-1
        - firefox-esr 115.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
@@ -1937,11 +2127,11 @@ CVE-2023-49222 (Precor touchscreen console P82 contains 
a private SSH key that c
        NOT-FOR-US: Precor touchscreen console
 CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a 
remote atta ...)
        NOT-FOR-US: Precor touchscreen console
-CVE-2024-37280
+CVE-2024-37280 (A flaw was discovered in Elasticsearch, affecting document 
ingestion w ...)
        - elasticsearch <removed>
 CVE-2024-23445 (It was identified that if a  cross-cluster API key 
https://www.elastic ...)
        - elasticsearch <removed>
-CVE-2024-37279
+CVE-2024-37279 (A flaw was discovered in Kibana, allowing view-only users of 
alerting  ...)
        - kibana <itp> (bug #700337)
 CVE-2024-5154 (A flaw was found in cri-o. A malicious container can create a 
symbolic ...)
        - cri-o <itp> (bug #979702)
@@ -2326,7 +2516,8 @@ CVE-2023-45192 (IBM Engineering Requirements Management 
DOORS Next 7.0.2 and 7.0
        NOT-FOR-US: IBM
 CVE-2024-5665 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for 
WordPr ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-5656 (The Google CSE plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+CVE-2024-5656
+       REJECTED
        NOT-FOR-US: WordPress plugin
 CVE-2024-5653 (A vulnerability, which was classified as critical, has been 
found in C ...)
        NOT-FOR-US: Chanjet Smooth T+system
@@ -147430,7 +147621,7 @@ CVE-2021-4238 (Randomly-generated alphanumeric 
strings contain significantly les
        NOTE: 
https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
        NOTE: https://pkg.go.dev/vuln/GO-2022-0411
 CVE-2021-4237
-       RESERVED
+       REJECTED
 CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which 
may be ...)
        NOT-FOR-US: ecnepsnai/web
 CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file 
can ca ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc9614649079f1bb94efa9fbf9e0735b86e0d89

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcc9614649079f1bb94efa9fbf9e0735b86e0d89
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to