Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d141112 by Salvatore Bonaccorso at 2024-09-11T10:47:06+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,21 +25,21 @@ CVE-2024-7721 (The HTML5 Video Player \u2013 mp4 Video
Player Plugin and Block p
CVE-2024-7716 (The Logo Slider WordPress plugin before 3.6.9 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7626 (The WP Delicious \u2013 Recipe Plugin for Food Bloggers
(formerly Deli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45597 (Pluto is a superset of Lua 5.4 with a focus on general-purpose
program ...)
TODO: check
CVE-2024-44107 (DLL hijacking in the management console of Ivanti Workspace
Control ve ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-44106 (Insufficient server-side controls in the management console of
Ivanti ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-44105 (Cleartext transmission of sensitive information in the
management cons ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-44104 (An incorrectly implemented authentication scheme that is
subjected to ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-44103 (DLL hijacking in the management console of Ivanti Workspace
Control ve ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-43690 (Inclusion of Functionality from Untrusted Control
Sphere(CWE-829) in t ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-40662 (In scheme of Uri.java, there is a possible way to craft a
malformed Ur ...)
TODO: check
CVE-2024-40659 (In getRegistration of RemoteProvisioningService.java, there is
a possi ...)
@@ -145,7 +145,7 @@ CVE-2024-45595 (D-Tale is a visualizer for Pandas data
structures. Users hosting
CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A
bug in Ni ...)
TODO: check
CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle,
integrates audi ...)
- TODO: check
+ NOT-FOR-US: auditor-bundle / DoctrineAuditBundle
CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API
exposes the hi ...)
NOT-FOR-US: XWiki
CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser
<1.20.3 is ...)
@@ -155,9 +155,9 @@ CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR
practitioners by provi
CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a
SAML au ...)
TODO: check
CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight.
Clients that ...)
- TODO: check
+ NOT-FOR-US: Sunshine
CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video
and ima ...)
- TODO: check
+ NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR
Manager ...)
NOT-FOR-US: FortiGuard
CVE-2024-45044 (Bareos is open source software for backup, archiving, and
recovery of ...)
@@ -178,9 +178,9 @@ CVE-2024-44867 (phpok v3.0 was discovered to contain an
arbitrary file read vuln
CVE-2024-44815 (Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24
allows a ph ...)
NOT-FOR-US: Hathway Skyworth Router CM5100
CVE-2024-44677 (eladmin v2.7 and before is vulnerable to Server-Side Request
Forgery ( ...)
- TODO: check
+ NOT-FOR-US: eladmin
CVE-2024-44676 (eladmin v2.7 and before is vulnerable to Cross Site Scripting
(XSS) wh ...)
- TODO: check
+ NOT-FOR-US: eladmin
CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE
Router M7628 ...)
NOT-FOR-US: Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE
Router
CVE-2024-44087 (A vulnerability has been identified in Automation License
Manager V5 ( ...)
@@ -194,9 +194,9 @@ CVE-2024-43796 (Express.js minimalist web framework for
node. In express < 4.20.
CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2024-43647 (A vulnerability has been identified in SIMATIC S7-200 SMART
CPU CR40 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-43495 (Windows libarchive Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43492 (Microsoft AutoUpdate (MAU) Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-43491 (Microsoft is aware of a vulnerability in Servicing Stack that
has roll ...)
@@ -256,59 +256,59 @@ CVE-2024-43386 (A low privileged remote attacker can
trigger the execution of ar
CVE-2024-43385 (A low privileged remote attacker can trigger theexecution of
arbitrary ...)
TODO: check
CVE-2024-43040 (Renwoxing Enterprise Intelligent Management System before v3.0
was dis ...)
- TODO: check
+ NOT-FOR-US: Renwoxing Enterprise Intelligent Management System
CVE-2024-42425 (Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2,
contains ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-42423 (Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311
contains ...)
- TODO: check
+ NOT-FOR-US: Citrix Workspace App on Dell ThinOS 2311
CVE-2024-42345 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-42344 (A vulnerability has been identified in SINEMA Remote Connect
Client (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41171 (A vulnerability has been identified in SINUMERIK 828D V4 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41170 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-40754 (Heap-based Buffer Overflow vulnerability in Samsung Open
Source Escarg ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-39583 (Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains
a Use of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-39582 (Dell PowerScale InsightIQ, version 5.0, contain a Use of hard
coded Cr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-39581 (Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains
a File o ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-39580 (Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains
an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-39574 (Dell PowerScale InsightIQ, version 5.1, contain an Improper
Privilege ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-38263 (Windows Remote Desktop Licensing Service Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38260 (Windows Remote Desktop Licensing Service Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38259 (Microsoft Management Console Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38258 (Windows Remote Desktop Licensing Service Information
Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38257 (Microsoft AllJoyn API Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38256 (Windows Kernel-Mode Driver Information Disclosure
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38254 (Windows Authentication Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38253 (Windows Win32 Kernel Subsystem Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38252 (Windows Win32 Kernel Subsystem Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38250 (Windows Graphics Component Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38249 (Windows Graphics Component Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38248 (Windows Storage Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38247 (Windows Graphics Component Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38246 (Win32k Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38245 (Kernel Streaming Service Driver Elevation of Privilege
Vulnerability)
TODO: check
CVE-2024-38244 (Kernel Streaming Service Driver Elevation of Privilege
Vulnerability)
@@ -320,89 +320,89 @@ CVE-2024-38242 (Kernel Streaming Service Driver Elevation
of Privilege Vulnerabi
CVE-2024-38241 (Kernel Streaming Service Driver Elevation of Privilege
Vulnerability)
TODO: check
CVE-2024-38240 (Windows Remote Access Connection Manager Elevation of
Privilege Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38239 (Windows Kerberos Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38238 (Kernel Streaming Service Driver Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38237 (Kernel Streaming WOW Thunk Service Driver Elevation of
Privilege Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38236 (DHCP Server Service Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38235 (Windows Hyper-V Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38234 (Windows Networking Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38233 (Windows Networking Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38232 (Windows Networking Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38231 (Windows Remote Desktop Licensing Service Denial of Service
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38230 (Windows Standards-Based Storage Management Service Denial of
Service V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38228 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38227 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38226 (Microsoft Publisher Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38225 (Microsoft Dynamics 365 Business Central Elevation of Privilege
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38220 (Azure Stack Hub Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38217 (Windows Mark of the Web Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38216 (Azure Stack Hub Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38194 (An authenticated attacker can exploit an improper
authorization vulner ...)
TODO: check
CVE-2024-38188 (Azure Network Watcher VM Agent Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38119 (Windows Network Address Translation (NAT) Remote Code
Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38046 (PowerShell Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38045 (Windows TCP/IP Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38018 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38014 (Windows Installer Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37995 (A vulnerability has been identified in SIMATIC Reader RF610R
CMIIT (6G ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37994 (A vulnerability has been identified in SIMATIC Reader RF610R
CMIIT (6G ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37993 (A vulnerability has been identified in SIMATIC Reader RF610R
CMIIT (6G ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37992 (A vulnerability has been identified in SIMATIC Reader RF610R
CMIIT (6G ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37991 (A vulnerability has been identified in SIMATIC Reader RF610R
CMIIT (6G ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37990 (A vulnerability has been identified in SIMATIC Reader RF610R
CMIIT (6G ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37980 (Microsoft SQL Server Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37966 (Microsoft SQL Server Native Scoring Information Disclosure
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37965 (Microsoft SQL Server Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37728 (Arbitrary File Read vulnerability in Xi'an Daxi Information
Technology ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37342 (Microsoft SQL Server Native Scoring Information Disclosure
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37341 (Microsoft SQL Server Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37340 (Microsoft SQL Server Native Scoring Remote Code Execution
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37339 (Microsoft SQL Server Native Scoring Remote Code Execution
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37338 (Microsoft SQL Server Native Scoring Remote Code Execution
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37337 (Microsoft SQL Server Native Scoring Information Disclosure
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37335 (Microsoft SQL Server Native Scoring Remote Code Execution
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-36511 (An improperly implemented security check for standard
vulnerability [C ...)
TODO: check
CVE-2024-35783 (A vulnerability has been identified in SIMATIC BATCH V9.1 (All
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d141112caf15ddf9c97a0bc07244d420450cff1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d141112caf15ddf9c97a0bc07244d420450cff1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
