Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de29a7e5 by security tracker role at 2024-10-02T20:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2024-9441 (The Linear eMerge e3-Series through version 1.00-07 is
vulnerable to a ...)
+ TODO: check
+CVE-2024-9440 (Slim Select 2.0 versions through 2.9.0 are affected by a
potential cro ...)
+ TODO: check
+CVE-2024-9429 (A vulnerability has been found in code-projects Restaurant
Reservation ...)
+ TODO: check
+CVE-2024-9423 (Certain HP LaserJet printers may potentially experience a
denial of se ...)
+ TODO: check
+CVE-2024-9378 (The YML for Yandex Market plugin for WordPress is vulnerable to
Reflec ...)
+ TODO: check
+CVE-2024-9344 (The BerqWP \u2013 Automated All-In-One PageSpeed Optimization
Plugin f ...)
+ TODO: check
+CVE-2024-9218 (The Magazine Blocks \u2013 Blog Designer, Magazine & Newspaper
Website ...)
+ TODO: check
+CVE-2024-8885 (A local privilege escalation vulnerability in Sophos Intercept
X for W ...)
+ TODO: check
+CVE-2024-8733 (A potential security vulnerability has been identified in the
HP One A ...)
+ TODO: check
+CVE-2024-8505 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for
WordPre ...)
+ TODO: check
+CVE-2024-8282 (The Ibtana \u2013 WordPress Website Builder plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-8038 (Vulnerable juju introspection abstract UNIX domain socket. An
abstract ...)
+ TODO: check
+CVE-2024-8037 (Vulnerable juju hook tool abstract UNIX domain socket. When
combined w ...)
+ TODO: check
+CVE-2024-7558 (JUJU_CONTEXT_ID is a predictable authentication secret. On a
Juju mach ...)
+ TODO: check
+CVE-2024-6360 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
+ TODO: check
+CVE-2024-47807 (Jenkins OpenId Connect Authentication Plugin
4.354.v321ce67a_1de8 and ...)
+ TODO: check
+CVE-2024-47806 (Jenkins OpenId Connect Authentication Plugin
4.354.v321ce67a_1de8 and ...)
+ TODO: check
+CVE-2024-47805 (Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier,
except 13 ...)
+ TODO: check
+CVE-2024-47804 (If an attempt is made to create an item of a type prohibited
by `ACL#h ...)
+ TODO: check
+CVE-2024-47803 (Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not
redact mul ...)
+ TODO: check
+CVE-2024-47612 (DataDump is a MediaWiki extension that provides dumps of
wikis. Severa ...)
+ TODO: check
+CVE-2024-47611 (XZ Utils provide a general-purpose data-compression library
plus comma ...)
+ TODO: check
+CVE-2024-47529 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
+ TODO: check
+CVE-2024-46977 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
+ TODO: check
+CVE-2024-46626 (OS4ED openSIS-Classic v9.1 was discovered to contain a SQL
injection v ...)
+ TODO: check
+CVE-2024-45965 (Contao 5.4.1 allows an authenticated admin account to upload a
SVG fil ...)
+ TODO: check
+CVE-2024-45964 (Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS)
in the I ...)
+ TODO: check
+CVE-2024-45962 (October 3.6.30 allows an authenticated admin account to upload
a PDF f ...)
+ TODO: check
+CVE-2024-45960 (Zenario 9.7.61188 allows authenticated admin users to upload
PDF files ...)
+ TODO: check
+CVE-2024-44193 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2024-44097 (According to the researcher: "The TLS connections are
encrypted agains ...)
+ TODO: check
+CVE-2024-44030 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-44017 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43795 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
+ TODO: check
+CVE-2024-41290 (FlatPress CMS v1.3.1 1.3 was discovered to use insecure
methods to sto ...)
+ TODO: check
+CVE-2024-35294 (An unauthenticated remote attacker may use the devices traffic
capture ...)
+ TODO: check
+CVE-2024-35293 (An unauthenticated remote attacker may use a missing
authentication fo ...)
+ TODO: check
+CVE-2024-33210 (A cross-site scripting (XSS) vulnerability has been identified
in Flat ...)
+ TODO: check
+CVE-2024-33209 (FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An
attacke ...)
+ TODO: check
+CVE-2024-24122 (A remote code execution vulnerability in the project
management of Wan ...)
+ TODO: check
+CVE-2024-24116 (An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2
Release(9736) allows ...)
+ TODO: check
+CVE-2024-20524 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20523 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20522 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20521 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20520 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20519 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20518 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20517 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20516 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20515 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2024-20513 (A vulnerability in the Cisco AnyConnect VPN server of Cisco
Meraki MX ...)
+ TODO: check
+CVE-2024-20509 (A vulnerability in the Cisco AnyConnect VPN server of Cisco
Meraki MX ...)
+ TODO: check
+CVE-2024-20502 (A vulnerability in the Cisco AnyConnect VPN server of Cisco
Meraki MX ...)
+ TODO: check
+CVE-2024-20501 (Multiple vulnerabilities in the Cisco AnyConnect VPN server of
Cisco M ...)
+ TODO: check
+CVE-2024-20500 (A vulnerability in the Cisco AnyConnect VPN server of Cisco
Meraki MX ...)
+ TODO: check
+CVE-2024-20499 (Multiple vulnerabilities in the Cisco AnyConnect VPN server of
Cisco M ...)
+ TODO: check
+CVE-2024-20498 (Multiple vulnerabilities in the Cisco AnyConnect VPN server of
Cisco M ...)
+ TODO: check
+CVE-2024-20492 (A vulnerability in the restricted shell of Cisco Expressway
Series cou ...)
+ TODO: check
+CVE-2024-20491 (A vulnerability in a logging function of Cisco Nexus Dashboard
Insight ...)
+ TODO: check
+CVE-2024-20490 (A vulnerability in a logging function of Cisco Nexus Dashboard
Fabric ...)
+ TODO: check
+CVE-2024-20477 (A vulnerability in a specific REST API endpoint of Cisco NDFC
could al ...)
+ TODO: check
+CVE-2024-20470 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20449 (A vulnerability in Cisco Nexus Dashboard Fabric Controller
(NDFC) coul ...)
+ TODO: check
+CVE-2024-20448 (A vulnerability in the Cisco Nexus Dashboard Fabric Controller
(NDFC) ...)
+ TODO: check
+CVE-2024-20444 (A vulnerability in Cisco Nexus Dashboard Fabric Controller
(NDFC), for ...)
+ TODO: check
+CVE-2024-20442 (A vulnerability in the REST API endpoints of Cisco Nexus
Dashboard cou ...)
+ TODO: check
+CVE-2024-20441 (A vulnerability in a specific REST API endpoint of Cisco NDFC
could al ...)
+ TODO: check
+CVE-2024-20438 (A vulnerability in the REST API endpoints of Cisco NDFC could
allow an ...)
+ TODO: check
+CVE-2024-20432 (A vulnerability in the REST API and web UI of Cisco Nexus
Dashboard Fa ...)
+ TODO: check
+CVE-2024-20393 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20385 (A vulnerability in the SSL/TLS implementation of Cisco Nexus
Dashboard ...)
+ TODO: check
+CVE-2024-20365 (A vulnerability in the Redfish API of Cisco UCS B-Series,
Cisco UCS Ma ...)
+ TODO: check
CVE-2024-XXXX [znuny zsa-2024-05]
- znuny 6.5.11-1
[bookworm] - znuny <no-dsa> (Non-free not supported)
@@ -27877,7 +28023,8 @@ CVE-2024-5489 (The Wbcom Designs \u2013 Custom Font
Uploader plugin for WordPres
NOT-FOR-US: WordPress plugin
CVE-2024-5482 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the 'add_ ...)
NOT-FOR-US: parisneo/lollms-webui
-CVE-2024-5480 (A vulnerability in the PyTorch's torch.distributed.rpc
framework, spec ...)
+CVE-2024-5480
+ REJECTED
NOTE: Non issue as only documented to be used for internal
communication:
NOTE:
https://github.com/pytorch/pytorch/security/policy#using-distributed-features
NOTE: https://github.com/pytorch/pytorch/issues/129228
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de29a7e5c8db2db1226268a506fc3aeba5d9c612
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de29a7e5c8db2db1226268a506fc3aeba5d9c612
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
