Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5b5587a2 by Moritz Muehlenhoff at 2024-10-03T20:45:17+02:00
NFUs / xz-utils n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6,7 +6,7 @@ CVE-2024-8352 (The Social Web Suite \u2013 Social Media Auto
Post, Social Media
CVE-2024-8159 (Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds
read vulne ...)
NOT-FOR-US: Deep Freeze
CVE-2024-47616 (Pomerium is an identity and context-aware access proxy. The
Pomerium d ...)
- TODO: check
+ NOT-FOR-US: Pomerium
CVE-2024-47136 (Out-of-bounds read vulnerability exists in Kostac PLC
Programming Soft ...)
NOT-FOR-US: Kostac PLC Programming Software
CVE-2024-47135 (Stack-based buffer overflow vulnerability exists in Kostac PLC
Program ...)
@@ -24,7 +24,7 @@ CVE-2024-24117 (Insecure Permissions vulnerability in Ruijie
RG-NBS2009G-P RGOS
CVE-2024-9441 (The Linear eMerge e3-Series through version 1.00-07 is
vulnerable to a ...)
NOT-FOR-US: Linear eMerge e3-Series
CVE-2024-9440 (Slim Select 2.0 versions through 2.9.0 are affected by a
potential cro ...)
- TODO: check
+ NOT-FOR-US: Node slim-select
CVE-2024-9429 (A vulnerability has been found in code-projects Restaurant
Reservation ...)
NOT-FOR-US: code-projects Restaurant Reservation System
CVE-2024-9423 (Certain HP LaserJet printers may potentially experience a
denial of se ...)
@@ -52,19 +52,19 @@ CVE-2024-7558 (JUJU_CONTEXT_ID is a predictable
authentication secret. On a Juju
CVE-2024-6360 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
NOT-FOR-US: OpenText
CVE-2024-47807 (Jenkins OpenId Connect Authentication Plugin
4.354.v321ce67a_1de8 and ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-47806 (Jenkins OpenId Connect Authentication Plugin
4.354.v321ce67a_1de8 and ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-47805 (Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier,
except 13 ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2024-47804 (If an attempt is made to create an item of a type prohibited
by `ACL#h ...)
- TODO: check
+ - jenkins <removed>
CVE-2024-47803 (Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not
redact mul ...)
- TODO: check
+ - jenkins <removed>
CVE-2024-47612 (DataDump is a MediaWiki extension that provides dumps of
wikis. Severa ...)
- TODO: check
+ NOT-FOR-US: DataDump MediaWiki extension
CVE-2024-47611 (XZ Utils provide a general-purpose data-compression library
plus comma ...)
- TODO: check
+ - xz-utils <not-affected> (Only affects Windows builds)
CVE-2024-47529 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
NOT-FOR-US: OpenC3 COSMOS
CVE-2024-46977 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
@@ -80,9 +80,9 @@ CVE-2024-45962 (October 3.6.30 allows an authenticated admin
account to upload a
CVE-2024-45960 (Zenario 9.7.61188 allows authenticated admin users to upload
PDF files ...)
NOT-FOR-US: Zenario
CVE-2024-44193 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44097 (According to the researcher: "The TLS connections are
encrypted agains ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44030 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-44017 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b5587a29eefec9e776c3f8b50e61bcc6860504f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b5587a29eefec9e776c3f8b50e61bcc6860504f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
