Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7fa2d151 by Moritz Muehlenhoff at 2024-10-10T09:56:38+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,131 +3,131 @@ CVE-2024-9680 (An attacker was able to achieve code
execution in the content pro
CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not
properly val ...)
TODO: check
CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism
to see ...)
- TODO: check
+ NOT-FOR-US: Red Hat 3scale
CVE-2024-9575 (Local File Inclusion vulnerability in pretix Widget WordPress
plugin p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9473 (A privilege escalation vulnerability in the Palo Alto Networks
GlobalP ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9471 (A privilege escalation (PE) vulnerability in the XML API of
Palo Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9470 (A vulnerability in Cortex XSOAR allows the disclosure of
incident data ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9469 (A problem with a detection mechanism in the Palo Alto Networks
Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9468 (A memory corruption vulnerability in Palo Alto Networks PAN-OS
softwar ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9467 (A reflected XSS vulnerability in Palo Alto Networks Expedition
enables ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9466 (A cleartext storage of sensitive information vulnerability in
Palo Alt ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9465 (An SQL injection vulnerability in Palo Alto Networks Expedition
allows ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9464 (An OS command injection vulnerability in Palo Alto Networks
Expedition ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9463 (An OS command injection vulnerability in Palo Alto Networks
Expedition ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9451 (The Embed PDF Viewer plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9449 (The Auto iFrame plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9412 (An improper authorization vulnerability exists in the Rockwell
Automat ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2024-9381 (Path traversal in Ivanti CSA before version 5.0.2 allows a
remote auth ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9380 (An OS command injection vulnerability in the admin web console
of Ivan ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9379 (SQL injection in the admin web console of Ivanti CSA before
version 5. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9286 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Distant Education Platform
CVE-2024-9207 (The BuddyPress Docs plugin for WordPress is vulnerable to
Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9167 (Under specific circumstances, insecure permissions in Ivanti
Velocity ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9124 (A denial-of-service vulnerability exists in the Rockwell
Automation Po ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2024-9005 (CWE-502: Deserialization of Untrusted Data vulnerability exists
that c ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8943 (The LatePoint plugin for WordPress is vulnerable to
authentication byp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8911 (The LatePoint plugin for WordPress is vulnerable to Arbitrary
User Pas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8884 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor vu ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8629 (The WooCommerce Multilingual & Multicurrency with WPML plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8626 (Due to a memory leak, a denial-of-service vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2024-8518 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8488 (The Survey Maker plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8482 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8433 (The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin
for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8431 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8422 (CWE-416: Use After Free vulnerability exists that could cause
arbitrar ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8215 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Payara
CVE-2024-8048 (In Progress Telerik Reporting versions prior to 2024 Q3
(18.2.24.924), ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-8015 (In Progress Telerik Report Server versions prior to 2024 Q3
(10.2.24.9 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-8014 (In Progress Telerik Reporting versions prior to 2024 Q3
(18.2.24.924), ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7963 (The CMSMasters Content Composer plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7840 (In Progress Telerik Reporting versions prior to 2024 Q3
(2024.3.924), ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7612 (Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a
local auth ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-7294 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q3 (1 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7293 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q3 (1 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7292 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q3 (1 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7041 (An Insecure Direct Object Reference (IDOR) vulnerability exists
in ope ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2024-7038 (An information disclosure vulnerability exists in open-webui
version 0 ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2024-7037 (In version v0.3.8 of open-webui/open-webui, the endpoint
/api/pipeline ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2024-5968 (The Photo Gallery by 10Web WordPress plugin before 1.8.28 does
not pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47951 (In JetBrains TeamCity before 2024.07.3 stored XSS was possible
via ser ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47950 (In JetBrains TeamCity before 2024.07.3 stored XSS was possible
in Back ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47949 (In JetBrains TeamCity before 2024.07.3 path traversal allowed
backup f ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47948 (In JetBrains TeamCity before 2024.07.3 path traversal leading
to infor ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47833 (Taipy is an open-source Python library for easy, end-to-end
applicatio ...)
- TODO: check
+ NOT-FOR-US: Taipy
CVE-2024-47832 (ssoready is a single sign on provider implemented via docker.
Affected ...)
- TODO: check
+ NOT-FOR-US: ssoready
CVE-2024-47828 (ampache is a web based audio/video streaming application and
file mana ...)
- TODO: check
+ - ampache <removed>
CVE-2024-47823 (Livewire is a full-stack framework for Laravel that allows for
dynamic ...)
- TODO: check
+ NOT-FOR-US: Livewire
CVE-2024-47822 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2024-47816 (ImportDump is a mediawiki extension designed to automate user
import r ...)
- TODO: check
+ NOT-FOR-US: ImportDump MediaWiki extension
CVE-2024-47815 (IncidentReporting is a MediaWiki extension for moving incident
reports ...)
- TODO: check
+ NOT-FOR-US: IncidentReporting MediaWiki extension
CVE-2024-47813 (Wasmtime is an open source runtime for WebAssembly. Under
certain conc ...)
TODO: check
CVE-2024-47812 (ImportDump is an extension for mediawiki designed to automate
user imp ...)
- TODO: check
+ NOT-FOR-US: ImportDump MediaWiki extension
CVE-2024-47780 (TYPO3 is a free and open source Content Management Framework.
Backend ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2024-47773 (Discourse is an open source platform for community discussion.
An atta ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-47763 (Wasmtime is an open source runtime for WebAssembly. Wasmtime's
impleme ...)
TODO: check
CVE-2024-47673 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
@@ -163,47 +163,47 @@ CVE-2024-47659 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2024-47658 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
TODO: check
CVE-2024-47565 (A vulnerability has been identified in Siemens SINEC Security
Monitor ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-47563 (A vulnerability has been identified in Siemens SINEC Security
Monitor ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-47562 (A vulnerability has been identified in Siemens SINEC Security
Monitor ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-47553 (A vulnerability has been identified in Siemens SINEC Security
Monitor ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-47425 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47424 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47423 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47422 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47421 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47420 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47419 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47418 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47417 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47416 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47415 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47414 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47413 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47412 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47411 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
Access ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47410 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Stack-ba ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47334 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47196 (A vulnerability has been identified in ModelSim (All versions
< V2024. ...)
TODO: check
CVE-2024-47195 (A vulnerability has been identified in ModelSim (All versions
< V2024. ...)
@@ -211,19 +211,19 @@ CVE-2024-47195 (A vulnerability has been identified in
ModelSim (All versions <
CVE-2024-47194 (A vulnerability has been identified in ModelSim (All versions
< V2024. ...)
TODO: check
CVE-2024-47161 (In JetBrains TeamCity before 2024.07.3 password could be
exposed via S ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47046 (A vulnerability has been identified in Simcenter Nastran 2306
(All ver ...)
TODO: check
CVE-2024-47011 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-47010 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-47009 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-47008 (Server-side request forgery in Ivanti Avalanche before version
6.4.5 a ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-47007 (A NULL pointer dereference in WLAvalancheService.exe of Ivanti
Avalanc ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-46887 (The web server of affected devices do not properly
authenticate user r ...)
TODO: check
CVE-2024-46886 (The web server of affected devices does not properly validate
input th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa2d15189ae9a8c995ef545d08e6673ed20e435
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa2d15189ae9a8c995ef545d08e6673ed20e435
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
