Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36b1de61 by security tracker role at 2024-11-12T20:12:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,536 @@
-CVE-2024-49369
+CVE-2024-9999 (In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect
Implem ...)
+ TODO: check
+CVE-2024-9998
+ REJECTED
+CVE-2024-9843 (A buffer over-read in Ivanti Secure Access Client before 22.7R4
allows ...)
+ TODO: check
+CVE-2024-9842 (Incorrect permissions in Ivanti Secure Access Client before
version 22 ...)
+ TODO: check
+CVE-2024-9420 (A use-after-free in Ivanti Connect Secure before version
22.7R2.3 and ...)
+ TODO: check
+CVE-2024-8539 (Improper authorization in Ivanti Secure Access Client before
version 2 ...)
+ TODO: check
+CVE-2024-8535 (Authenticated user can access unintended user
capabilitiesinNetScaler ...)
+ TODO: check
+CVE-2024-8534 (Memory safety vulnerability leading to memory corruption and
Denial of ...)
+ TODO: check
+CVE-2024-8495 (A null pointer dereference in Ivanti Connect Secure before
version 22. ...)
+ TODO: check
+CVE-2024-8074 (Improper Privilege Management vulnerability in Nomysoft
Informatics No ...)
+ TODO: check
+CVE-2024-8069 (Limited remote code execution with privilege of a
NetworkService Accou ...)
+ TODO: check
+CVE-2024-8068 (Privilege escalation to NetworkService Account accessin Citrix
Session ...)
+ TODO: check
+CVE-2024-7571 (Incorrect permissions in Ivanti Secure Access Client before
22.7R4 all ...)
+ TODO: check
+CVE-2024-7516 (A vulnerability in Brocade Fabric OS versions before 9.2.2
could allow ...)
+ TODO: check
+CVE-2024-52301 (Laravel is a web application framework. When the
register_argc_argv ph ...)
+ TODO: check
+CVE-2024-52297 (Tolgee is an open-source localization platform. Tolgee 3.81.1
included ...)
+ TODO: check
+CVE-2024-52296 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open
Supervised D ...)
+ TODO: check
+CVE-2024-52010 (Zoraxy is a general purpose HTTP reverse proxy and forwarding
tool. A ...)
+ TODO: check
+CVE-2024-51750 (Element is a Matrix web client built using the Matrix React
SDK. A mal ...)
+ TODO: check
+CVE-2024-51749 (Element is a Matrix web client built using the Matrix React
SDK. Versi ...)
+ TODO: check
+CVE-2024-51722 (A local privilege escalation vulnerability in the SecuSUITE
Server (Sy ...)
+ TODO: check
+CVE-2024-51721 (A code injection vulnerability in the SecuSUITE Server Web
Administrat ...)
+ TODO: check
+CVE-2024-51720 (An insufficient entropy vulnerability in the SecuSUITE Secure
Client A ...)
+ TODO: check
+CVE-2024-51566 (The NVMe driver queue processing is vulernable to
guest-induced infini ...)
+ TODO: check
+CVE-2024-51565 (The hda driver is vulnerable to a buffer over-read from a
guest-contro ...)
+ TODO: check
+CVE-2024-51564 (A guest can trigger an infinite loop in the hda audio driver.)
+ TODO: check
+CVE-2024-51563 (The virtio_vq_recordon function is subject to a time-of-check
to time- ...)
+ TODO: check
+CVE-2024-51562 (The NVMe driver function nvme_opc_get_log_page is vulnerable
to a buff ...)
+ TODO: check
+CVE-2024-50572 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-50561 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-50560 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-50559 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-50558 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-50557 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-50386 (Account users in Apache CloudStack by default are allowed to
register ...)
+ TODO: check
+CVE-2024-50336 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK
for Jav ...)
+ TODO: check
+CVE-2024-50331 (An out-of-bounds read vulnerability in Ivanti Avalanche before
6.4.6 a ...)
+ TODO: check
+CVE-2024-50330 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-50329 (Path traversal in Ivanti Endpoint Manager before 2024 November
Securit ...)
+ TODO: check
+CVE-2024-50328 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-50327 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-50326 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-50324 (Path traversal in Ivanti Endpoint Manager before 2024 November
Securit ...)
+ TODO: check
+CVE-2024-50323 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-50322 (Path traversal in Ivanti Endpoint Manager before 2024 November
Securit ...)
+ TODO: check
+CVE-2024-50321 (An infinite loop in Ivanti Avalanche before 6.4.6 allows a
remote unau ...)
+ TODO: check
+CVE-2024-50320 (An infinite loop in Ivanti Avalanche before 6.4.6 allows a
remote unau ...)
+ TODO: check
+CVE-2024-50319 (An infinite loop in Ivanti Avalanche before 6.4.6 allows a
remote unau ...)
+ TODO: check
+CVE-2024-50318 (A null pointer dereference in Ivanti Avalanche before 6.4.6
allows a r ...)
+ TODO: check
+CVE-2024-50317 (A null pointer dereference in Ivanti Avalanche before 6.4.6
allows a r ...)
+ TODO: check
+CVE-2024-50313 (A vulnerability has been identified in Mendix Runtime V10 (All
version ...)
+ TODO: check
+CVE-2024-50310 (A vulnerability has been identified in SIMATIC CP 1543-1 V4.0
(6GK7543 ...)
+ TODO: check
+CVE-2024-49528 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2024-49527 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2024-49526 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a
Use Afte ...)
+ TODO: check
+CVE-2024-49525 (Substance3D - Painter versions 10.1.0 and earlier are affected
by a He ...)
+ TODO: check
+CVE-2024-49521 (Adobe Commerce versions 3.2.5 and earlier are affected by a
Server-Sid ...)
+ TODO: check
+CVE-2024-49520 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-49519 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-49518 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-49517 (Substance3D - Painter versions 10.1.0 and earlier are affected
by a He ...)
+ TODO: check
+CVE-2024-49516 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-49515 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an U ...)
+ TODO: check
+CVE-2024-49514 (Photoshop Desktop versions 24.7.3, 25.11 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-49056 (Authentication bypass by assumed-immutable data on
airlift.microsoft.c ...)
+ TODO: check
+CVE-2024-49051 (Microsoft PC Manager Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49050 (Visual Studio Code Python Extension Remote Code Execution
Vulnerabilit ...)
+ TODO: check
+CVE-2024-49049 (Visual Studio Code Remote Extension Elevation of Privilege
Vulnerabili ...)
+ TODO: check
+CVE-2024-49048 (TorchGeo Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49046 (Windows Win32 Kernel Subsystem Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-49044 (Visual Studio Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49043 (Microsoft.SqlServer.XEvent.Configuration.dll Remote Code
Execution Vul ...)
+ TODO: check
+CVE-2024-49042 (Azure Database for PostgreSQL Flexible Server Extension
Elevation of P ...)
+ TODO: check
+CVE-2024-49040 (Microsoft Exchange Server Spoofing Vulnerability)
+ TODO: check
+CVE-2024-49039 (Windows Task Scheduler Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49033 (Microsoft Word Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-49032 (Microsoft Office Graphics Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49031 (Microsoft Office Graphics Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49030 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49029 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49028 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49027 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49026 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49021 (Microsoft SQL Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49019 (Active Directory Certificate Services Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-49018 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49017 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49016 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49015 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49014 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49013 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49012 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49011 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49010 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49009 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49008 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49007 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49006 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49005 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49004 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49003 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49002 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49001 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49000 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-48999 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-48998 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-48997 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-48996 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-48995 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-48994 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-48993 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-47942 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
+ TODO: check
+CVE-2024-47941 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
+ TODO: check
+CVE-2024-47940 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
+ TODO: check
+CVE-2024-47909 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
+ TODO: check
+CVE-2024-47907 (A stack-based buffer overflow in IPsec of Ivanti Connect
Secure before ...)
+ TODO: check
+CVE-2024-47906 (Excessive binary privileges in Ivanti Connect Secure which
affects ver ...)
+ TODO: check
+CVE-2024-47905 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
+ TODO: check
+CVE-2024-47808 (A vulnerability has been identified in SINEC NMS (All versions
< V3.0 ...)
+ TODO: check
+CVE-2024-47783 (A vulnerability has been identified in SIPORT (All versions <
V3.4.0). ...)
+ TODO: check
+CVE-2024-47535 (Netty is an asynchronous event-driven network application
framework fo ...)
+ TODO: check
+CVE-2024-47458 (Bridge versions 13.0.9, 14.1.2 and earlier are affected by a
NULL Poin ...)
+ TODO: check
+CVE-2024-47457 (Illustrator versions 28.7.1 and earlier are affected by a NULL
Pointer ...)
+ TODO: check
+CVE-2024-47456 (Illustrator versions 28.7.1 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2024-47455 (Illustrator versions 28.7.1 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2024-47454 (Illustrator versions 28.7.1 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2024-47453 (Illustrator versions 28.7.1 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2024-47452 (Illustrator versions 28.7.1 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2024-47451 (Illustrator versions 28.7.1 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2024-47450 (Illustrator versions 28.7.1 and earlier are affected by a
Heap-based B ...)
+ TODO: check
+CVE-2024-47449 (Audition versions 23.6.9, 24.4.6 and earlier are affected by
an out-of ...)
+ TODO: check
+CVE-2024-47446 (After Effects versions 23.6.9, 24.6.2 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47445 (After Effects versions 23.6.9, 24.6.2 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47444 (After Effects versions 23.6.9, 24.6.2 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47443 (After Effects versions 23.6.9, 24.6.2 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47442 (After Effects versions 23.6.9, 24.6.2 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47441 (After Effects versions 23.6.9, 24.6.2 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47440 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47439 (Substance3D - Painter versions 10.1.0 and earlier are affected
by a NU ...)
+ TODO: check
+CVE-2024-47438 (Substance3D - Painter versions 10.1.0 and earlier are affected
by a Wr ...)
+ TODO: check
+CVE-2024-47437 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47436 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47435 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47434 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47433 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47432 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47431 (Substance3D - Painter versions 10.1.0 and earlier are affected
by a He ...)
+ TODO: check
+CVE-2024-47430 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47429 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47428 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47427 (Substance3D - Painter versions 10.1.0 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2024-47426 (Substance3D - Painter versions 10.1.0 and earlier are affected
by a Do ...)
+ TODO: check
+CVE-2024-46894 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2024-46892 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2024-46891 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2024-46890 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2024-46889 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2024-46888 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2024-45289 (The fetch(3) library uses environment variables for passing
certain in ...)
+ TODO: check
+CVE-2024-45147 (Bridge versions 13.0.9, 14.1.2 and earlier are affected by an
out-of-b ...)
+ TODO: check
+CVE-2024-45114 (Illustrator versions 28.7.1 and earlier are affected by an
out-of-boun ...)
+ TODO: check
+CVE-2024-44102 (A vulnerability has been identified in PP TeleControl Server
Basic 100 ...)
+ TODO: check
+CVE-2024-43646 (Windows Secure Kernel Mode Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43645 (Windows Defender Application Control (WDAC) Security Feature
Bypass Vu ...)
+ TODO: check
+CVE-2024-43644 (Windows Client-Side Caching Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43643 (Windows USB Video Class System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-43642 (Windows SMB Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43641 (Windows Registry Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43640 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43639 (Windows Kerberos Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43638 (Windows USB Video Class System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-43637 (Windows USB Video Class System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-43636 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43635 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43634 (Windows USB Video Class System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-43633 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43631 (Windows Secure Kernel Mode Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43630 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43629 (Windows DWM Core Library Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43628 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43627 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43626 (Windows Telephony Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43625 (Microsoft Windows VMSwitch Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-43624 (Windows Hyper-V Shared Virtual Disk Elevation of Privilege
Vulnerabili ...)
+ TODO: check
+CVE-2024-43623 (Windows NT OS Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43622 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43621 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43620 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43613 (Azure Database for PostgreSQL Flexible Server Extension
Elevation of P ...)
+ TODO: check
+CVE-2024-43602 (Azure CycleCloud Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43598 (LightGBM Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43530 (Windows Update Stack Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43499 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-43498 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43462 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43459 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43452 (Windows Registry Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43451 (NTLM Hash Disclosure Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43450 (Windows DNS Spoofing Vulnerability)
+ TODO: check
+CVE-2024-43449 (Windows USB Video Class System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2024-43447 (Windows SMBv3 Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43415 (An improper neutralization of special elements used in an SQL
command ...)
+ TODO: check
+CVE-2024-42442 (APTIOV contains a vulnerability in the BIOS where a user or
attacker m ...)
+ TODO: check
+CVE-2024-40592 (An improper verification of cryptographic signature
vulnerability [CWE ...)
+ TODO: check
+CVE-2024-39281 (The command ctl_persistent_reserve_out allows the caller to
specify an ...)
+ TODO: check
+CVE-2024-38264 (Microsoft Virtual Hard Disk (VHDX) Denial of Service
Vulnerability)
+ TODO: check
+CVE-2024-38255 (SQL Server Native Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-38203 (Windows Package Library Manager Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-37365 (A remote code execution vulnerability exists in the affected
product. ...)
+ TODO: check
+CVE-2024-36513 (A privilege context switching error vulnerability [CWE-270] in
FortiCl ...)
+ TODO: check
+CVE-2024-36509 (An exposure of sensitive system information to an unauthorized
control ...)
+ TODO: check
+CVE-2024-36507 (A untrusted search path in Fortinet FortiClientWindows
versions 7.4.0, ...)
+ TODO: check
+CVE-2024-36140 (A vulnerability has been identified in OZW672 (All versions <
V5.2), O ...)
+ TODO: check
+CVE-2024-35274 (An improper limitation of a pathname to a restricted directory
('Path ...)
+ TODO: check
+CVE-2024-33660 (An exploit is possible where an actor with physical access can
manipul ...)
+ TODO: check
+CVE-2024-33658 (APTIOV contains a vulnerability in BIOS where an attacker may
cause an ...)
+ TODO: check
+CVE-2024-33510 (Animproper neutralization of special elements in output used
by a down ...)
+ TODO: check
+CVE-2024-33505 (A heap-based buffer overflow in Fortinet FortiAnalyzer version
7.4.0 t ...)
+ TODO: check
+CVE-2024-32118 (Multiple improper neutralization of special elements used in
an OS com ...)
+ TODO: check
+CVE-2024-32117 (An improper limitation of a pathname to a restricted directory
('Path ...)
+ TODO: check
+CVE-2024-32116 (Multiple relative path traversal vulnerabilities [CWE-23] in
Fortinet ...)
+ TODO: check
+CVE-2024-31496 (A stack-based buffer overflow vulnerability [CWE-121] in
Fortinet Fort ...)
+ TODO: check
+CVE-2024-30133 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a
control ...)
+ TODO: check
+CVE-2024-2315 (APTIOV contains a vulnerability in BIOS where may cause
Improper Acces ...)
+ TODO: check
+CVE-2024-2208 (Potential vulnerabilities have been identified in the audio
package fo ...)
+ TODO: check
+CVE-2024-2207 (Potential vulnerabilities have been identified in the audio
package fo ...)
+ TODO: check
+CVE-2024-29119 (A vulnerability has been identified in Spectrum Power 7 (All
versions ...)
+ TODO: check
+CVE-2024-26011 (A missing authentication for critical function in Fortinet
FortiManage ...)
+ TODO: check
+CVE-2024-23666 (A client-side enforcement of server-side security in Fortinet
FortiAna ...)
+ TODO: check
+CVE-2024-21976 (Improper input validation in the NPU driver could allow an
attacker to ...)
+ TODO: check
+CVE-2024-21975 (Improper input validation in the NPU driver could allow an
attacker to ...)
+ TODO: check
+CVE-2024-21974 (Improper input validation in the NPU driver could allow an
attacker to ...)
+ TODO: check
+CVE-2024-21958 (Incorrect default permissions in the AMD Provisioning Console
installa ...)
+ TODO: check
+CVE-2024-21957 (Incorrect default permissions in the AMD Management Console
installati ...)
+ TODO: check
+CVE-2024-21949 (Improper validation of user input in the NPU driver could
allow an att ...)
+ TODO: check
+CVE-2024-21946 (Incorrect default permissions in the AMD RyzenTM Master
Utility instal ...)
+ TODO: check
+CVE-2024-21945 (Incorrect default permissions in the AMD RyzenTM Master
monitoring SDK ...)
+ TODO: check
+CVE-2024-21939 (Incorrect default permissions in the AMD Cloud Manageability
Service ( ...)
+ TODO: check
+CVE-2024-21938 (Incorrect default permissions in the AMD Management Plugin for
the Mic ...)
+ TODO: check
+CVE-2024-21937 (Incorrect default permissions in the AMD HIP SDK installation
director ...)
+ TODO: check
+CVE-2024-11138 (A vulnerability classified as problematic has been found in
DedeCMS 5. ...)
+ TODO: check
+CVE-2024-11130 (A vulnerability was found in ZZCMS up to 2023. It has been
rated as pr ...)
+ TODO: check
+CVE-2024-11127 (A vulnerability was found in code-projects Job Recruitment up
to 1.0. ...)
+ TODO: check
+CVE-2024-11126 (A vulnerability was found in Digistar AG-30 Plus 2.6b. It has
been cla ...)
+ TODO: check
+CVE-2024-11125 (A vulnerability was found in GetSimpleCMS 3.3.16 and
classified as pro ...)
+ TODO: check
+CVE-2024-11124 (A vulnerability has been found in TimGeyssens UIOMatic 5 and
classifie ...)
+ TODO: check
+CVE-2024-11123 (A vulnerability, which was classified as problematic, was
found in \u4 ...)
+ TODO: check
+CVE-2024-11122 (A vulnerability, which was classified as critical, has been
found in \ ...)
+ TODO: check
+CVE-2024-11121 (A vulnerability classified as critical was found in
\u4e0a\u6d77\u7075 ...)
+ TODO: check
+CVE-2024-11007 (Command injection in Ivanti Connect Secure before version
22.7R2.1 and ...)
+ TODO: check
+CVE-2024-11006 (Command injection in Ivanti Connect Secure before version
22.7R2.1 and ...)
+ TODO: check
+CVE-2024-11005 (Command injection in Ivanti Connect Secure before version
22.7R2.1 and ...)
+ TODO: check
+CVE-2024-11004 (Reflected XSS in Ivanti Connect Secure before version 22.7R2.1
and Iva ...)
+ TODO: check
+CVE-2024-10971 (Improper access control in the Password History feature in
Devolutions ...)
+ TODO: check
+CVE-2024-10945 (A Local Privilege Escalation vulnerability exists in the
affected prod ...)
+ TODO: check
+CVE-2024-10944 (A Remote Code Execution vulnerability exists in the affected
product. ...)
+ TODO: check
+CVE-2024-10943 (An authentication bypass vulnerability exists in the affected
product. ...)
+ TODO: check
+CVE-2024-10923 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-10245 (The Relais 2FA plugin for WordPress is vulnerable to
authentication by ...)
+ TODO: check
+CVE-2024-10218 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR
Utility),monito ...)
+ TODO: check
+CVE-2024-10217 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR
Utility),monito ...)
+ TODO: check
+CVE-2023-52268 (The End-User Portal module before 1.0.65 for FreeScout
sometimes allow ...)
+ TODO: check
+CVE-2023-50176 (A session fixation in Fortinet FortiOS version 7.4.0 through
7.4.3 and ...)
+ TODO: check
+CVE-2023-47543 (An authorization bypass through user-controlled key
vulnerability [CWE ...)
+ TODO: check
+CVE-2023-44255 (An exposure of sensitive information to an unauthorized actor
[CWE-200 ...)
+ TODO: check
+CVE-2023-32736 (A vulnerability has been identified in SIMATIC S7-PLCSIM V16
(All vers ...)
+ TODO: check
+CVE-2024-49369 (Icinga is a monitoring system which checks the availability of
network ...)
- icinga2 2.14.3-1 (bug #1087384)
NOTE:
https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3/
NOTE: Fixed by:
https://github.com/Icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8
(v2.14.3)
@@ -8577,7 +9109,7 @@ CVE-2024-47874 (Starlette is an Asynchronous Server
Gateway Interface (ASGI) fra
NOTE:
https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733
(0.40.0)
CVE-2024-47824 (matrix-react-sdk is react-based software development kit for
inserting ...)
NOT-FOR-US: matrix-react-sdk
-CVE-2024-47779 (Element is a Matrix web client built using the Matrix React
SDK .Eleme ...)
+CVE-2024-47779 (Element is a Matrix web client built using the Matrix React
SDK. Eleme ...)
- element-web <itp> (bug #866502)
CVE-2024-47771 (Element Desktop is a Matrix client for desktop platforms.
Element Desk ...)
NOT-FOR-US: Element Desktop
@@ -16233,7 +16765,7 @@ CVE-2024-35282 (A cleartext storage of sensitive
information in memory vulnerabi
NOT-FOR-US: Fortinet
CVE-2024-34831 (cross-site scripting (XSS) vulnerability in Gibbon Core
v26.0.00 allow ...)
NOT-FOR-US: Gibbon Core
-CVE-2024-33698 (A vulnerability has been identified in SIMATIC Information
Server 2022 ...)
+CVE-2024-33698 (A vulnerability has been identified in Opcenter Execution
Foundation ( ...)
NOT-FOR-US: Siemens
CVE-2024-33508 (An improper neutralization of special elements used in a
command('Comm ...)
NOT-FOR-US: Fortinet
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b1de617cc3744e1b988cdf9225d2d7aa38c950
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b1de617cc3744e1b988cdf9225d2d7aa38c950
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
