[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 10 20:12:58 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
231f9679 by security tracker role at 2024-12-10T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,315 @@
+CVE-2024-9844 (Insufficient server-side controls in Secure Application Manager of Iva ...)
+ TODO: check
+CVE-2024-8540 (Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0. ...)
+ TODO: check
+CVE-2024-8256 (In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (e ...)
+ TODO: check
+CVE-2024-7572 (Insufficient permissions in Ivanti DSM before version 2024.3.5740 allo ...)
+ TODO: check
+CVE-2024-5660 (Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 tran ...)
+ TODO: check
+CVE-2024-55602 (PwnDoc is a penetration test report generator. Prior to commit 1d4219c ...)
+ TODO: check
+CVE-2024-55586 (Nette Database through 3.2.4 allows SQL injection in certain situation ...)
+ TODO: check
+CVE-2024-55550 (Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker w ...)
+ TODO: check
+CVE-2024-55548 (Improper check of password character lenght in ORing IAP-420 allows a ...)
+ TODO: check
+CVE-2024-55547 (SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injectio ...)
+ TODO: check
+CVE-2024-55546 (Missing input validation in the ORing IAP-420 web-interface allows sto ...)
+ TODO: check
+CVE-2024-55545 (Missing input validation in the ORing IAP-420 web-interface allows Cro ...)
+ TODO: check
+CVE-2024-55544 (Missing input validation in the ORing IAP-420 web-interface allows sto ...)
+ TODO: check
+CVE-2024-55500 (Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and befor ...)
+ TODO: check
+CVE-2024-54751 (COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded pass ...)
+ TODO: check
+CVE-2024-54152 (Angular Expressions provides expressions for the Angular.JS web framew ...)
+ TODO: check
+CVE-2024-54095 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
+ TODO: check
+CVE-2024-54094 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
+ TODO: check
+CVE-2024-54093 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
+ TODO: check
+CVE-2024-54091 (A vulnerability has been identified in Parasolid V36.1 (All versions < ...)
+ TODO: check
+CVE-2024-54008 (An authenticated Remote Code Execution (RCE) vulnerability exists in t ...)
+ TODO: check
+CVE-2024-54005 (A vulnerability has been identified in COMOS V10.3 (All versions < V10 ...)
+ TODO: check
+CVE-2024-53866 (The package manager pnpm prior to version 9.15.0 seems to mishandle ov ...)
+ TODO: check
+CVE-2024-53832 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
+ TODO: check
+CVE-2024-53481 (A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGu ...)
+ TODO: check
+CVE-2024-53480 (Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQ ...)
+ TODO: check
+CVE-2024-53247 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versi ...)
+ TODO: check
+CVE-2024-53246 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk ...)
+ TODO: check
+CVE-2024-53245 (In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk ...)
+ TODO: check
+CVE-2024-53244 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk ...)
+ TODO: check
+CVE-2024-53243 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versio ...)
+ TODO: check
+CVE-2024-53242 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
+ TODO: check
+CVE-2024-53041 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
+ TODO: check
+CVE-2024-52538 (Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of ...)
+ TODO: check
+CVE-2024-52051 (A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All vers ...)
+ TODO: check
+CVE-2024-51165 (SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLogi ...)
+ TODO: check
+CVE-2024-50931 (Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insec ...)
+ TODO: check
+CVE-2024-50930 (An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to ...)
+ TODO: check
+CVE-2024-50929 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 80 ...)
+ TODO: check
+CVE-2024-50928 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 80 ...)
+ TODO: check
+CVE-2024-50924 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 80 ...)
+ TODO: check
+CVE-2024-50921 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 80 ...)
+ TODO: check
+CVE-2024-50920 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 80 ...)
+ TODO: check
+CVE-2024-50699 (TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N ...)
+ TODO: check
+CVE-2024-49849 (A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All vers ...)
+ TODO: check
+CVE-2024-49704 (A vulnerability has been identified in COMOS V10.3 (All versions < V10 ...)
+ TODO: check
+CVE-2024-49554 (Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL ...)
+ TODO: check
+CVE-2024-49553 (Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-49552 (Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap ...)
+ TODO: check
+CVE-2024-49551 (Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-49535 (Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.0 ...)
+ TODO: check
+CVE-2024-49534 (Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.0 ...)
+ TODO: check
+CVE-2024-49533 (Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.0 ...)
+ TODO: check
+CVE-2024-49532 (Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.0 ...)
+ TODO: check
+CVE-2024-49531 (Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.0 ...)
+ TODO: check
+CVE-2024-49530 (Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.0 ...)
+ TODO: check
+CVE-2024-49142 (Microsoft Access Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49138 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2024-49132 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49129 (Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerab ...)
+ TODO: check
+CVE-2024-49128 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49127 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
+ TODO: check
+CVE-2024-49126 (Windows Local Security Authority Subsystem Service (LSASS) Remote Code ...)
+ TODO: check
+CVE-2024-49125 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-49124 (Lightweight Directory Access Protocol (LDAP) Client Remote Code Execut ...)
+ TODO: check
+CVE-2024-49123 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49122 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49121 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...)
+ TODO: check
+CVE-2024-49120 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49119 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49118 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49117 (Windows Hyper-V Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49116 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49115 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49114 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2024-49113 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...)
+ TODO: check
+CVE-2024-49112 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
+ TODO: check
+CVE-2024-49111 (Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vu ...)
+ TODO: check
+CVE-2024-49110 (Windows Mobile Broadband Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49109 (Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vu ...)
+ TODO: check
+CVE-2024-49108 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49107 (WmsRepair Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49106 (Windows Remote Desktop Services Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49105 (Remote Desktop Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49104 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-49103 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...)
+ TODO: check
+CVE-2024-49102 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-49101 (Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vu ...)
+ TODO: check
+CVE-2024-49099 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...)
+ TODO: check
+CVE-2024-49098 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...)
+ TODO: check
+CVE-2024-49097 (Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49096 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-49095 (Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49094 (Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vu ...)
+ TODO: check
+CVE-2024-49093 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2024-49092 (Windows Mobile Broadband Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49091 (Windows Domain Name Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49090 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2024-49089 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-49088 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2024-49087 (Windows Mobile Broadband Driver Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-49086 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-49085 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2024-49084 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49083 (Windows Mobile Broadband Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49082 (Windows File Explorer Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-49081 (Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vu ...)
+ TODO: check
+CVE-2024-49080 (Windows IP Routing Management Snapin Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2024-49079 (Input Method Editor (IME) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49078 (Windows Mobile Broadband Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49077 (Windows Mobile Broadband Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49076 (Windows Virtualization-Based Security (VBS) Enclave Elevation of Privi ...)
+ TODO: check
+CVE-2024-49075 (Windows Remote Desktop ServicesDenial of Service Vulnerability)
+ TODO: check
+CVE-2024-49074 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49073 (Windows Mobile Broadband Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49072 (Windows Task Scheduler Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49070 (Microsoft SharePoint Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49069 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49068 (Microsoft SharePoint Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49065 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49064 (Microsoft SharePoint Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-49063 (Microsoft/Muzic Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-49062 (Microsoft SharePoint Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-49059 (Microsoft Office Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-49057 (Microsoft Defender for Endpoint on Android Spoofing Vulnerability)
+ TODO: check
+CVE-2024-47977 (Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of ...)
+ TODO: check
+CVE-2024-47484 (Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of ...)
+ TODO: check
+CVE-2024-47117 (IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vuln ...)
+ TODO: check
+CVE-2024-46657 (Artifex Software mupdf v1.24.9 was discovered to contain a segmentatio ...)
+ TODO: check
+CVE-2024-46442 (An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attacke ...)
+ TODO: check
+CVE-2024-46341 (TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials ...)
+ TODO: check
+CVE-2024-46340 (TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discov ...)
+ TODO: check
+CVE-2024-45709 (SolarWinds Web Help Desk was susceptible to a local file read vulnerab ...)
+ TODO: check
+CVE-2024-45494 (An issue was discovered in MSA Safety FieldServer Gateways and Embedde ...)
+ TODO: check
+CVE-2024-45493 (An issue was discovered in MSA Safety FieldServer Gateways and Embedde ...)
+ TODO: check
+CVE-2024-43600 (Microsoft Office Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-43594 (System Center Operations Manager Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-12323 (The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2024-12286 (MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH t ...)
+ TODO: check
+CVE-2024-12236 (A security issue exists in Vertex Gemini API for customers using VPC-S ...)
+ TODO: check
+CVE-2024-11973 (The Quran multilanguage Text & Audio plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-11945 (The Email Reminders plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-11940 (The Property Hive Mortgage Calculator plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-11928 (The iChart \u2013 Easy Charts and Graphs plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-11868 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-11773 (SQL injection in the admin web console of Ivanti CSA before version 5. ...)
+ TODO: check
+CVE-2024-11772 (Command injection in the admin web console of Ivanti CSA before versio ...)
+ TODO: check
+CVE-2024-11639 (An authentication bypass in the admin web console of Ivanti CSA before ...)
+ TODO: check
+CVE-2024-11634 (Command injection in Ivanti Connect Secure before version 22.7R2.3 and ...)
+ TODO: check
+CVE-2024-11633 (Argument injection in Ivanti Connect Secure before version 22.7R2.4 al ...)
+ TODO: check
+CVE-2024-11106 (The Simple Restrict plugin for WordPress is vulnerable to Sensitive In ...)
+ TODO: check
+CVE-2024-10959 (The The Active Products Tables for WooCommerce. Use constructor to cre ...)
+ TODO: check
+CVE-2024-10496 (An out of bounds read due to improper input validation in BuildFontMap ...)
+ TODO: check
+CVE-2024-10495 (An out of bounds read due to improper input validation when loading th ...)
+ TODO: check
+CVE-2024-10494 (An out of bounds read due to improper input validation in HeapObjMapIm ...)
+ TODO: check
+CVE-2024-10256 (Insufficient permissions in Ivanti Patch SDK before version 9.7.703 al ...)
+ TODO: check
CVE-2024-9672 (A reflected cross-site scripting (XSS) vulnerability exists in PaperCu ...)
NOT-FOR-US: PaperCut
CVE-2024-55638 (Deserialization of Untrusted Data vulnerability in Drupal Core allows ...)
@@ -1161,7 +1473,7 @@ CVE-2024-42195 (HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection.
NOT-FOR-US: HCL
CVE-2024-39219 (An issue in Aginode GigaSwitch V5 before version 7.06G allows authenti ...)
NOT-FOR-US: Aginode GigaSwitch
-CVE-2024-38829 (A vulnerability in VMware Tanzu Spring LDAP allows data exposure for c ...)
+CVE-2024-38829 (A vulnerability in Spring LDAP allows data exposure for case sensitive ...)
- libspring-java <unfixed> (unimportant)
NOTE: https://spring.io/security/cve-2024-38829
NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
@@ -2919,7 +3231,7 @@ CVE-2024-10308 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stor
CVE-2024-10240 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2024-48651 (In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritan ...)
- {DLA-3975-1}
+ {DSA-5827-1 DLA-3975-1}
- proftpd-dfsg 1.3.8.b+dfsg-4 (bug #1082326)
NOTE: https://github.com/proftpd/proftpd/issues/1830
NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1 (master)
@@ -5712,25 +6024,25 @@ CVE-2024-9474 (A privilege escalation vulnerability in Palo Alto Networks PAN-OS
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-8781 (Execution with Unnecessary Privileges, : Improper Protection of Altern ...)
NOT-FOR-US: TR7 Application Security Platform
-CVE-2024-52574 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52574 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52573 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52573 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52572 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52572 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52571 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52571 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52570 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52570 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52569 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52569 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52568 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52568 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52567 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52567 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52566 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52566 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52565 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-52565 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
CVE-2024-52436 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
@@ -18022,7 +18334,7 @@ CVE-2024-47194 (A vulnerability has been identified in ModelSim (All versions <
NOT-FOR-US: Siemens
CVE-2024-47161 (In JetBrains TeamCity before 2024.07.3 password could be exposed via S ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-47046 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...)
+CVE-2024-47046 (A vulnerability has been identified in Simcenter Femap V2306 (All vers ...)
NOT-FOR-US: Siemens
CVE-2024-47011 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remot ...)
NOT-FOR-US: Ivanti
@@ -18065,33 +18377,33 @@ CVE-2024-45880 (A command injection vulnerability exists in Motorola CX2L router
CVE-2024-45746 (An issue was discovered in Trusted Firmware-M through 2.1.0. User prov ...)
- arm-trusted-firmware <not-affected> (This affects FT-M, Debian ships TF-A)
NOTE: https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html
-CVE-2024-45476 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45476 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45475 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45475 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45474 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45474 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45473 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45473 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45472 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45472 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45471 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45471 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45470 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45470 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45469 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45469 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45468 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45468 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45467 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45467 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45466 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45466 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45465 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45465 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45464 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45464 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
-CVE-2024-45463 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+CVE-2024-45463 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Tecnomatix
CVE-2024-45330 (A use of externally-controlled format string in Fortinet FortiAnalyzer ...)
NOT-FOR-US: Fortinet
@@ -18329,7 +18641,7 @@ CVE-2024-43453 (Windows Routing and Remote Access Service (RRAS) Remote Code Exe
NOT-FOR-US: Microsoft
CVE-2024-42988 (Lack of access control in ChallengeSolves (/api/v1/challenges/<challen ...)
NOT-FOR-US: ChallengeSolves
-CVE-2024-41981 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...)
+CVE-2024-41981 (A vulnerability has been identified in Simcenter Femap V2306 (All vers ...)
NOT-FOR-US: Siemens
CVE-2024-41902 (A vulnerability has been identified in JT2Go (All versions < V2406.000 ...)
NOT-FOR-US: Siemens
@@ -49997,7 +50309,7 @@ CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In
CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In affec ...)
NOT-FOR-US: Umbraco Commerce
CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
- {DLA-3956-1}
+ {DSA-5826-1 DLA-3956-1}
- smarty3 3.1.48-2 (bug #1072530)
- smarty4 4.5.4-1 (bug #1072529)
NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
@@ -57262,7 +57574,7 @@ CVE-2023-50180 (An exposure of sensitive system information to an unauthorized c
NOT-FOR-US: ForiGuard
CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...)
NOT-FOR-US: FortiGuard
-CVE-2023-46280 (A vulnerability has been identified in S7-PCT (All versions), Security ...)
+CVE-2023-46280 (A vulnerability has been identified in Security Configuration Tool (SC ...)
NOT-FOR-US: Siemens
CVE-2023-45586 (An insufficient verification of data authenticity vulnerability [CWE-3 ...)
NOT-FOR-US: FortiGuard
@@ -108882,7 +109194,7 @@ CVE-2023-36697 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerabi
NOT-FOR-US: Microsoft
CVE-2023-36637 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: Microsoft
-CVE-2023-36606 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-36606 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36605 (Windows Named Pipe Filesystem Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -108914,9 +109226,9 @@ CVE-2023-36583 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerabi
NOT-FOR-US: Microsoft
CVE-2023-36582 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36581 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-36581 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36579 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-36579 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36578 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -108981,7 +109293,7 @@ CVE-2023-36434 (Windows IIS Server Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36433 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...)
NOT-FOR-US: Microsoft
-CVE-2023-36431 (Microsoft Message Queuing Denial of Service Vulnerability)
+CVE-2023-36431 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36429 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...)
NOT-FOR-US: Microsoft
@@ -115088,7 +115400,7 @@ CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository bookstack
NOT-FOR-US: bookstack
CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized modificati ...)
NOT-FOR-US: AffiliateWP for WordPress
-CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15 ...)
+CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, ...)
NOT-FOR-US: Splunk
CVE-2023-4209 (The POEditor WordPress plugin before 0.9.8 does not have CSRF checks i ...)
NOT-FOR-US: WordPress plugin
@@ -119465,7 +119777,7 @@ CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in t
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2227726
NOTE: https://github.com/wanrenmi/a-usb-kernel-bug
-CVE-2023-3997 (Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a po ...)
+CVE-2023-3997 (Splunk SOAR versions lower than 6.1.0 are indirectly affected by a pot ...)
NOT-FOR-US: Splunk SOAR
CVE-2023-3983 (An authenticated SQL injection vulnerability exists in Advantech iView ...)
NOT-FOR-US: Advantech iView
@@ -138396,7 +138708,7 @@ CVE-2023-28449
CVE-2023-28448 (Versionize is a framework for version tolerant serializion/deserializa ...)
NOT-FOR-US: Versionize (firecracker-microvm / framework for version tolerant serializion/deserialization of Rust data structures)
CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty did n ...)
- {DLA-3956-1}
+ {DSA-5826-1 DLA-3956-1}
- smarty3 3.1.48-1 (bug #1033964)
[buster] - smarty3 <no-dsa> (Minor issue)
- smarty4 4.3.1-1 (bug #1033965)
@@ -319526,8 +319838,8 @@ CVE-2020-28400 (Affected devices contain a vulnerability that allows an unauthen
NOT-FOR-US: Siemens
CVE-2020-28399
RESERVED
-CVE-2020-28398
- RESERVED
+CVE-2020-28398 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ TODO: check
CVE-2020-28397 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
NOT-FOR-US: Siemens
CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/231f9679e1088196405f79d90afdff54b4583a62
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/231f9679e1088196405f79d90afdff54b4583a62
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241210/7ad1ea79/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list