[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Dec 11 07:26:46 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57b367c5 by Moritz Muehlenhoff at 2024-12-11T08:26:20+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2024-12397
+	NOT-FOR-US: Quarkus
 CVE-2024-9844 (Insufficient server-side controls in Secure Application Manager of Iva ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-8540 (Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0. ...)
@@ -7,11 +9,11 @@ CVE-2024-8256 (In Teltonika Networks RUTOS devices, running on versions 7.0 to 7
 CVE-2024-7572 (Insufficient permissions in Ivanti DSM before version 2024.3.5740 allo ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-5660 (Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 tran ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2024-55602 (PwnDoc is a penetration test report generator. Prior to commit 1d4219c ...)
 	NOT-FOR-US: PwnDoc
 CVE-2024-55586 (Nette Database through 3.2.4 allows SQL injection in certain situation ...)
-	TODO: check
+	NOT-FOR-US: Nette Database
 CVE-2024-55550 (Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker w ...)
 	NOT-FOR-US: Mitel
 CVE-2024-55548 (Improper check of password character lenght in ORing IAP-420 allows a  ...)
@@ -266,7 +268,7 @@ CVE-2024-46340 (TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was
 CVE-2024-45709 (SolarWinds Web Help Desk was susceptible to a local file read vulnerab ...)
 	NOT-FOR-US: SolarWinds
 CVE-2024-45494 (An issue was discovered in MSA Safety FieldServer Gateways and Embedde ...)
-	TODO: check
+	NOT-FOR-US: Nette DatabaseSolarWinds
 CVE-2024-45493 (An issue was discovered in MSA Safety FieldServer Gateways and Embedde ...)
 	NOT-FOR-US: SolarWinds
 CVE-2024-43600 (Microsoft Office Elevation of Privilege Vulnerability)
@@ -274,43 +276,43 @@ CVE-2024-43600 (Microsoft Office Elevation of Privilege Vulnerability)
 CVE-2024-43594 (System Center Operations Manager Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-12323 (The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12286 (MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH t ...)
 	TODO: check
 CVE-2024-12236 (A security issue exists in Vertex Gemini API for customers using VPC-S ...)
 	TODO: check
 CVE-2024-11973 (The Quran multilanguage Text & Audio plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11945 (The Email Reminders plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11940 (The Property Hive Mortgage Calculator plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11928 (The iChart \u2013 Easy Charts and Graphs plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11868 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11773 (SQL injection in the admin web console of Ivanti CSA before version 5. ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-11772 (Command injection in the admin web console of Ivanti CSA before versio ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-11639 (An authentication bypass in the admin web console of Ivanti CSA before ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-11634 (Command injection in Ivanti Connect Secure before version 22.7R2.3 and ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-11633 (Argument injection in Ivanti Connect Secure before version 22.7R2.4 al ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-11106 (The Simple Restrict plugin for WordPress is vulnerable to Sensitive In ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10959 (The The Active Products Tables for WooCommerce. Use constructor to cre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10496 (An out of bounds read due to improper input validation in BuildFontMap ...)
-	TODO: check
+	NOT-FOR-US: NI LabVIEW
 CVE-2024-10495 (An out of bounds read due to improper input validation when loading th ...)
-	TODO: check
+	NOT-FOR-US: NI LabVIEW
 CVE-2024-10494 (An out of bounds read due to improper input validation in HeapObjMapIm ...)
-	TODO: check
+	NOT-FOR-US: NI LabVIEW
 CVE-2024-10256 (Insufficient permissions in Ivanti Patch SDK before version 9.7.703 al ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-9672 (A reflected cross-site scripting (XSS) vulnerability exists in PaperCu ...)
 	NOT-FOR-US: PaperCut
 CVE-2024-55638 (Deserialization of Untrusted Data vulnerability in Drupal Core allows  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b367c51120a6d992b1fae412f6f0a76edeb32c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b367c51120a6d992b1fae412f6f0a76edeb32c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241211/e63053be/attachment.htm>

More information about the debian-security-tracker-commits mailing list