[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 2 21:12:59 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de29a7e5 by security tracker role at 2024-10-02T20:12:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2024-9441 (The Linear eMerge e3-Series through version 1.00-07 is vulnerable to a ...)
+	TODO: check
+CVE-2024-9440 (Slim Select 2.0 versions through 2.9.0 are affected by a potential cro ...)
+	TODO: check
+CVE-2024-9429 (A vulnerability has been found in code-projects Restaurant Reservation ...)
+	TODO: check
+CVE-2024-9423 (Certain HP LaserJet printers may potentially experience a denial of se ...)
+	TODO: check
+CVE-2024-9378 (The YML for Yandex Market plugin for WordPress is vulnerable to Reflec ...)
+	TODO: check
+CVE-2024-9344 (The BerqWP \u2013 Automated All-In-One PageSpeed Optimization Plugin f ...)
+	TODO: check
+CVE-2024-9218 (The Magazine Blocks \u2013 Blog Designer, Magazine & Newspaper Website ...)
+	TODO: check
+CVE-2024-8885 (A local privilege escalation vulnerability in Sophos Intercept X for W ...)
+	TODO: check
+CVE-2024-8733 (A potential security vulnerability has been identified in the HP One A ...)
+	TODO: check
+CVE-2024-8505 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...)
+	TODO: check
+CVE-2024-8282 (The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vu ...)
+	TODO: check
+CVE-2024-8038 (Vulnerable juju introspection abstract UNIX domain socket. An abstract ...)
+	TODO: check
+CVE-2024-8037 (Vulnerable juju hook tool abstract UNIX domain socket. When combined w ...)
+	TODO: check
+CVE-2024-7558 (JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju mach ...)
+	TODO: check
+CVE-2024-6360 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+	TODO: check
+CVE-2024-47807 (Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and  ...)
+	TODO: check
+CVE-2024-47806 (Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and  ...)
+	TODO: check
+CVE-2024-47805 (Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 13 ...)
+	TODO: check
+CVE-2024-47804 (If an attempt is made to create an item of a type prohibited by `ACL#h ...)
+	TODO: check
+CVE-2024-47803 (Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact mul ...)
+	TODO: check
+CVE-2024-47612 (DataDump is a MediaWiki extension that provides dumps of wikis. Severa ...)
+	TODO: check
+CVE-2024-47611 (XZ Utils provide a general-purpose data-compression library plus comma ...)
+	TODO: check
+CVE-2024-47529 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
+	TODO: check
+CVE-2024-46977 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
+	TODO: check
+CVE-2024-46626 (OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2024-45965 (Contao 5.4.1 allows an authenticated admin account to upload a SVG fil ...)
+	TODO: check
+CVE-2024-45964 (Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the I ...)
+	TODO: check
+CVE-2024-45962 (October 3.6.30 allows an authenticated admin account to upload a PDF f ...)
+	TODO: check
+CVE-2024-45960 (Zenario 9.7.61188 allows authenticated admin users to upload PDF files ...)
+	TODO: check
+CVE-2024-44193 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2024-44097 (According to the researcher: "The TLS connections are encrypted agains ...)
+	TODO: check
+CVE-2024-44030 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-44017 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43795 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
+	TODO: check
+CVE-2024-41290 (FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to sto ...)
+	TODO: check
+CVE-2024-35294 (An unauthenticated remote attacker may use the devices traffic capture ...)
+	TODO: check
+CVE-2024-35293 (An unauthenticated remote attacker may use a missing authentication fo ...)
+	TODO: check
+CVE-2024-33210 (A cross-site scripting (XSS) vulnerability has been identified in Flat ...)
+	TODO: check
+CVE-2024-33209 (FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacke ...)
+	TODO: check
+CVE-2024-24122 (A remote code execution vulnerability in the project management of Wan ...)
+	TODO: check
+CVE-2024-24116 (An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows ...)
+	TODO: check
+CVE-2024-20524 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20523 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20522 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20521 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20520 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20519 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20518 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20517 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20516 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20515 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
+CVE-2024-20513 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX  ...)
+	TODO: check
+CVE-2024-20509 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX  ...)
+	TODO: check
+CVE-2024-20502 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX  ...)
+	TODO: check
+CVE-2024-20501 (Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco M ...)
+	TODO: check
+CVE-2024-20500 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX  ...)
+	TODO: check
+CVE-2024-20499 (Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco M ...)
+	TODO: check
+CVE-2024-20498 (Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco M ...)
+	TODO: check
+CVE-2024-20492 (A vulnerability in the restricted shell of Cisco Expressway Series cou ...)
+	TODO: check
+CVE-2024-20491 (A vulnerability in a logging function of Cisco Nexus Dashboard Insight ...)
+	TODO: check
+CVE-2024-20490 (A vulnerability in a logging function of Cisco Nexus Dashboard Fabric  ...)
+	TODO: check
+CVE-2024-20477 (A vulnerability in a specific REST API endpoint of Cisco NDFC could al ...)
+	TODO: check
+CVE-2024-20470 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20449 (A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) coul ...)
+	TODO: check
+CVE-2024-20448 (A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC)  ...)
+	TODO: check
+CVE-2024-20444 (A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), for ...)
+	TODO: check
+CVE-2024-20442 (A vulnerability in the REST API endpoints of Cisco Nexus Dashboard cou ...)
+	TODO: check
+CVE-2024-20441 (A vulnerability in a specific REST API endpoint of Cisco NDFC could al ...)
+	TODO: check
+CVE-2024-20438 (A vulnerability in the REST API endpoints of Cisco NDFC could allow an ...)
+	TODO: check
+CVE-2024-20432 (A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fa ...)
+	TODO: check
+CVE-2024-20393 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
+CVE-2024-20385 (A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard ...)
+	TODO: check
+CVE-2024-20365 (A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Ma ...)
+	TODO: check
 CVE-2024-XXXX [znuny zsa-2024-05]
 	- znuny 6.5.11-1
 	[bookworm] - znuny <no-dsa> (Non-free not supported)
@@ -27877,7 +28023,8 @@ CVE-2024-5489 (The Wbcom Designs \u2013 Custom Font Uploader plugin for WordPres
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5482 (A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_ ...)
 	NOT-FOR-US: parisneo/lollms-webui
-CVE-2024-5480 (A vulnerability in the PyTorch's torch.distributed.rpc framework, spec ...)
+CVE-2024-5480
+	REJECTED
 	NOTE: Non issue as only documented to be used for internal communication:
 	NOTE: https://github.com/pytorch/pytorch/security/policy#using-distributed-features
 	NOTE: https://github.com/pytorch/pytorch/issues/129228



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de29a7e5c8db2db1226268a506fc3aeba5d9c612

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de29a7e5c8db2db1226268a506fc3aeba5d9c612
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241002/b53539bb/attachment.htm>


More information about the debian-security-tracker-commits mailing list