[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Oct 10 09:19:02 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7fa2d151 by Moritz Muehlenhoff at 2024-10-10T09:56:38+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,131 +3,131 @@ CVE-2024-9680 (An attacker was able to achieve code execution in the content pro
CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not properly val ...)
TODO: check
CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism to see ...)
- TODO: check
+ NOT-FOR-US: Red Hat 3scale
CVE-2024-9575 (Local File Inclusion vulnerability in pretix Widget WordPress plugin p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9473 (A privilege escalation vulnerability in the Palo Alto Networks GlobalP ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9471 (A privilege escalation (PE) vulnerability in the XML API of Palo Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9470 (A vulnerability in Cortex XSOAR allows the disclosure of incident data ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9469 (A problem with a detection mechanism in the Palo Alto Networks Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9468 (A memory corruption vulnerability in Palo Alto Networks PAN-OS softwar ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9467 (A reflected XSS vulnerability in Palo Alto Networks Expedition enables ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9466 (A cleartext storage of sensitive information vulnerability in Palo Alt ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9465 (An SQL injection vulnerability in Palo Alto Networks Expedition allows ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9464 (An OS command injection vulnerability in Palo Alto Networks Expedition ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9463 (An OS command injection vulnerability in Palo Alto Networks Expedition ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9451 (The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9449 (The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9412 (An improper authorization vulnerability exists in the Rockwell Automat ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2024-9381 (Path traversal in Ivanti CSA before version 5.0.2 allows a remote auth ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9380 (An OS command injection vulnerability in the admin web console of Ivan ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9379 (SQL injection in the admin web console of Ivanti CSA before version 5. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9286 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Distant Education Platform
CVE-2024-9207 (The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9167 (Under specific circumstances, insecure permissions in Ivanti Velocity ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9124 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2024-9005 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8943 (The LatePoint plugin for WordPress is vulnerable to authentication byp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8911 (The LatePoint plugin for WordPress is vulnerable to Arbitrary User Pas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8884 (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vu ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8629 (The WooCommerce Multilingual & Multicurrency with WPML plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8626 (Due to a memory leak, a denial-of-service vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2024-8518 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8488 (The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8482 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8433 (The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8431 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8422 (CWE-416: Use After Free vulnerability exists that could cause arbitrar ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8215 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Payara
CVE-2024-8048 (In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-8015 (In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.9 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-8014 (In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7963 (The CMSMasters Content Composer plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7840 (In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7612 (Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local auth ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-7294 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q3 (1 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7293 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q3 (1 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7292 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q3 (1 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-7041 (An Insecure Direct Object Reference (IDOR) vulnerability exists in ope ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2024-7038 (An information disclosure vulnerability exists in open-webui version 0 ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2024-7037 (In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipeline ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2024-5968 (The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47951 (In JetBrains TeamCity before 2024.07.3 stored XSS was possible via ser ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47950 (In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Back ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47949 (In JetBrains TeamCity before 2024.07.3 path traversal allowed backup f ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47948 (In JetBrains TeamCity before 2024.07.3 path traversal leading to infor ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47833 (Taipy is an open-source Python library for easy, end-to-end applicatio ...)
- TODO: check
+ NOT-FOR-US: Taipy
CVE-2024-47832 (ssoready is a single sign on provider implemented via docker. Affected ...)
- TODO: check
+ NOT-FOR-US: ssoready
CVE-2024-47828 (ampache is a web based audio/video streaming application and file mana ...)
- TODO: check
+ - ampache <removed>
CVE-2024-47823 (Livewire is a full-stack framework for Laravel that allows for dynamic ...)
- TODO: check
+ NOT-FOR-US: Livewire
CVE-2024-47822 (Directus is a real-time API and App dashboard for managing SQL databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2024-47816 (ImportDump is a mediawiki extension designed to automate user import r ...)
- TODO: check
+ NOT-FOR-US: ImportDump MediaWiki extension
CVE-2024-47815 (IncidentReporting is a MediaWiki extension for moving incident reports ...)
- TODO: check
+ NOT-FOR-US: IncidentReporting MediaWiki extension
CVE-2024-47813 (Wasmtime is an open source runtime for WebAssembly. Under certain conc ...)
TODO: check
CVE-2024-47812 (ImportDump is an extension for mediawiki designed to automate user imp ...)
- TODO: check
+ NOT-FOR-US: ImportDump MediaWiki extension
CVE-2024-47780 (TYPO3 is a free and open source Content Management Framework. Backend ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2024-47773 (Discourse is an open source platform for community discussion. An atta ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-47763 (Wasmtime is an open source runtime for WebAssembly. Wasmtime's impleme ...)
TODO: check
CVE-2024-47673 (In the Linux kernel, the following vulnerability has been resolved: w ...)
@@ -163,47 +163,47 @@ CVE-2024-47659 (In the Linux kernel, the following vulnerability has been resolv
CVE-2024-47658 (In the Linux kernel, the following vulnerability has been resolved: c ...)
TODO: check
CVE-2024-47565 (A vulnerability has been identified in Siemens SINEC Security Monitor ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-47563 (A vulnerability has been identified in Siemens SINEC Security Monitor ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-47562 (A vulnerability has been identified in Siemens SINEC Security Monitor ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-47553 (A vulnerability has been identified in Siemens SINEC Security Monitor ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-47425 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47424 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47423 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47422 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47421 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47420 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47419 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47418 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47417 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47416 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47415 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47414 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47413 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47412 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47411 (Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47410 (Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-ba ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-47334 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47196 (A vulnerability has been identified in ModelSim (All versions < V2024. ...)
TODO: check
CVE-2024-47195 (A vulnerability has been identified in ModelSim (All versions < V2024. ...)
@@ -211,19 +211,19 @@ CVE-2024-47195 (A vulnerability has been identified in ModelSim (All versions <
CVE-2024-47194 (A vulnerability has been identified in ModelSim (All versions < V2024. ...)
TODO: check
CVE-2024-47161 (In JetBrains TeamCity before 2024.07.3 password could be exposed via S ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-47046 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...)
TODO: check
CVE-2024-47011 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-47010 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-47009 (Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-47008 (Server-side request forgery in Ivanti Avalanche before version 6.4.5 a ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-47007 (A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanc ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-46887 (The web server of affected devices do not properly authenticate user r ...)
TODO: check
CVE-2024-46886 (The web server of affected devices does not properly validate input th ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa2d15189ae9a8c995ef545d08e6673ed20e435
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fa2d15189ae9a8c995ef545d08e6673ed20e435
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241010/99fb4941/attachment.htm>
More information about the debian-security-tracker-commits
mailing list