Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57b367c5 by Moritz Muehlenhoff at 2024-12-11T08:26:20+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2024-12397
+ NOT-FOR-US: Quarkus
CVE-2024-9844 (Insufficient server-side controls in Secure Application Manager
of Iva ...)
NOT-FOR-US: Ivanti
CVE-2024-8540 (Insecure permissions in Ivanti Sentry before versions 9.20.2
and 10.0. ...)
@@ -7,11 +9,11 @@ CVE-2024-8256 (In Teltonika Networks RUTOS devices, running
on versions 7.0 to 7
CVE-2024-7572 (Insufficient permissions in Ivanti DSM before version
2024.3.5740 allo ...)
NOT-FOR-US: Ivanti
CVE-2024-5660 (Use of Hardware Page Aggregation (HPA) and Stage-1 and/or
Stage-2 tran ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-55602 (PwnDoc is a penetration test report generator. Prior to commit
1d4219c ...)
NOT-FOR-US: PwnDoc
CVE-2024-55586 (Nette Database through 3.2.4 allows SQL injection in certain
situation ...)
- TODO: check
+ NOT-FOR-US: Nette Database
CVE-2024-55550 (Mitel MiCollab through 9.8 SP2 could allow an authenticated
attacker w ...)
NOT-FOR-US: Mitel
CVE-2024-55548 (Improper check of password character lenght in ORing IAP-420
allows a ...)
@@ -266,7 +268,7 @@ CVE-2024-46340 (TP-Link TL-WR845N(UN)_V4_200909 and
TL-WR845N(UN)_V4_190219 was
CVE-2024-45709 (SolarWinds Web Help Desk was susceptible to a local file read
vulnerab ...)
NOT-FOR-US: SolarWinds
CVE-2024-45494 (An issue was discovered in MSA Safety FieldServer Gateways and
Embedde ...)
- TODO: check
+ NOT-FOR-US: Nette DatabaseSolarWinds
CVE-2024-45493 (An issue was discovered in MSA Safety FieldServer Gateways and
Embedde ...)
NOT-FOR-US: SolarWinds
CVE-2024-43600 (Microsoft Office Elevation of Privilege Vulnerability)
@@ -274,43 +276,43 @@ CVE-2024-43600 (Microsoft Office Elevation of Privilege
Vulnerability)
CVE-2024-43594 (System Center Operations Manager Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-12323 (The turboSMTP plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12286 (MOBATIME Network Master Clock - DTS 4801 allows attackers to
use SSH t ...)
TODO: check
CVE-2024-12236 (A security issue exists in Vertex Gemini API for customers
using VPC-S ...)
TODO: check
CVE-2024-11973 (The Quran multilanguage Text & Audio plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11945 (The Email Reminders plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11940 (The Property Hive Mortgage Calculator plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11928 (The iChart \u2013 Easy Charts and Graphs plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11868 (The LearnPress \u2013 WordPress LMS Plugin plugin for
WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11773 (SQL injection in the admin web console of Ivanti CSA before
version 5. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11772 (Command injection in the admin web console of Ivanti CSA
before versio ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11639 (An authentication bypass in the admin web console of Ivanti
CSA before ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11634 (Command injection in Ivanti Connect Secure before version
22.7R2.3 and ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11633 (Argument injection in Ivanti Connect Secure before version
22.7R2.4 al ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11106 (The Simple Restrict plugin for WordPress is vulnerable to
Sensitive In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10959 (The The Active Products Tables for WooCommerce. Use
constructor to cre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10496 (An out of bounds read due to improper input validation in
BuildFontMap ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2024-10495 (An out of bounds read due to improper input validation when
loading th ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2024-10494 (An out of bounds read due to improper input validation in
HeapObjMapIm ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2024-10256 (Insufficient permissions in Ivanti Patch SDK before version
9.7.703 al ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-9672 (A reflected cross-site scripting (XSS) vulnerability exists in
PaperCu ...)
NOT-FOR-US: PaperCut
CVE-2024-55638 (Deserialization of Untrusted Data vulnerability in Drupal Core
allows ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b367c51120a6d992b1fae412f6f0a76edeb32c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b367c51120a6d992b1fae412f6f0a76edeb32c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
