Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 451b1395 by Salvatore Bonaccorso at 2024-09-10T22:44:01+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,5 +1,5 @@ CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...) - TODO: check + NOT-FOR-US: Mercury MNVR816 CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leading to ...) TODO: check CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...) @@ -7,21 +7,21 @@ CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0 NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19559 CVE-2024-8543 (The Slider comparison image before and after plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8504 (An attacker with authenticated access to VICIdial as an "agent" can ex ...) - TODO: check + NOT-FOR-US: VICIdial CVE-2024-8503 (An unauthenticated attacker can leverage a time-based SQL injection vu ...) - TODO: check + NOT-FOR-US: VICIdial CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in Electron ...) TODO: check CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could allow an ...) - TODO: check + NOT-FOR-US: SpiderControl SCADA Web Server CVE-2024-7770 (The Bit File Manager \u2013 100% Free & Open Source File Manager and C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7699 (An low privileged remote attacker can execute OS commands with root pr ...) TODO: check CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens of highe ...) @@ -29,11 +29,11 @@ CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens of CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows an loca ...) TODO: check CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a symlink in a ...) TODO: check CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting D-Tal ...) TODO: check CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug in Ni ...) @@ -41,7 +41,7 @@ CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, integrates audi ...) TODO: check CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes the hi ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...) TODO: check CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...) @@ -53,29 +53,29 @@ CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight. Client CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...) TODO: check CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR Manager ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2024-45044 (Bareos is open source software for backup, archiving, and recovery of ...) TODO: check CVE-2024-45032 (A vulnerability has been identified in Industrial Edge Management Pro ...) - TODO: check + NOT-FOR-US: Industrial Edge Management CVE-2024-44893 (An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport ...) - TODO: check + NOT-FOR-US: JimuReport CVE-2024-44872 (A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 ...) - TODO: check + NOT-FOR-US: moziloCMS CVE-2024-44871 (An arbitrary file upload vulnerability in the component /admin/index.p ...) - TODO: check + NOT-FOR-US: moziloCMS CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read vulnerabil ...) - TODO: check + NOT-FOR-US: phpok CVE-2024-44815 (An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physica ...) - TODO: check + NOT-FOR-US: Hathway Skyworth Router CM5100 CVE-2024-44677 (eladmin v2.7 and before is vulnerable to Server-Side Request Forgery ( ...) TODO: check CVE-2024-44676 (eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) wh ...) TODO: check CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628 ...) - TODO: check + NOT-FOR-US: Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router CVE-2024-44087 (A vulnerability has been identified in Automation License Manager V5 ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted user i ...) TODO: check CVE-2024-43799 (Send is a library for streaming files from the file system as a http r ...) @@ -83,51 +83,51 @@ CVE-2024-43799 (Send is a library for streaming files from the file system as a CVE-2024-43796 (Express.js minimalist web framework for node. In express < 4.20.0, pas ...) TODO: check CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-43647 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...) TODO: check CVE-2024-43495 (Windows libarchive Remote Code Execution Vulnerability) TODO: check CVE-2024-43492 (Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43491 (Microsoft is aware of a vulnerability in Servicing Stack that has roll ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43487 (Windows Mark of the Web Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43482 (Microsoft Outlook for iOS Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43479 (Microsoft Power Automate Desktop Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43476 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43475 (Microsoft Windows Admin Center Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43474 (Microsoft SQL Server Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43470 (Azure Network Watcher VM Agent Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43469 (Azure CycleCloud Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43467 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43466 (Microsoft SharePoint Server Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43465 (Microsoft Excel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43464 (Microsoft SharePoint Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43463 (Microsoft Office Visio Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43461 (Windows MSHTML Platform Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43458 (Windows Networking Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43457 (Windows Setup and Deployment Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43455 (Windows Remote Desktop Licensing Service Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43454 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43393 (A low privileged remote attacker can perform configuration changes of ...) TODO: check CVE-2024-43392 (A low privileged remote attacker can perform configuration changes of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/451b1395170ff46cb9f9753fac406664914d7449 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/451b1395170ff46cb9f9753fac406664914d7449 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits