[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 17 Dec 2024 00:12:57 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9b68c6f9 by security tracker role at 2024-12-17T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-9624 (The WP All Import Pro plugin for WordPress is vulnerable to 
Server-Sid ...)
+       TODO: check
+CVE-2024-56017 (Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal 
Stop Regi ...)
+       TODO: check
+CVE-2024-55951 (Metabase is an open-source data analytics platform. For new 
sandboxing ...)
+       TODO: check
+CVE-2024-55864 (Cross-site scripting vulnerability exists in My WP Customize 
Admin/Fro ...)
+       TODO: check
+CVE-2024-55557 (ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has 
a hardco ...)
+       TODO: check
+CVE-2024-55554 (Intrexx Portal Server before 12.0.2 allows XSS via a 
user-defined port ...)
+       TODO: check
+CVE-2024-55452 (A URL redirection vulnerability exists in UJCMS 9.6.3 due to 
improper  ...)
+       TODO: check
+CVE-2024-55451 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
authentica ...)
+       TODO: check
+CVE-2024-55104 (Online Nurse Hiring System v1.0 was discovered to contain 
multiple SQL ...)
+       TODO: check
+CVE-2024-55103 (Online Nurse Hiring System v1.0 was discovered to contain a 
SQL inject ...)
+       TODO: check
+CVE-2024-55100 (A stored cross-site scripting (XSS) vulnerability in the 
component /ad ...)
+       TODO: check
+CVE-2024-55085 (GetSimple CMS CE 3.3.19 suffers from arbitrary code execution 
in the t ...)
+       TODO: check
+CVE-2024-54125 (Improper authorization in handler for custom URL scheme issue 
in "Shon ...)
+       TODO: check
+CVE-2024-52949 (iptraf-ng 1.2.1 has a stack-based buffer overflow.)
+       TODO: check
+CVE-2024-38499 (CA Client Automation (ITCM) allows non-admin/non-root users to 
encrypt ...)
+       TODO: check
+CVE-2024-37776 (A cross-site scripting (XSS) vulnerability in Sunbird DCIM 
dcTrack v9. ...)
+       TODO: check
+CVE-2024-37775 (Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows 
attacke ...)
+       TODO: check
+CVE-2024-37774 (A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack 
v9.1.2 all ...)
+       TODO: check
+CVE-2024-37773 (An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 
allows a ...)
+       TODO: check
+CVE-2024-35230 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2024-29671 (Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router 
v.1.0.2 all ...)
+       TODO: check
+CVE-2024-12443 (The CRM Perks \u2013 WordPress HelpDesk Integration \u2013 
Zendesk, Fr ...)
+       TODO: check
+CVE-2024-12356 (A critical vulnerability has been discovered in Privileged 
Remote Acce ...)
+       TODO: check
+CVE-2024-12239 (The PowerPack Lite for Beaver Builder plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2024-12220 (The SMS for WooCommerce plugin for WordPress is vulnerable to 
Cross-Si ...)
+       TODO: check
+CVE-2024-12219 (The Stop Registration Spam plugin for WordPress is vulnerable 
to Cross ...)
+       TODO: check
+CVE-2024-11999 (CWE-1104: Use of Unmaintained Third-Party Components 
vulnerability exi ...)
+       TODO: check
+CVE-2024-11906 (The TPG Get Posts plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2024-11905 (The Animated Counters plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2024-11902 (The Slope Widgets plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2024-11900 (The Portfolio \u2013 Filterable Masonry Portfolio Gallery for 
Professi ...)
+       TODO: check
+CVE-2024-10205 (Authentication Bypass vulnerability in Hitachi Ops Center 
Analyzer on  ...)
+       TODO: check
 CVE-2024-8058 (An improper parsing vulnerability was reported in the FileZ 
client tha ...)
        NOT-FOR-US: FileZ client
 CVE-2024-6002
@@ -66470,7 +66534,7 @@ CVE-2024-28328 (CSV Injection vulnerability in the Asus 
RT-N12+ router allows ad
        NOT-FOR-US: ASUS
 CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext, 
which could ...)
        NOT-FOR-US: ASUS
-CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows 
local attac ...)
+CVE-2024-28326 (Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 
routers allo ...)
        NOT-FOR-US: ASUS
 CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which 
could al ...)
        NOT-FOR-US: ASUS
@@ -297645,14 +297709,14 @@ CVE-2021-26283
        RESERVED
 CVE-2021-26282
        RESERVED
-CVE-2021-26281
-       RESERVED
-CVE-2021-26280
-       RESERVED
-CVE-2021-26279
-       RESERVED
-CVE-2021-26278
-       RESERVED
+CVE-2021-26281 (Some parameters of the alarm clock module are improperly 
stored, leaki ...)
+       TODO: check
+CVE-2021-26280 (Locally installed application can bypass the permission check 
and perf ...)
+       TODO: check
+CVE-2021-26279 (Some parameters of the weather module are improperly stored, 
leaking s ...)
+       TODO: check
+CVE-2021-26278 (The wifi module exposes the interface and has improper 
permission cont ...)
+       TODO: check
 CVE-2021-26277 (The framework service handles pendingIntent incorrectly, 
allowing a ma ...)
        NOT-FOR-US: Vivo
 CVE-2021-26276 (scripts/cli.js in the GoDaddy node-config-shield (aka Config 
Shield) p ...)
@@ -362111,14 +362175,14 @@ CVE-2020-12489
        RESERVED
 CVE-2020-12488 (The attacker can access the sensitive information stored 
within the jo ...)
        NOT-FOR-US: Vivo
-CVE-2020-12487
-       RESERVED
+CVE-2020-12487 (Due to the flaws in the verification of input parameters, the 
attacker ...)
+       TODO: check
 CVE-2020-12486
        RESERVED
 CVE-2020-12485 (The frame touch module does not make validity judgments on 
parameter l ...)
        NOT-FOR-US: Vivo
-CVE-2020-12484
-       RESERVED
+CVE-2020-12484 (When using special mode to connect to enterprise wifi, certain 
options ...)
+       TODO: check
 CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, 
and the a ...)
        NOT-FOR-US: Vivo
 CVE-2020-12482



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b68c6f9efe24fe008d9447fc14df61adccb0601

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b68c6f9efe24fe008d9447fc14df61adccb0601
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to