Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11bc701f by Salvatore Bonaccorso at 2025-01-07T22:07:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -320,9 +320,9 @@ CVE-2024-56270 (Missing Authorization vulnerability in
SecureSubmit WP SecureSub
CVE-2024-56056 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55556 (A vulnerability in Crater Invoice allows an unauthenticated
attacker w ...)
- TODO: check
+ NOT-FOR-US: Crater Invoice
CVE-2024-55555 (Invoice Ninja before 5.10.43 allows remote code execution from
a pre-a ...)
- TODO: check
+ NOT-FOR-US: Invoice Ninja
CVE-2024-55414 (A vulnerability exits in driver SmSerl64.sys in Motorola SM56
Modem WD ...)
NOT-FOR-US: Motorola
CVE-2024-55413 (A vulnerability exits in driver snxppamd.sys in SUNIX Parallel
Driver ...)
@@ -334,21 +334,21 @@ CVE-2024-55411 (An issue in the snxpcamd.sys component of
SUNIX Multi I/O Card v
CVE-2024-55410 (An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys
component of ...)
NOT-FOR-US: ASUS
CVE-2024-55218 (IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting
(XSS) via ...)
- TODO: check
+ NOT-FOR-US: IceWarp Server
CVE-2024-55008 (JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability
in the au ...)
- TODO: check
+ NOT-FOR-US: JATOS
CVE-2024-54819 (I, Librarian before and including 5.11.1 is vulnerable to
Server-Side ...)
TODO: check
CVE-2024-54007 (Multiple command injection vulnerabilities exist in the web
interface ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-54006 (Multiple command injection vulnerabilities exist in the web
interface ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-53800 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53522 (Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to
contain ...)
- TODO: check
+ NOT-FOR-US: Bangkok Medical Software HOSxP XE
CVE-2024-53345 (An authenticated arbitrary file upload vulnerability in Car
Rental Man ...)
- TODO: check
+ NOT-FOR-US: Car Rental Management System
CVE-2024-52893 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3
could al ...)
NOT-FOR-US: IBM
CVE-2024-52891 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3
could a ...)
@@ -360,91 +360,91 @@ CVE-2024-52367 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2,
1.0.2.1, and 1.0.3 cou
CVE-2024-52366 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and
1.0.3could allo ...)
NOT-FOR-US: IBM
CVE-2024-51715 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51651 (Missing Authorization vulnerability in CubeWP CubeWP Forms
\u2013 All- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50660 (File Upload Bypass was found in AdPortal 3.0.39 allows a
remote attack ...)
- TODO: check
+ NOT-FOR-US: AdPortal
CVE-2024-50659 (Cross Site Scripting vulnerability iPublish Media Solutions
AdPortal 3 ...)
- TODO: check
+ NOT-FOR-US: AdPortal
CVE-2024-50658 (Server-Side Template Injection (SSTI) was found in AdPortal
3.0.39 all ...)
- TODO: check
+ NOT-FOR-US: AdPortal
CVE-2024-49649 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49644 (Incorrect Privilege Assignment vulnerability in AllAccessible
Team Acc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49633 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49294 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople
Team Bus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49249 (Path Traversal vulnerability in SMSA Express SMSA Shipping
allows Path ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49222 (Deserialization of Untrusted Data vulnerability in Amento Tech
Pvt ltd ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48245 (Vehicle Management System 1.0 is vulnerable to SQL Injection.
A guest ...)
- TODO: check
+ NOT-FOR-US: Vehicle Management System
CVE-2024-46603 (An XML External Entity (XXE) vulnerability in Elspec
Engineering G5 Di ...)
- TODO: check
+ NOT-FOR-US: Elspec
CVE-2024-46602 (An issue was discovered in Elspec G5 digital fault recorder
version 1. ...)
- TODO: check
+ NOT-FOR-US: Elspec
CVE-2024-46601 (Elspec Engineering G5 Digital Fault Recorder Firmware
v1.2.1.12 was di ...)
- TODO: check
+ NOT-FOR-US: Elspec
CVE-2024-46242 (An issue in the validate_email function in
CTFd/utils/validators/__ini ...)
- TODO: check
+ NOT-FOR-US: CTFd
CVE-2024-45640 (IBM Security ReaQta 3.12 returns sensitive information in an
HTTP resp ...)
NOT-FOR-US: IBM
CVE-2024-45100 (IBM Security ReaQta 3.12could allow a privileged user to cause
a denia ...)
NOT-FOR-US: IBM
CVE-2024-44450 (Multiple functions are vulnerable to Authorization Bypass in
AIMS eCre ...)
- TODO: check
+ NOT-FOR-US: AIMS eCrew
CVE-2024-43243 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-40749 (Improper Access Controls allows access to protected views.)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-40748 (Lack of output escaping in the id attribute of menu lists.)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-40747 (Various module chromes didn't properly process inputs, leading
to XSS ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-40702 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller
11.1.0 ...)
NOT-FOR-US: IBM
CVE-2024-40427 (Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows
attackers ...)
- TODO: check
+ NOT-FOR-US: PX4-Autopilot
CVE-2024-35532 (An XML External Entity (XXE) injection vulnerability in
Intersec Geosa ...)
- TODO: check
+ NOT-FOR-US: Intersec
CVE-2024-28778 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller
11.1.0 ...)
NOT-FOR-US: IBM
CVE-2024-25037 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller
11.1.0 ...)
NOT-FOR-US: IBM
CVE-2024-12738 (The User Profile Builder \u2013 Beautiful User Registration
Forms, Use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12719 (The WordPress File Upload plugin for WordPress is vulnerable
to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12711 (The RSVP and Event Management plugin for WordPress is
vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12699 (The Service Box plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12532 (The BWD Elementor Addons plugin for WordPress is vulnerable to
Sensiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12430 (An attacker who successfully exploited these vulnerabilities
could cau ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-12429 (An attacker who successfully exploited these vulnerabilities
could gra ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-12426 (Exposure of Environmental Variables and arbitrary INI file
values to a ...)
TODO: check
CVE-2024-12425 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2024-12316 (The Jupiter X Core plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12152 (The MIPL WC Multisite Sync plugin for WordPress is vulnerable
to Direc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12131 (The WP Job Portal \u2013 A Complete Recruitment System for
Company or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12033 (The Jupiter X Core plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11826 (The Quill Forms | The Best Typeform Alternative | Create
Conversationa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11681 (A malicious or compromised MacPorts mirror can execute
arbitrary comma ...)
TODO: check
CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133.
Some of ...)
@@ -176642,9 +176642,9 @@ CVE-2022-45188 (Netatalk through 3.1.13 has an
afp_getappl heap-based buffer ove
CVE-2022-45187
RESERVED
CVE-2022-45186 (An issue was discovered in SuiteCRM 7.12.7. Authenticated
users can re ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2022-45185 (An issue was discovered in SuiteCRM 7.12.7. Authenticated
users can us ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2022-45184 (The Web Server in Ironman Software PowerShell Universal v3.x
and v2.x ...)
NOT-FOR-US: Ironman Software PowerShell Universal
CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software
PowerSh ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11bc701f67e6ce700ddfb27a0775a50403118fcf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11bc701f67e6ce700ddfb27a0775a50403118fcf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
