[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 17 08:12:13 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b68c6f9 by security tracker role at 2024-12-17T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-9624 (The WP All Import Pro plugin for WordPress is vulnerable to Server-Sid ...)
+	TODO: check
+CVE-2024-56017 (Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Regi ...)
+	TODO: check
+CVE-2024-55951 (Metabase is an open-source data analytics platform. For new sandboxing ...)
+	TODO: check
+CVE-2024-55864 (Cross-site scripting vulnerability exists in My WP Customize Admin/Fro ...)
+	TODO: check
+CVE-2024-55557 (ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardco ...)
+	TODO: check
+CVE-2024-55554 (Intrexx Portal Server before 12.0.2 allows XSS via a user-defined port ...)
+	TODO: check
+CVE-2024-55452 (A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper  ...)
+	TODO: check
+CVE-2024-55451 (A Stored Cross-Site Scripting (XSS) vulnerability exists in authentica ...)
+	TODO: check
+CVE-2024-55104 (Online Nurse Hiring System v1.0 was discovered to contain multiple SQL ...)
+	TODO: check
+CVE-2024-55103 (Online Nurse Hiring System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2024-55100 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
+	TODO: check
+CVE-2024-55085 (GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the t ...)
+	TODO: check
+CVE-2024-54125 (Improper authorization in handler for custom URL scheme issue in "Shon ...)
+	TODO: check
+CVE-2024-52949 (iptraf-ng 1.2.1 has a stack-based buffer overflow.)
+	TODO: check
+CVE-2024-38499 (CA Client Automation (ITCM) allows non-admin/non-root users to encrypt ...)
+	TODO: check
+CVE-2024-37776 (A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9. ...)
+	TODO: check
+CVE-2024-37775 (Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attacke ...)
+	TODO: check
+CVE-2024-37774 (A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 all ...)
+	TODO: check
+CVE-2024-37773 (An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows a ...)
+	TODO: check
+CVE-2024-35230 (GeoServer is an open source software server written in Java that allow ...)
+	TODO: check
+CVE-2024-29671 (Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 all ...)
+	TODO: check
+CVE-2024-12443 (The CRM Perks \u2013 WordPress HelpDesk Integration \u2013 Zendesk, Fr ...)
+	TODO: check
+CVE-2024-12356 (A critical vulnerability has been discovered in Privileged Remote Acce ...)
+	TODO: check
+CVE-2024-12239 (The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-12220 (The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Si ...)
+	TODO: check
+CVE-2024-12219 (The Stop Registration Spam plugin for WordPress is vulnerable to Cross ...)
+	TODO: check
+CVE-2024-11999 (CWE-1104: Use of Unmaintained Third-Party Components vulnerability exi ...)
+	TODO: check
+CVE-2024-11906 (The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-S ...)
+	TODO: check
+CVE-2024-11905 (The Animated Counters plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2024-11902 (The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-S ...)
+	TODO: check
+CVE-2024-11900 (The Portfolio \u2013 Filterable Masonry Portfolio Gallery for Professi ...)
+	TODO: check
+CVE-2024-10205 (Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on  ...)
+	TODO: check
 CVE-2024-8058 (An improper parsing vulnerability was reported in the FileZ client tha ...)
 	NOT-FOR-US: FileZ client
 CVE-2024-6002
@@ -66470,7 +66534,7 @@ CVE-2024-28328 (CSV Injection vulnerability in the Asus RT-N12+ router allows ad
 	NOT-FOR-US: ASUS
 CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext, which could ...)
 	NOT-FOR-US: ASUS
-CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows local attac ...)
+CVE-2024-28326 (Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allo ...)
 	NOT-FOR-US: ASUS
 CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which could al ...)
 	NOT-FOR-US: ASUS
@@ -297645,14 +297709,14 @@ CVE-2021-26283
 	RESERVED
 CVE-2021-26282
 	RESERVED
-CVE-2021-26281
-	RESERVED
-CVE-2021-26280
-	RESERVED
-CVE-2021-26279
-	RESERVED
-CVE-2021-26278
-	RESERVED
+CVE-2021-26281 (Some parameters of the alarm clock module are improperly stored, leaki ...)
+	TODO: check
+CVE-2021-26280 (Locally installed application can bypass the permission check and perf ...)
+	TODO: check
+CVE-2021-26279 (Some parameters of the weather module are improperly stored, leaking s ...)
+	TODO: check
+CVE-2021-26278 (The wifi module exposes the interface and has improper permission cont ...)
+	TODO: check
 CVE-2021-26277 (The framework service handles pendingIntent incorrectly, allowing a ma ...)
 	NOT-FOR-US: Vivo
 CVE-2021-26276 (scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) p ...)
@@ -362111,14 +362175,14 @@ CVE-2020-12489
 	RESERVED
 CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...)
 	NOT-FOR-US: Vivo
-CVE-2020-12487
-	RESERVED
+CVE-2020-12487 (Due to the flaws in the verification of input parameters, the attacker ...)
+	TODO: check
 CVE-2020-12486
 	RESERVED
 CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...)
 	NOT-FOR-US: Vivo
-CVE-2020-12484
-	RESERVED
+CVE-2020-12484 (When using special mode to connect to enterprise wifi, certain options ...)
+	TODO: check
 CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...)
 	NOT-FOR-US: Vivo
 CVE-2020-12482



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b68c6f9efe24fe008d9447fc14df61adccb0601

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b68c6f9efe24fe008d9447fc14df61adccb0601
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241217/714155ca/attachment.htm>


More information about the debian-security-tracker-commits mailing list