[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 18 21:33:04 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a100e0b by Salvatore Bonaccorso at 2024-12-18T22:32:36+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,13 +41,13 @@ CVE-2024-55983 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2024-55975 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55953 (DataEase is an open source business analytics tool. Authenticated user ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-55952 (DataEase is an open source business analytics tool. Authenticated user ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-55492 (Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross ...)
NOT-FOR-US: Winmail Server
CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in t ...)
- TODO: check
+ NOT-FOR-US: Rhymix CMS
CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery ( ...)
NOT-FOR-US: GetSimple CMS CE
CVE-2024-55086 (In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Fo ...)
@@ -67,41 +67,41 @@ CVE-2024-53270 (Envoy is a cloud-native high-performance edge/middle/service pro
CVE-2024-53269 (Envoy is a cloud-native high-performance edge/middle/service proxy. Wh ...)
- envoyproxy <itp> (bug #987544)
CVE-2024-52593 (Misskey is an open source, federated social media platform.In affected ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52592 (Misskey is an open source, federated social media platform. In affecte ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52591 (Misskey is an open source, federated social media platform. In affecte ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52590 (Misskey is an open source, federated social media platform. In affecte ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52579 (Misskey is an open source, federated social media platform. Some APIs ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52485 (Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Im ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-52361 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stor ...)
NOT-FOR-US: IBM
CVE-2024-51646 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51470 (IBM MQ9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appli ...)
NOT-FOR-US: IBM
CVE-2024-50570 (A Cleartext Storage of Sensitive Information vulnerability [CWE-312] i ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-4996 (Use of a hard-coded password for a database administrator account crea ...)
- TODO: check
+ NOT-FOR-US: Wapro ERP
CVE-2024-4995 (Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request f ...)
- TODO: check
+ NOT-FOR-US: Wapro ERP
CVE-2024-49677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49576 (A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0 ...)
NOT-FOR-US: Foxit Reader
CVE-2024-49363 (Misskey is an open source, federated social media platform. In affecte ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-49202 (Keyfactor Command before 12.5.0 has Incorrect Access Control: access t ...)
- TODO: check
+ NOT-FOR-US: Keyfactor
CVE-2024-49201 (Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 ...)
- TODO: check
+ NOT-FOR-US: Keyfactor
CVE-2024-48889 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-47810 (A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0 ...)
NOT-FOR-US: Foxit Reader
CVE-2024-47119 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not ...)
@@ -109,43 +109,43 @@ CVE-2024-47119 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 do
CVE-2024-47104 (IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining eleva ...)
NOT-FOR-US: IBM
CVE-2024-47040 (There is a possible UAF due to a logic error in the code.This could le ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47039 (In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47038 (In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-45082 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 ...)
NOT-FOR-US: IBM
CVE-2024-41752 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is ...)
NOT-FOR-US: IBM
CVE-2024-36694 (OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2024-25042 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 ...)
NOT-FOR-US: IBM
CVE-2024-12741 (A deserialization of untrusted data vulnerability exists in NI DAQExpr ...)
- TODO: check
+ NOT-FOR-US: NI DAQExpress
CVE-2024-12554 (The Peter\u2019s Custom Anti-Spam plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12454 (The Affiliate Program Suite \u2014 SliceWP Affiliates plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12373 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12372 (A denial-of-service and possible remote code execution vulnerability e ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12371 (A device takeover vulnerability exists in the Rockwell Automation Powe ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12340 (The Animation Addons for Elementor plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11926 (The Travel Booking WordPress Theme theme for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-11912 (The Travel Booking WordPress Theme theme for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-11291 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50956 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could ...)
NOT-FOR-US: IBM
CVE-2023-34990 (A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-56175 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...)
NOT-FOR-US: Optimizely Configured Commerce
CVE-2024-56174 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a100e0b48fae7360c7cf63f1298228882875345
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a100e0b48fae7360c7cf63f1298228882875345
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241218/fb52683a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list