[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 21 08:12:11 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f5bd5a0 by security tracker role at 2024-12-21T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...)
+	TODO: check
+CVE-2024-56358 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...)
+	TODO: check
+CVE-2024-56357 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...)
+	TODO: check
+CVE-2024-56335 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
+	TODO: check
+CVE-2024-56334 (systeminformation is a System and OS information library for node.js.  ...)
+	TODO: check
+CVE-2024-55509 (SQL injection vulnerability in CodeAstro Complaint Management System v ...)
+	TODO: check
+CVE-2024-40875 (There is a cross-site scripting vulnerability in the management consol ...)
+	TODO: check
+CVE-2024-12846 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-12845 (A vulnerability classified as problematic was found in Emlog Pro up to ...)
+	TODO: check
+CVE-2024-12844 (A vulnerability classified as problematic has been found in Emlog Pro  ...)
+	TODO: check
+CVE-2024-12843 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated  ...)
+	TODO: check
+CVE-2024-12771 (The eCommerce Product Catalog Plugin for WordPress plugin for WordPres ...)
+	TODO: check
+CVE-2024-12721 (The Custom Product Tabs For WooCommerce plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2024-12697 (The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+	TODO: check
+CVE-2024-12635 (The WP Docs plugin for WordPress is vulnerable to time-based SQL Injec ...)
+	TODO: check
+CVE-2024-12262 (The Ebook Store plugin for WordPress is vulnerable to Reflected Cross- ...)
+	TODO: check
+CVE-2024-12066 (The SMSA Shipping(official) plugin for WordPress is vulnerable to arbi ...)
+	TODO: check
+CVE-2024-11977 (The The kk Star Ratings \u2013 Rate Post & Collect User Feedbacks plug ...)
+	TODO: check
+CVE-2024-11975 (The Reactflow Visitor Recording and Heatmaps plugin for WordPress is v ...)
+	TODO: check
+CVE-2024-11938 (The One Click Upsell Funnel for WooCommerce \u2013  Funnel Builder for ...)
+	TODO: check
+CVE-2024-11811 (The Feedify \u2013 Web Push Notifications plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-11682 (The G Web Pro Store Locator plugin for WordPress is vulnerable to Refl ...)
+	TODO: check
+CVE-2024-11607 (The GTPayment Donations WordPress plugin through 1.0.0 does not have C ...)
+	TODO: check
+CVE-2024-11349 (The AdForest theme for WordPress is vulnerable to authentication bypas ...)
+	TODO: check
+CVE-2024-11287 (The Ebook Store plugin for WordPress is vulnerable to Reflected Cross- ...)
+	TODO: check
+CVE-2024-11196 (The Multi-column Tag Map plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
 CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the Kioxia PM6 ...)
 	NOT-FOR-US: Kioxia
 CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser configuration  ...)
@@ -132797,10 +132849,10 @@ CVE-2023-31282
 	RESERVED
 CVE-2023-31281
 	RESERVED
-CVE-2023-31280
-	RESERVED
-CVE-2023-31279
-	RESERVED
+CVE-2023-31280 (An AirVantage online Warranty Checker tool vulnerability could allow a ...)
+	TODO: check
+CVE-2023-31279 (The AirVantage platform is vulnerable to an unauthorized attacker regi ...)
+	TODO: check
 CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address when acces ...)
 	NOT-FOR-US: Snap One
 CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can use to byp ...)
@@ -260816,8 +260868,8 @@ CVE-2021-40961 (CMS Made Simple <=2.2.15 is affected by SQL injection in modules
 	NOT-FOR-US: CMS Made Simple
 CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...)
 	NOT-FOR-US: Galera WebTemplate
-CVE-2021-40959
-	RESERVED
+CVE-2021-40959 (A reflected cross-site scripting vulnerability in MONITORAPP Applicati ...)
+	TODO: check
 CVE-2021-40958
 	RESERVED
 CVE-2021-40957
@@ -359867,8 +359919,8 @@ CVE-2020-13714
 	REJECTED
 CVE-2020-13713
 	REJECTED
-CVE-2020-13712
-	RESERVED
+CVE-2020-13712 (A command injection is possible through the user interface, allowing a ...)
+	TODO: check
 CVE-2020-13711
 	RESERVED
 CVE-2020-13710



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5bd5a00de28ae1a6682760bcc942b067d5fbd1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5bd5a00de28ae1a6682760bcc942b067d5fbd1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241221/3a9845ac/attachment.htm>

More information about the debian-security-tracker-commits mailing list