[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 7 21:07:41 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11bc701f by Salvatore Bonaccorso at 2025-01-07T22:07:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -320,9 +320,9 @@ CVE-2024-56270 (Missing Authorization vulnerability in SecureSubmit WP SecureSub
CVE-2024-56056 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55556 (A vulnerability in Crater Invoice allows an unauthenticated attacker w ...)
- TODO: check
+ NOT-FOR-US: Crater Invoice
CVE-2024-55555 (Invoice Ninja before 5.10.43 allows remote code execution from a pre-a ...)
- TODO: check
+ NOT-FOR-US: Invoice Ninja
CVE-2024-55414 (A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WD ...)
NOT-FOR-US: Motorola
CVE-2024-55413 (A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver ...)
@@ -334,21 +334,21 @@ CVE-2024-55411 (An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v
CVE-2024-55410 (An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys component of ...)
NOT-FOR-US: ASUS
CVE-2024-55218 (IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via ...)
- TODO: check
+ NOT-FOR-US: IceWarp Server
CVE-2024-55008 (JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the au ...)
- TODO: check
+ NOT-FOR-US: JATOS
CVE-2024-54819 (I, Librarian before and including 5.11.1 is vulnerable to Server-Side ...)
TODO: check
CVE-2024-54007 (Multiple command injection vulnerabilities exist in the web interface ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-54006 (Multiple command injection vulnerabilities exist in the web interface ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-53800 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53522 (Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Bangkok Medical Software HOSxP XE
CVE-2024-53345 (An authenticated arbitrary file upload vulnerability in Car Rental Man ...)
- TODO: check
+ NOT-FOR-US: Car Rental Management System
CVE-2024-52893 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could al ...)
NOT-FOR-US: IBM
CVE-2024-52891 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could a ...)
@@ -360,91 +360,91 @@ CVE-2024-52367 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 cou
CVE-2024-52366 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3could allo ...)
NOT-FOR-US: IBM
CVE-2024-51715 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51651 (Missing Authorization vulnerability in CubeWP CubeWP Forms \u2013 All- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50660 (File Upload Bypass was found in AdPortal 3.0.39 allows a remote attack ...)
- TODO: check
+ NOT-FOR-US: AdPortal
CVE-2024-50659 (Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3 ...)
- TODO: check
+ NOT-FOR-US: AdPortal
CVE-2024-50658 (Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 all ...)
- TODO: check
+ NOT-FOR-US: AdPortal
CVE-2024-49649 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49644 (Incorrect Privilege Assignment vulnerability in AllAccessible Team Acc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49294 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49249 (Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49222 (Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48245 (Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest ...)
- TODO: check
+ NOT-FOR-US: Vehicle Management System
CVE-2024-46603 (An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Di ...)
- TODO: check
+ NOT-FOR-US: Elspec
CVE-2024-46602 (An issue was discovered in Elspec G5 digital fault recorder version 1. ...)
- TODO: check
+ NOT-FOR-US: Elspec
CVE-2024-46601 (Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was di ...)
- TODO: check
+ NOT-FOR-US: Elspec
CVE-2024-46242 (An issue in the validate_email function in CTFd/utils/validators/__ini ...)
- TODO: check
+ NOT-FOR-US: CTFd
CVE-2024-45640 (IBM Security ReaQta 3.12 returns sensitive information in an HTTP resp ...)
NOT-FOR-US: IBM
CVE-2024-45100 (IBM Security ReaQta 3.12could allow a privileged user to cause a denia ...)
NOT-FOR-US: IBM
CVE-2024-44450 (Multiple functions are vulnerable to Authorization Bypass in AIMS eCre ...)
- TODO: check
+ NOT-FOR-US: AIMS eCrew
CVE-2024-43243 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-40749 (Improper Access Controls allows access to protected views.)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-40748 (Lack of output escaping in the id attribute of menu lists.)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-40747 (Various module chromes didn't properly process inputs, leading to XSS ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2024-40702 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 ...)
NOT-FOR-US: IBM
CVE-2024-40427 (Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers ...)
- TODO: check
+ NOT-FOR-US: PX4-Autopilot
CVE-2024-35532 (An XML External Entity (XXE) injection vulnerability in Intersec Geosa ...)
- TODO: check
+ NOT-FOR-US: Intersec
CVE-2024-28778 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 ...)
NOT-FOR-US: IBM
CVE-2024-25037 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 ...)
NOT-FOR-US: IBM
CVE-2024-12738 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12719 (The WordPress File Upload plugin for WordPress is vulnerable to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12711 (The RSVP and Event Management plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12699 (The Service Box plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12532 (The BWD Elementor Addons plugin for WordPress is vulnerable to Sensiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12430 (An attacker who successfully exploited these vulnerabilities could cau ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-12429 (An attacker who successfully exploited these vulnerabilities could gra ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-12426 (Exposure of Environmental Variables and arbitrary INI file values to a ...)
TODO: check
CVE-2024-12425 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2024-12316 (The Jupiter X Core plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12152 (The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Direc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12131 (The WP Job Portal \u2013 A Complete Recruitment System for Company or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12033 (The Jupiter X Core plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11826 (The Quill Forms | The Best Typeform Alternative | Create Conversationa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11681 (A malicious or compromised MacPorts mirror can execute arbitrary comma ...)
TODO: check
CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of ...)
@@ -176642,9 +176642,9 @@ CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer ove
CVE-2022-45187
RESERVED
CVE-2022-45186 (An issue was discovered in SuiteCRM 7.12.7. Authenticated users can re ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2022-45185 (An issue was discovered in SuiteCRM 7.12.7. Authenticated users can us ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2022-45184 (The Web Server in Ironman Software PowerShell Universal v3.x and v2.x ...)
NOT-FOR-US: Ironman Software PowerShell Universal
CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software PowerSh ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11bc701f67e6ce700ddfb27a0775a50403118fcf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11bc701f67e6ce700ddfb27a0775a50403118fcf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250107/60a16abe/attachment.htm>
More information about the debian-security-tracker-commits
mailing list