Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a100e0b by Salvatore Bonaccorso at 2024-12-18T22:32:36+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,13 +41,13 @@ CVE-2024-55983 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2024-55975 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55953 (DataEase is an open source business analytics tool.
Authenticated user ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-55952 (DataEase is an open source business analytics tool.
Authenticated user ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-55492 (Winmail Server 4.4 is vulnerable to
f_user=%22%3E%3Csvg%20onload Cross ...)
NOT-FOR-US: Winmail Server
CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery
(SSRF) in t ...)
- TODO: check
+ NOT-FOR-US: Rhymix CMS
CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request
Forgery ( ...)
NOT-FOR-US: GetSimple CMS CE
CVE-2024-55086 (In the GetSimple CMS CE 3.3.19 management page, Server-Side
Request Fo ...)
@@ -67,41 +67,41 @@ CVE-2024-53270 (Envoy is a cloud-native high-performance
edge/middle/service pro
CVE-2024-53269 (Envoy is a cloud-native high-performance edge/middle/service
proxy. Wh ...)
- envoyproxy <itp> (bug #987544)
CVE-2024-52593 (Misskey is an open source, federated social media platform.In
affected ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52592 (Misskey is an open source, federated social media platform. In
affecte ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52591 (Misskey is an open source, federated social media platform. In
affecte ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52590 (Misskey is an open source, federated social media platform. In
affecte ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52579 (Misskey is an open source, federated social media platform.
Some APIs ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-52485 (Missing Authorization vulnerability in Yudiz Solutions Ltd. WP
Menu Im ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-52361 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
stor ...)
NOT-FOR-US: IBM
CVE-2024-51646 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51470 (IBM MQ9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM
MQ Appli ...)
NOT-FOR-US: IBM
CVE-2024-50570 (A Cleartext Storage of Sensitive Information vulnerability
[CWE-312] i ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-4996 (Use of a hard-coded password for a database administrator
account crea ...)
- TODO: check
+ NOT-FOR-US: Wapro ERP
CVE-2024-4995 (Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade
request f ...)
- TODO: check
+ NOT-FOR-US: Wapro ERP
CVE-2024-49677 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49576 (A use-after-free vulnerability exists in the way Foxit Reader
2024.3.0 ...)
NOT-FOR-US: Foxit Reader
CVE-2024-49363 (Misskey is an open source, federated social media platform. In
affecte ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2024-49202 (Keyfactor Command before 12.5.0 has Incorrect Access Control:
access t ...)
- TODO: check
+ NOT-FOR-US: Keyfactor
CVE-2024-49201 (Keyfactor Remote File Orchestrator (aka
remote-file-orchestrator) 2.8 ...)
- TODO: check
+ NOT-FOR-US: Keyfactor
CVE-2024-48889 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-47810 (A use-after-free vulnerability exists in the way Foxit Reader
2024.3.0 ...)
NOT-FOR-US: Foxit Reader
CVE-2024-47119 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
does not ...)
@@ -109,43 +109,43 @@ CVE-2024-47119 (IBM Storage Defender - Resiliency Service
2.0.0 through 2.0.9 do
CVE-2024-47104 (IBM i 7.4 and 7.5 is vulnerable to an authenticated user
gaining eleva ...)
NOT-FOR-US: IBM
CVE-2024-47040 (There is a possible UAF due to a logic error in the code.This
could le ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47039 (In isSlotMarkedSuccessful of BootControl.cpp, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47038 (In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-45082 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through
12.0.3 ...)
NOT-FOR-US: IBM
CVE-2024-41752 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through
12.0.3 is ...)
NOT-FOR-US: IBM
CVE-2024-36694 (OpenCart 4.0.2.3 is vulnerable to Server-Side Template
Injection (SSTI ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2024-25042 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through
12.0.3 ...)
NOT-FOR-US: IBM
CVE-2024-12741 (A deserialization of untrusted data vulnerability exists in NI
DAQExpr ...)
- TODO: check
+ NOT-FOR-US: NI DAQExpress
CVE-2024-12554 (The Peter\u2019s Custom Anti-Spam plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12454 (The Affiliate Program Suite \u2014 SliceWP Affiliates plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12373 (A denial-of-service vulnerability exists in the Rockwell
Automation Po ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12372 (A denial-of-service and possible remote code execution
vulnerability e ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12371 (A device takeover vulnerability exists in the Rockwell
Automation Powe ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12340 (The Animation Addons for Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11926 (The Travel Booking WordPress Theme theme for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-11912 (The Travel Booking WordPress Theme theme for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-11291 (The Paid Membership Subscriptions \u2013 Effortless
Memberships, Recur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50956 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
could ...)
NOT-FOR-US: IBM
CVE-2023-34990 (A relative path traversal in Fortinet FortiWLM version 8.6.0
through 8 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-56175 (In Optimizely Configured Commerce before 5.2.2408, malicious
payloads ...)
NOT-FOR-US: Optimizely Configured Commerce
CVE-2024-56174 (In Optimizely Configured Commerce before 5.2.2408, malicious
payloads ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a100e0b48fae7360c7cf63f1298228882875345
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a100e0b48fae7360c7cf63f1298228882875345
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
