[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 09 Dec 2024 12:52:25 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1a084b4d by Salvatore Bonaccorso at 2024-12-09T21:50:14+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,93 +1,93 @@
 CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Eryaz Information Technologies NatraCar B2B Dealer 
Management Program
 CVE-2024-54938 (A Directory Listing issue was found in Kashipara E-Learning 
Management ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54937 (A Directory Listing issue was found in Kashipara E-Learning 
Management ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54936 (A Stored Cross-Site Scripting (XSS) vulnerability was found in 
/send_m ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54935 (A Stored Cross-Site Scripting (XSS) vulnerability was found in 
/send_m ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54934 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54933 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54932 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54931 (A SQL Injection was found in /admin/delete_event.php in 
kashipara E-le ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54930 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54929 (KASHIPARA E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54928 (kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54927 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54926 (A SQL Injection vulnerability was found in /search_class.php 
of kaship ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54925 (A SQL Injection was found in /remove_sent_message.php in 
kashipara E-l ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54924 (A SQL Injection was found in /admin/edit_content.php in 
kashipara E-le ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54923 (A SQL Injection vulnerability was found in 
/admin/edit_teacher.php in  ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54922 (A SQL Injection was found in /admin/edit_user.php of kashipara 
E-learn ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54921 (A SQL Injection was found in /student_signup.php in kashipara 
E-learni ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54920 (A SQL Injection vulnerability was found in /teacher_signup.php 
of kash ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54919 (A Stored Cross Site Scripting (XSS ) was found in 
/teacher_avatar.php  ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54918 (Kashipara E-learning Management System v1.0 is vulnerable to 
Remote Co ...)
-       TODO: check
+       NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54260 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54255 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54254 (Missing Authorization vulnerability in Kofi Mokome Message 
Filter for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54253 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54251 (Missing Authorization vulnerability in Prodigy Commerce 
Prodigy Commer ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54247 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54232 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54230 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54228 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54227 (Missing Authorization vulnerability in theDotstore Minimum and 
Maximum ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54226 (Cross-Site Request Forgery (CSRF) vulnerability in Karl 
Kiesinger Coun ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54225 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54224 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54223 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54220 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54219 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54218 (Missing Authorization vulnerability in Thehp AIO Contact.This 
issue af ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54217 (Missing Authorization vulnerability in Repute info systems 
ARForms.Thi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54215 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54147 (Altair is a GraphQL client for all platforms. Prior to version 
8.0.5,  ...)
-       TODO: check
+       NOT-FOR-US: Altair
 CVE-2024-53949 (Improper Authorization vulnerability in Apache Superset 
whenFAB_ADD_SE ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2024-53948 (Generation of Error Message Containing analytics metadata 
Information  ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2024-53947 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2024-53847 (The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, 
is vulne ...)
        TODO: check
 CVE-2024-53822 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Genet ...)
@@ -347,7 +347,7 @@ CVE-2024-12224 [RUSTSEC-2024-0421]
 CVE-2024-9651 (The Fluent Forms  WordPress plugin before 5.2.1 does not 
sanitise and  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-55582 (Oxide before 6 has unencrypted Control Plane datastores.)
-       TODO: check
+       NOT-FOR-US: Oxide
 CVE-2024-55580 (An issue was discovered in Qlik Sense Enterprise for Windows 
before No ...)
        NOT-FOR-US: Qlik Sense Enterprise for Windows
 CVE-2024-55579 (An issue was discovered in Qlik Sense Enterprise for Windows 
before No ...)
@@ -363,7 +363,7 @@ CVE-2024-55564 (The POSIX::2008 package before 0.24 for 
Perl has a potential _ex
 CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via 
an off- ...)
        TODO: check
 CVE-2024-55560 (MailCleaner before 28d913e has default values of 
ssh_host_dsa_key, ssh ...)
-       TODO: check
+       NOT-FOR-US: MailCleaner
 CVE-2024-53285 (Improper neutralization of input during web page generation 
('Cross-si ...)
        NOT-FOR-US: Synology
 CVE-2024-53284 (Improper neutralization of input during web page generation 
('Cross-si ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a084b4d3a62788243592db3276bce37f6406c65

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a084b4d3a62788243592db3276bce37f6406c65
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to