[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 18 Dec 2024 13:18:45 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
98dcf62d by Salvatore Bonaccorso at 2024-12-18T22:17:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,65 +1,65 @@
 CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache 
Kafka's ...)
        TODO: check
 CVE-2024-56059 (Improperly Controlled Modification of Object Prototype 
Attributes ('Pr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream 
VRPConn ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56057 (Unrestricted Upload of File with Dangerous Type vulnerability 
in VibeT ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56055 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS 
allows P ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56054 (Unrestricted Upload of File with Dangerous Type vulnerability 
in VibeT ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56053 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56052 (Unrestricted Upload of File with Dangerous Type vulnerability 
in VibeT ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56051 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56050 (Unrestricted Upload of File with Dangerous Type vulnerability 
in VibeT ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56049 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS 
allows P ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56048 (Missing Authorization vulnerability in VibeThemes WPLMS allows 
Accessi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56047 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56016 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56010 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-56008 (Missing Authorization vulnerability in spreadr Spreadr 
Woocommerce all ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-55997 (Missing Authorization vulnerability in Web Chunky Order 
Delivery & Pic ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-55985 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-55984 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-55983 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-55975 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-55953 (DataEase is an open source business analytics tool. 
Authenticated user ...)
        TODO: check
 CVE-2024-55952 (DataEase is an open source business analytics tool. 
Authenticated user ...)
        TODO: check
 CVE-2024-55492 (Winmail Server 4.4 is vulnerable to 
f_user=%22%3E%3Csvg%20onload Cross ...)
-       TODO: check
+       NOT-FOR-US: Winmail Server
 CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery 
(SSRF) in t ...)
        TODO: check
 CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request 
Forgery ( ...)
-       TODO: check
+       NOT-FOR-US: GetSimple CMS CE
 CVE-2024-55086 (In the GetSimple CMS CE 3.3.19 management page, Server-Side 
Request Fo ...)
-       TODO: check
+       NOT-FOR-US: GetSimple CMS CE
 CVE-2024-54383 (Incorrect Privilege Assignment vulnerability in wpweb 
WooCommerce PDF  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54381 (Missing Authorization vulnerability in theDotstore Advance 
Menu Manage ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-54350 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress theme
 CVE-2024-54270 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-53271 (Envoy is a cloud-native high-performance edge/middle/service 
proxy. In ...)
        TODO: check
 CVE-2024-53270 (Envoy is a cloud-native high-performance edge/middle/service 
proxy. In ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98dcf62d6d807f22d064d69a0e80bcab354778e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98dcf62d6d807f22d064d69a0e80bcab354778e2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to