[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 9 20:51:53 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a084b4d by Salvatore Bonaccorso at 2024-12-09T21:50:14+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,93 +1,93 @@
 CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Eryaz Information Technologies NatraCar B2B Dealer Management Program
 CVE-2024-54938 (A Directory Listing issue was found in Kashipara E-Learning Management ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54937 (A Directory Listing issue was found in Kashipara E-Learning Management ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54936 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_m ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54935 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_m ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54934 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54933 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54932 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54931 (A SQL Injection was found in /admin/delete_event.php in kashipara E-le ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54930 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54929 (KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54928 (kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54927 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54926 (A SQL Injection vulnerability was found in /search_class.php of kaship ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54925 (A SQL Injection was found in /remove_sent_message.php in kashipara E-l ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54924 (A SQL Injection was found in /admin/edit_content.php in kashipara E-le ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54923 (A SQL Injection vulnerability was found in /admin/edit_teacher.php in  ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54922 (A SQL Injection was found in /admin/edit_user.php of kashipara E-learn ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54921 (A SQL Injection was found in /student_signup.php in kashipara E-learni ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54920 (A SQL Injection vulnerability was found in /teacher_signup.php of kash ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54919 (A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php  ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54918 (Kashipara E-learning Management System v1.0 is vulnerable to Remote Co ...)
-	TODO: check
+	NOT-FOR-US: Kashipara E-Learning Management System
 CVE-2024-54260 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54255 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54254 (Missing Authorization vulnerability in Kofi Mokome Message Filter for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54253 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54251 (Missing Authorization vulnerability in Prodigy Commerce Prodigy Commer ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54230 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54227 (Missing Authorization vulnerability in theDotstore Minimum and Maximum ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54226 (Cross-Site Request Forgery (CSRF) vulnerability in Karl Kiesinger Coun ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54225 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54224 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54223 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54220 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54219 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54218 (Missing Authorization vulnerability in Thehp AIO Contact.This issue af ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54217 (Missing Authorization vulnerability in Repute info systems ARForms.Thi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54215 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-54147 (Altair is a GraphQL client for all platforms. Prior to version 8.0.5,  ...)
-	TODO: check
+	NOT-FOR-US: Altair
 CVE-2024-53949 (Improper Authorization vulnerability in Apache Superset whenFAB_ADD_SE ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2024-53948 (Generation of Error Message Containing analytics metadata Information  ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2024-53947 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2024-53847 (The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulne ...)
 	TODO: check
 CVE-2024-53822 (Unrestricted Upload of File with Dangerous Type vulnerability in Genet ...)
@@ -347,7 +347,7 @@ CVE-2024-12224 [RUSTSEC-2024-0421]
 CVE-2024-9651 (The Fluent Forms  WordPress plugin before 5.2.1 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-55582 (Oxide before 6 has unencrypted Control Plane datastores.)
-	TODO: check
+	NOT-FOR-US: Oxide
 CVE-2024-55580 (An issue was discovered in Qlik Sense Enterprise for Windows before No ...)
 	NOT-FOR-US: Qlik Sense Enterprise for Windows
 CVE-2024-55579 (An issue was discovered in Qlik Sense Enterprise for Windows before No ...)
@@ -363,7 +363,7 @@ CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential _ex
 CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via an off- ...)
 	TODO: check
 CVE-2024-55560 (MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh ...)
-	TODO: check
+	NOT-FOR-US: MailCleaner
 CVE-2024-53285 (Improper neutralization of input during web page generation ('Cross-si ...)
 	NOT-FOR-US: Synology
 CVE-2024-53284 (Improper neutralization of input during web page generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a084b4d3a62788243592db3276bce37f6406c65

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a084b4d3a62788243592db3276bce37f6406c65
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241209/5c24e583/attachment.htm>

More information about the debian-security-tracker-commits mailing list