[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 18 21:18:35 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
98dcf62d by Salvatore Bonaccorso at 2024-12-18T22:17:53+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,65 +1,65 @@
CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...)
TODO: check
CVE-2024-56059 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream VRPConn ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56057 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56055 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56054 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56053 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56052 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56051 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56050 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56049 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56048 (Missing Authorization vulnerability in VibeThemes WPLMS allows Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56010 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56008 (Missing Authorization vulnerability in spreadr Spreadr Woocommerce all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55997 (Missing Authorization vulnerability in Web Chunky Order Delivery & Pic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55985 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55984 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55983 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55975 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55953 (DataEase is an open source business analytics tool. Authenticated user ...)
TODO: check
CVE-2024-55952 (DataEase is an open source business analytics tool. Authenticated user ...)
TODO: check
CVE-2024-55492 (Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross ...)
- TODO: check
+ NOT-FOR-US: Winmail Server
CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in t ...)
TODO: check
CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery ( ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS CE
CVE-2024-55086 (In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Fo ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS CE
CVE-2024-54383 (Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-54381 (Missing Authorization vulnerability in theDotstore Advance Menu Manage ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-54350 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-54270 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53271 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
TODO: check
CVE-2024-53270 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98dcf62d6d807f22d064d69a0e80bcab354778e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98dcf62d6d807f22d064d69a0e80bcab354778e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241218/0d17e82e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list