[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 21 08:25:51 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23e67d36 by Salvatore Bonaccorso at 2024-12-21T09:25:05+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,47 +9,47 @@ CVE-2024-56335 (vaultwarden is an unofficial Bitwarden compatible server written
 CVE-2024-56334 (systeminformation is a System and OS information library for node.js.  ...)
 	TODO: check
 CVE-2024-55509 (SQL injection vulnerability in CodeAstro Complaint Management System v ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Complaint Management System
 CVE-2024-40875 (There is a cross-site scripting vulnerability in the management consol ...)
-	TODO: check
+	NOT-FOR-US: Absolute Secure Access
 CVE-2024-12846 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2024-12845 (A vulnerability classified as problematic was found in Emlog Pro up to ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2024-12844 (A vulnerability classified as problematic has been found in Emlog Pro  ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2024-12843 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated  ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2024-12771 (The eCommerce Product Catalog Plugin for WordPress plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12721 (The Custom Product Tabs For WooCommerce plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12697 (The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12635 (The WP Docs plugin for WordPress is vulnerable to time-based SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12262 (The Ebook Store plugin for WordPress is vulnerable to Reflected Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12066 (The SMSA Shipping(official) plugin for WordPress is vulnerable to arbi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11977 (The The kk Star Ratings \u2013 Rate Post & Collect User Feedbacks plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11975 (The Reactflow Visitor Recording and Heatmaps plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11938 (The One Click Upsell Funnel for WooCommerce \u2013  Funnel Builder for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11811 (The Feedify \u2013 Web Push Notifications plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11682 (The G Web Pro Store Locator plugin for WordPress is vulnerable to Refl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11607 (The GTPayment Donations WordPress plugin through 1.0.0 does not have C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11349 (The AdForest theme for WordPress is vulnerable to authentication bypas ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-11287 (The Ebook Store plugin for WordPress is vulnerable to Reflected Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11196 (The Multi-column Tag Map plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the Kioxia PM6 ...)
 	NOT-FOR-US: Kioxia
 CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser configuration  ...)
@@ -132850,9 +132850,9 @@ CVE-2023-31282
 CVE-2023-31281
 	RESERVED
 CVE-2023-31280 (An AirVantage online Warranty Checker tool vulnerability could allow a ...)
-	TODO: check
+	NOT-FOR-US: Sierra
 CVE-2023-31279 (The AirVantage platform is vulnerable to an unauthorized attacker regi ...)
-	TODO: check
+	NOT-FOR-US: Sierra
 CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address when acces ...)
 	NOT-FOR-US: Snap One
 CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can use to byp ...)
@@ -359920,7 +359920,7 @@ CVE-2020-13714
 CVE-2020-13713
 	REJECTED
 CVE-2020-13712 (A command injection is possible through the user interface, allowing a ...)
-	TODO: check
+	NOT-FOR-US: Sierra
 CVE-2020-13711
 	RESERVED
 CVE-2020-13710



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e67d361491686499f4ccdfdb7d98e04169bdaf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e67d361491686499f4ccdfdb7d98e04169bdaf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241221/a2310243/attachment.htm>

More information about the debian-security-tracker-commits mailing list