[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 26 10:57:41 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9697d787 by Salvatore Bonaccorso at 2024-10-26T11:57:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2024-9933 (The WatchTowerHQ plugin for WordPress is vulnerable to authentication  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9932 (The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary fi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9931 (The Wux Blog Editor plugin for WordPress is vulnerable to authenticati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9930 (The Extensions by HocWP Team plugin for WordPress is vulnerable to aut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9890 (The User Toolkit plugin for WordPress is vulnerable to authentication  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9626 (The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9613 (The FormFacade \u2013 WordPress plugin for Google Forms plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9475 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9462 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9456 (The WP Awesome Login plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9454 (The PriPre plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8870 (The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-48396 (AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: AIML Chatbot
 CVE-2024-48239 (An issue was discovered in WTCMS 1.0. In the plupload method in \Asset ...)
-	TODO: check
+	NOT-FOR-US: WTCMS
 CVE-2024-48238 (WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /A ...)
-	TODO: check
+	NOT-FOR-US: WTCMS
 CVE-2024-48237 (WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Control ...)
-	TODO: check
+	NOT-FOR-US: WTCMS
 CVE-2024-48236 (An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: ofcms
 CVE-2024-48235 (An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: ofcms
 CVE-2024-48234 (An issue was discovered in mipjz 5.0.5. In the push method of app\tag\ ...)
 	TODO: check
 CVE-2024-48233 (mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\settin ...)
@@ -41,25 +41,25 @@ CVE-2024-48233 (mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\
 CVE-2024-48232 (An issue was found in mipjz 5.0.5. In the mipPost method of \app\setti ...)
 	TODO: check
 CVE-2024-48230 (funadmin 5.0.2 is vulnerable to SQL Injection via the parentField para ...)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48229 (funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click ...)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48228 (An issue was found in funadmin 5.0.2. The selectfiles method in \backe ...)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48227 (Funadmin 5.0.2 has a logical flaw in the Curd one click command deleti ...)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48226 (Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48225 (Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/ ...)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48224 (Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/inde ...)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48223 (Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/field ...)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48222 (Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-48218 (Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.)
-	TODO: check
+	NOT-FOR-US: funadmin
 CVE-2024-47821 (pyLoad is a free and open-source Download Manager. The folder `/.pyloa ...)
 	TODO: check
 CVE-2024-10092 (The Download Monitor plugin for WordPress is vulnerable to unauthorize ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9697d787ba8058c38addb41ef2cfb994d726212e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9697d787ba8058c38addb41ef2cfb994d726212e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241026/c8b6a2b0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list