[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 31 10:10:13 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b93903c by Salvatore Bonaccorso at 2024-10-31T11:09:16+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2024-9708 (The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9700 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9446 (The WP Simple Anchors Links plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9434 (The WPGlobus Translate Options plugin for WordPress is vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9430 (The Get Quote For Woocommerce \u2013 Request A Quote For Woocommerce p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9165 (The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-51427 (An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitr ...)
 	TODO: check
 CVE-2024-51426 (Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remot ...)
@@ -19,19 +19,19 @@ CVE-2024-51425 (Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a
 CVE-2024-51424 (An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitr ...)
 	TODO: check
 CVE-2024-51419 (Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor  ...)
-	TODO: check
+	NOT-FOR-US: Ofweek Online Exhibition
 CVE-2024-51243 (The eladmin v2.7 and before contains a remote code execution (RCE) vul ...)
-	TODO: check
+	NOT-FOR-US: eladmin
 CVE-2024-51242 (A Server-Side Request Forgery (SSRF) vulnerability has been identified ...)
-	TODO: check
+	NOT-FOR-US: eladmin
 CVE-2024-48807 (Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Ma ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Doctor Appointment Management System
 CVE-2024-48735 (Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspa ...)
-	TODO: check
+	NOT-FOR-US: SAS Studio
 CVE-2024-48734 (*Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/ ...)
-	TODO: check
+	NOT-FOR-US: SAS Studio
 CVE-2024-48733 (SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID} ...)
-	TODO: check
+	NOT-FOR-US: SAS Studio
 CVE-2024-48346 (xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulner ...)
 	TODO: check
 CVE-2024-48311 (Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b93903cc9c23b11d83f88be6a167a73feabdc44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b93903cc9c23b11d83f88be6a167a73feabdc44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241031/139e33dc/attachment.htm>


More information about the debian-security-tracker-commits mailing list