[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 29 08:29:27 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d812daf7 by Salvatore Bonaccorso at 2024-10-29T09:29:19+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,33 +7,33 @@ CVE-2024-51507 (Tiki through 27.0 allows users who have certain permissions to i
 CVE-2024-51506 (Tiki through 27.0 allows users who have certain permissions to insert  ...)
 	- tikiwiki <removed>
 CVE-2024-50496 (Unrestricted Upload of File with Dangerous Type vulnerability in Web a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50495 (Unrestricted Upload of File with Dangerous Type vulnerability in Widgi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50494 (Unrestricted Upload of File with Dangerous Type vulnerability in Amin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50493 (Unrestricted Upload of File with Dangerous Type vulnerability in maste ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50484 (Unrestricted Upload of File with Dangerous Type vulnerability in mahla ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50482 (Unrestricted Upload of File with Dangerous Type vulnerability in Cheta ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50480 (Unrestricted Upload of File with Dangerous Type vulnerability in azexo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-48594 (File Upload vulnerability in Prison Management System v.1.0 allows a r ...)
-	TODO: check
+	NOT-FOR-US: Prison Management System
 CVE-2024-48357 (LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /ad ...)
-	TODO: check
+	NOT-FOR-US: LyLme Spage
 CVE-2024-48356 (LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.ph ...)
-	TODO: check
+	NOT-FOR-US: LyLme Spage
 CVE-2024-48178 (newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) ...)
-	TODO: check
+	NOT-FOR-US: newbee-mall
 CVE-2024-48177 (MRCMS 3.1.2 contains a SQL injection vulnerability via the RID paramet ...)
-	TODO: check
+	NOT-FOR-US: MRCMS
 CVE-2024-48107 (SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). ...)
-	TODO: check
+	NOT-FOR-US: SparkShop
 CVE-2024-45656 (IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950. ...)
-	TODO: check
+	NOT-FOR-US: IBM Flexible Service Processor
 CVE-2024-44302 (The issue was addressed with improved checks. This issue is fixed in t ...)
 	TODO: check
 CVE-2024-44301 (The issue was addressed with improved checks. This issue is fixed in m ...)
@@ -173,7 +173,7 @@ CVE-2024-44123 (A permissions issue was addressed with additional restrictions.
 CVE-2024-44122 (A logic issue was addressed with improved checks. This issue is fixed  ...)
 	TODO: check
 CVE-2024-42011 (The Spotify app 8.9.58 for iOS has a buffer overflow in its use of str ...)
-	TODO: check
+	NOT-FOR-US: Spotify app
 CVE-2024-40867 (A custom URL scheme handling issue was addressed with improved input v ...)
 	TODO: check
 CVE-2024-40855 (The issue was addressed with improved checks. This issue is fixed in m ...)
@@ -185,23 +185,23 @@ CVE-2024-40851 (This issue was addressed by restricting options offered on a loc
 CVE-2024-40792 (A permissions issue was addressed with additional restrictions. This i ...)
 	TODO: check
 CVE-2024-30106 (HCL Connections is vulnerable to an information disclosure vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server error
 CVE-2024-27849 (A privacy issue was addressed with improved private data redaction for ...)
 	TODO: check
 CVE-2024-22065 (There is a command injection vulnerability in ZTE MF258 Pro product. D ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2024-10479 (A vulnerability, which was classified as problematic, was found in Lin ...)
-	TODO: check
+	NOT-FOR-US: LinZhaoguan pb-cms
 CVE-2024-10478 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: LinZhaoguan pb-cms
 CVE-2024-10477 (A vulnerability classified as problematic was found in LinZhaoguan pb- ...)
-	TODO: check
+	NOT-FOR-US: LinZhaoguan pb-cms
 CVE-2024-10312 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10008 (The Masteriyo LMS \u2013 eLearning and Online Course Builder for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10000 (The Masteriyo LMS \u2013 eLearning and Online Course Builder for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50088 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.11.5-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d812daf79c51c8fdf28fb3425aa43e9fc67f87de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d812daf79c51c8fdf28fb3425aa43e9fc67f87de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241029/a3286d7c/attachment.htm>

More information about the debian-security-tracker-commits mailing list