Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d812daf7 by Salvatore Bonaccorso at 2024-10-29T09:29:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,33 +7,33 @@ CVE-2024-51507 (Tiki through 27.0 allows users who have
certain permissions to i
CVE-2024-51506 (Tiki through 27.0 allows users who have certain permissions to
insert ...)
- tikiwiki <removed>
CVE-2024-50496 (Unrestricted Upload of File with Dangerous Type vulnerability
in Web a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50495 (Unrestricted Upload of File with Dangerous Type vulnerability
in Widgi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50494 (Unrestricted Upload of File with Dangerous Type vulnerability
in Amin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50493 (Unrestricted Upload of File with Dangerous Type vulnerability
in maste ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50484 (Unrestricted Upload of File with Dangerous Type vulnerability
in mahla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50482 (Unrestricted Upload of File with Dangerous Type vulnerability
in Cheta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50480 (Unrestricted Upload of File with Dangerous Type vulnerability
in azexo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48594 (File Upload vulnerability in Prison Management System v.1.0
allows a r ...)
- TODO: check
+ NOT-FOR-US: Prison Management System
CVE-2024-48357 (LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection
via /ad ...)
- TODO: check
+ NOT-FOR-US: LyLme Spage
CVE-2024-48356 (LyLme Spage <=1.6.0 is vulnerable to SQL Injection via
/admin/group.ph ...)
- TODO: check
+ NOT-FOR-US: LyLme Spage
CVE-2024-48178 (newbee-mall v1.0.0 is vulnerable to Server-Side Request
Forgery (SSRF) ...)
- TODO: check
+ NOT-FOR-US: newbee-mall
CVE-2024-48177 (MRCMS 3.1.2 contains a SQL injection vulnerability via the RID
paramet ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2024-48107 (SparkShop <=1.1.7 is vulnerable to server-side request forgery
(SSRF). ...)
- TODO: check
+ NOT-FOR-US: SparkShop
CVE-2024-45656 (IBM Flexible Service Processor (FSP) FW860.00 through
FW860.B3, FW950. ...)
- TODO: check
+ NOT-FOR-US: IBM Flexible Service Processor
CVE-2024-44302 (The issue was addressed with improved checks. This issue is
fixed in t ...)
TODO: check
CVE-2024-44301 (The issue was addressed with improved checks. This issue is
fixed in m ...)
@@ -173,7 +173,7 @@ CVE-2024-44123 (A permissions issue was addressed with
additional restrictions.
CVE-2024-44122 (A logic issue was addressed with improved checks. This issue
is fixed ...)
TODO: check
CVE-2024-42011 (The Spotify app 8.9.58 for iOS has a buffer overflow in its
use of str ...)
- TODO: check
+ NOT-FOR-US: Spotify app
CVE-2024-40867 (A custom URL scheme handling issue was addressed with improved
input v ...)
TODO: check
CVE-2024-40855 (The issue was addressed with improved checks. This issue is
fixed in m ...)
@@ -185,23 +185,23 @@ CVE-2024-40851 (This issue was addressed by restricting
options offered on a loc
CVE-2024-40792 (A permissions issue was addressed with additional
restrictions. This i ...)
TODO: check
CVE-2024-30106 (HCL Connections is vulnerable to an information disclosure
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server error
CVE-2024-27849 (A privacy issue was addressed with improved private data
redaction for ...)
TODO: check
CVE-2024-22065 (There is a command injection vulnerability in ZTE MF258 Pro
product. D ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2024-10479 (A vulnerability, which was classified as problematic, was
found in Lin ...)
- TODO: check
+ NOT-FOR-US: LinZhaoguan pb-cms
CVE-2024-10478 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: LinZhaoguan pb-cms
CVE-2024-10477 (A vulnerability classified as problematic was found in
LinZhaoguan pb- ...)
- TODO: check
+ NOT-FOR-US: LinZhaoguan pb-cms
CVE-2024-10312 (The Exclusive Addons for Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10008 (The Masteriyo LMS \u2013 eLearning and Online Course Builder
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10000 (The Masteriyo LMS \u2013 eLearning and Online Course Builder
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50088 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.11.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d812daf79c51c8fdf28fb3425aa43e9fc67f87de
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d812daf79c51c8fdf28fb3425aa43e9fc67f87de
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
