[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 4 08:20:33 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c757603 by Salvatore Bonaccorso at 2025-02-04T09:20:07+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,163 +1,163 @@
CVE-2025-24982 (Cross-site request forgery vulnerability exists in Activity Log Winter ...)
- TODO: check
+ NOT-FOR-US: Activity Log WinterLock
CVE-2025-24962 (reNgine is an automated reconnaissance framework for web applications. ...)
- TODO: check
+ NOT-FOR-US: reNgine
CVE-2025-24961 (org.gaul S3Proxy implements the S3 API and proxies requests. Users of ...)
TODO: check
CVE-2025-24960 (Jellystat is a free and open source Statistics App for Jellyfin. In af ...)
- TODO: check
+ NOT-FOR-US: Jellystat
CVE-2025-24959 (zx is a tool for writing better scripts. An attacker with control over ...)
TODO: check
CVE-2025-24958 (WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24957 (WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24906 (WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24905 (WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24902 (WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24901 (WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24899 (reNgine is an automated reconnaissance framework for web applications. ...)
- TODO: check
+ NOT-FOR-US: reNgine
CVE-2025-24371 (CometBFT is a distributed, Byzantine fault-tolerant, deterministic sta ...)
TODO: check
CVE-2025-24370 (Django-Unicorn adds modern reactive component functionality to Django ...)
TODO: check
CVE-2025-24029 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-23210 (phpoffice/phpspreadsheet is a pure PHP library for reading and writing ...)
- TODO: check
+ NOT-FOR-US: phpoffice/phpspreadsheet
CVE-2025-22918 (Polycom RealPresence Group 500 <=20 has Insecure Permissions due to au ...)
- TODO: check
+ NOT-FOR-US: Polycom RealPresence Group 500
CVE-2025-22475 (Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-22205 (Improper handling of input variables lead to multiple path traversal v ...)
- TODO: check
+ NOT-FOR-US: Admiror Gallery extension for Joomla
CVE-2025-22204 (Improper control of generation of code in the sourcerer extension for ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2025-22129 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-20907 (Improper privilege management in Samsung Find prior to SMR Feb-2025 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20906 (Improper Export of Android Application Components in Settings prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20905 (Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20904 (Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20902 (Improper access control in Media Controller prior to version 1.0.24.52 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20901 (Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 al ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20900 (Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 a ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20899 (Improper access control in PushNotification prior to version 13.0.00.1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20898 (Improper input validation in Samsung Members prior to version 5.2.00.1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20897 (Improper access control in Secure Folder prior to version 1.9.20.50 in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20896 (Use of implicit intent for sensitive communication in EasySetup prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20895 (Authentication Bypass Using an Alternate Path in Galaxy Store prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20894 (Improper access control in Samsung Email prior to version 6.1.97.1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20893 (Improper access control in NotificationManager prior to SMR Jan-2025 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20892 (Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20891 (Out-of-bounds read in decoding malformed bitstream of video thumbnails ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20890 (Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20889 (Out-of-bounds read in decoding malformed bitstream for smp4vtd in libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20888 (Out-of-bounds write in handling the block size for smp4vtd in libsthmb ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20887 (Out-of-bounds read in accessing table used for svp8t in libsthmbc.so p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20886 (Inclusion of sensitive information in test code in softsim TA prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20885 (Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20884 (Improper access control in Samsung Message prior to SMR Jan-2025 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20883 (Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20882 (Out-of-bounds write in accessing uninitialized memory for svc1td in li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20881 (Out-of-bounds write in accessing buffer storing the decoded video fram ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-1003 (A potential vulnerability has been identified in HP Anyware Agent for ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-0466 (The Sensei LMS WordPress plugin before 4.24.4 does not properly prote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0368 (The Banner Garden Plugin for WordPress plugin through 0.1.3 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0148 (Missing password field masking in the Zoom Jenkins Marketplace plugin ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-57451 (ChestnutCMS <=1.5.0 has a directory traversal vulnerability in content ...)
- TODO: check
+ NOT-FOR-US: ChestnutCMS
CVE-2024-56903 (A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the ver ...)
- TODO: check
+ NOT-FOR-US: Geovision GV-ASWeb
CVE-2024-56902 (An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows una ...)
- TODO: check
+ NOT-FOR-US: Geovision GV-ASWeb
CVE-2024-56901 (A Cross-Site Request Forgery (CSRF) in the Account Management componen ...)
- TODO: check
+ NOT-FOR-US: Geovision GV-ASWeb
CVE-2024-56898 (Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less ...)
- TODO: check
+ NOT-FOR-US: Geovision GV-ASWeb
CVE-2024-47770 (Wazuh is a free and open source platform used for threat prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2024-44449 (Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 all ...)
TODO: check
CVE-2024-35177 (Wazuh is a free and open source platform used for threat prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2024-34897 (Nedis SmartLife android app v1.4.0 was discovered to contain an API ke ...)
- TODO: check
+ NOT-FOR-US: Nedis SmartLife android app
CVE-2024-34896 (An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartL ...)
- TODO: check
+ NOT-FOR-US: Nedis
CVE-2024-13607 (The JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13514 (The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13332 (The TransFinanz WordPress plugin through 1.0.0 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13331 (The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13330 (The JustRows free WordPress plugin through 0.2 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13329 (The Solidres WordPress plugin through 0.9.4 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13328 (The Giga Messenger WordPress plugin through 2.3.1 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13327 (The Musicbox WordPress plugin through 2.0.3 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13326 (The iBuildApp WordPress plugin through 0.2.0 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13325 (The Glossy WordPress plugin through 2.3.5 does not sanitise and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13115 (The WP Projects Portfolio with Client Testimonials WordPress plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13114 (The WP Projects Portfolio with Client Testimonials WordPress plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12597 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12046 (The Medical Addon for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10239 (A security issue in the firmware image verification implementation at ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-10238 (A security issue in the firmware image verification implementation ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-10237 (There is a vulnerability in the BMC firmware image authentication desi ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-52164 (access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows a ...)
- TODO: check
+ NOT-FOR-US: Digiever DS-2105 Pro
CVE-2023-52163 (Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Comman ...)
- TODO: check
+ NOT-FOR-US: Digiever DS-2105 Pro
CVE-2025-25181 (A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraC ...)
NOT-FOR-US: Advantive VeraCore
CVE-2025-25066 (nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c757603203ecc7da005eda1d80f367b0c08a8ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c757603203ecc7da005eda1d80f367b0c08a8ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250204/eed69da1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list