[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 7 07:56:16 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9db89417 by Salvatore Bonaccorso at 2025-02-07T08:55:49+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,113 +11,113 @@ CVE-2025-24531 [Possible Authentication Bypass in Error Situations]
CVE-2025-24981 (MDC is a tool to take regular Markdown and write documents interacting ...)
TODO: check
CVE-2025-24787 (WhoDB is an open source database management tool. In affected versions ...)
- TODO: check
+ NOT-FOR-US: WhoDB
CVE-2025-24786 (WhoDB is an open source database management tool. While the applicatio ...)
- TODO: check
+ NOT-FOR-US: WhoDB
CVE-2025-23217 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy for pen ...)
TODO: check
CVE-2025-22992 (A SQL Injection vulnerability exists in the /feed/insert.json endpoint ...)
- TODO: check
+ NOT-FOR-US: Emoncms
CVE-2025-22936 (An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4 ...)
- TODO: check
+ NOT-FOR-US: Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router
CVE-2025-22867 (On Darwin, building a Go module which contains CGO can trigger arbitra ...)
TODO: check
CVE-2025-22866 (Due to the usage of a variable time instruction in the assembly implem ...)
TODO: check
CVE-2025-1078 (A vulnerability has been found in AppHouseKitchen AlDente Charge Limit ...)
- TODO: check
+ NOT-FOR-US: AppHouseKitchen AlDente Charge
CVE-2025-1076 (A Stored Cross-Site Scripting (Stored XSS) vulnerability has been foun ...)
- TODO: check
+ NOT-FOR-US: Holded application
CVE-2025-1074 (A vulnerability, which was classified as problematic, was found in Web ...)
- TODO: check
+ NOT-FOR-US: Webkul QloApps
CVE-2025-0994 (Trimble Cityworks versions prior to 15.8.9 and Cityworks with office c ...)
- TODO: check
+ NOT-FOR-US: Trimble Cityworks
CVE-2025-0982 (Sandbox escape in the JavaScript Task feature of Google Cloud Applicat ...)
TODO: check
CVE-2025-0859 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Edit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57962 (Vulnerability of incomplete verification information in the VPN servic ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57961 (Out-of-bounds write vulnerability in the emcom module Impact: Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57960 (Input verification vulnerability in the ExternalStorageProvider module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57959 (Use-After-Free (UAF) vulnerability in the display module Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57958 (Out-of-bounds array read vulnerability in the FFRT module Impact: Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57957 (Vulnerability of improper log information control in the UI framework ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57956 (Out-of-bounds read vulnerability in the interpreter string module Impa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57955 (Arbitrary write vulnerability in the Gallery module Impact: Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57954 (Permission verification vulnerability in the media library module Impa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57673 (An issue in floodlight v1.2 allows a local attacker to cause a denial ...)
TODO: check
CVE-2024-57672 (An issue in floodlight v1.2 allows a local attacker to cause a denial ...)
TODO: check
CVE-2024-57668 (In Code-projects Shopping Portal v1.0, the insert-product.php page has ...)
- TODO: check
+ NOT-FOR-US: Code-projects Shopping Portal
CVE-2024-57610 (A rate limiting issue in Sylius v2.0.2 allows a remote attacker to per ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2024-57599 (Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 al ...)
- TODO: check
+ NOT-FOR-US: DouPHP
CVE-2024-57523 (Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packe ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Packers and Movers Management System
CVE-2024-57430 (An SQL injection vulnerability in the pjActionGetUser function of PHPJ ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2024-57429 (A cross-site request forgery (CSRF) vulnerability in the pjActionUpdat ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2024-57428 (A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2024-57427 (PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2024-57426 (NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an at ...)
- TODO: check
+ NOT-FOR-US: NetMod VPN Client
CVE-2024-52892 (IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable t ...)
NOT-FOR-US: IBM
CVE-2024-47258 (2N Access Commander version 2.1 and prior is vulnerable in default set ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-47256 (Successful exploitation of this vulnerability could allow an attacker ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-45626 (Apache James server JMAP HTML to text plain implementation in versions ...)
- TODO: check
+ NOT-FOR-US: Apache James
CVE-2024-43811
REJECTED
CVE-2024-43779 (An information disclosure vulnerability exists in the Vault API functi ...)
- TODO: check
+ NOT-FOR-US: ClearML Enterprise Server
CVE-2024-39272 (A cross-site scripting (xss) vulnerability exists in the dataset uploa ...)
- TODO: check
+ NOT-FOR-US: ClearML Enterprise Server
CVE-2024-39033 (In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Referen ...)
- TODO: check
+ NOT-FOR-US: Newgensoft OmniDocs
CVE-2024-37358 (Similarly to CVE-2024-34055, Apache James is vulnerable to denial of s ...)
- TODO: check
+ NOT-FOR-US: Apache James
CVE-2024-36558 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36557 (The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_Y ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36556 (Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19 ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36555 (Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36554 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36553 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-24911 (In rare scenarios, the cpca process on the Security Management Server ...)
TODO: check
CVE-2024-13614 (Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for W ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2024-13417 (Specifically crafted payloads sent to the RFID reader could cause DoS ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-13416 (Using API in the 2N OS device, authorized user can enable logging, whi ...)
- TODO: check
+ NOT-FOR-US: 2N OS device
CVE-2024-12602 (Identity verification vulnerability in the ParamWatcher module Impact: ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-5878 (Honeywell OneWireless Wireless Device Manager (WDM)for the following ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-24845 (Improper neutralization of argument delimiters in a command ('Argument ...)
NOT-FOR-US: Defense Platform Home Edition
CVE-2025-24483 (NULL pointer dereference vulnerability exists in Defense Platform Home ...)
@@ -459,7 +459,7 @@ CVE-2025-1028 (The Contact Manager plugin for WordPress is vulnerable to arbitra
CVE-2025-1026 (Versions of the package spatie/browsershot before 5.0.5 are vulnerable ...)
NOT-FOR-US: spatie/browsershot
CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2025-1022 (Versions of the package spatie/browsershot before 5.0.5 are vulnerable ...)
NOT-FOR-US: spatie/browsershot
CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds checks ...)
@@ -324479,7 +324479,7 @@ CVE-2020-36086
CVE-2020-36085
RESERVED
CVE-2020-36084 (SQL Injection vulnerability in SourceCodester Responsive E-Learning Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Responsive E-Learning System
CVE-2020-36083
RESERVED
CVE-2020-36082 (File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9db89417e6438953e385556baf4b3244f7d49f13
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9db89417e6438953e385556baf4b3244f7d49f13
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250207/354606ec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list