[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 12 08:28:14 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
982afc76 by Salvatore Bonaccorso at 2025-02-12T09:27:46+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,111 +1,111 @@
CVE-2025-25203 (CtrlPanel is open-source billing software for hosting providers. Prior ...)
- TODO: check
+ NOT-FOR-US: CtrlPanel
CVE-2025-23359 (NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Us ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Container Toolkit
CVE-2025-1243 (The Temporal api-go library prior to version 1.44.1 did not send `upda ...)
TODO: check
CVE-2025-1240 (WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: WinZip
CVE-2025-1186 (A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been ...)
- TODO: check
+ NOT-FOR-US: dayrui XunRuiCMS
CVE-2025-1185 (A vulnerability was found in pihome-shc PiHome 2.0. It has been classi ...)
- TODO: check
+ NOT-FOR-US: pihome-shc PiHome
CVE-2025-1184 (A vulnerability was found in pihome-shc PiHome 1.77 and classified as ...)
- TODO: check
+ NOT-FOR-US: pihome-shc PiHome
CVE-2025-1183 (A vulnerability has been found in CodeZips Gym Management System 1.0 a ...)
- TODO: check
+ NOT-FOR-US: CodeZips Gym Management System
CVE-2025-0989
REJECTED
CVE-2025-0808 (The Houzez Property Feed plugin for WordPress is vulnerable to Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57777 (Directory Traversal vulnerability in Ianproxy v.0.1 and before allows ...)
- TODO: check
+ NOT-FOR-US: ffay/lanproxy
CVE-2024-57241 (Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web ...)
- TODO: check
+ NOT-FOR-US: Dedecms
CVE-2024-57000 (An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a rem ...)
- TODO: check
+ NOT-FOR-US: Anyscale Inc Ray
CVE-2024-55212 (DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: DNNGo xBlog
CVE-2024-54916 (An issue in the SharedConfig class of Telegram Android APK v.11.7.0 al ...)
- TODO: check
+ NOT-FOR-US: Telegram Android APK
CVE-2024-54772 (An issue was discovered in the Winbox service of MikroTik RouterOS v6. ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2024-53880 (NVIDIA Triton Inference Server contains a vulnerability in the model l ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Triton Inference Server
CVE-2024-51324 (An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allo ...)
- TODO: check
+ NOT-FOR-US: Baidu Antivirus
CVE-2024-44336 (An issue in AnkiDroid Android Application v2.17.6 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: AnkiDroid Android Application
CVE-2024-33469 (An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 ...)
- TODO: check
+ NOT-FOR-US: Team Amaze Amaze File Manager
CVE-2024-32037 (GeoNetwork is a catalog application to manage spatially referenced res ...)
- TODO: check
+ NOT-FOR-US: GeoNetwork
CVE-2024-29172 (Dell BSAFE SSL-J contains a deadlock vulnerability. A remote attacker ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-29171 (Dell BSAFE SSL-J contains an Improper certificate verification vulnera ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-21971 (Improper input validation in AMD Crash Defender could allow an attacke ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21925 (Improper input validation within the AmdPspP2CmboxV2 driver may allow ...)
TODO: check
CVE-2024-21924 (SMM callout vulnerability within the AmdPlatformRasSspSmm driver could ...)
TODO: check
CVE-2024-13821 (The WP Booking Calendar plugin for WordPress is vulnerable to Unauthen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13800 (The ConvertPlus plugin for WordPress is vulnerable to unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13794 (The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13769 (The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13749 (The StaffList plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13714 (The All-Images.ai \u2013 IA Image Bank and Custom Image creation plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13701 (The Liveticker (by stklcode) plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13665 (The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13658 (The NGG Smart Image Search plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13656 (The Click Mag - Viral WordPress News Magazine/Blog Theme theme for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13654 (The ZoxPress - The All-In-One WordPress News Theme theme for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13653 (The ZoxPress - The All-In-One WordPress News Theme theme for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13601 (The Majestic Support \u2013 The Leading-Edge Help Desk & Customer Supp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13600 (The Majestic Support \u2013 The Leading-Edge Help Desk & Customer Supp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13554 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13541 (The aDirectory \u2013 WordPress Directory Listing Plugin plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13539 (The AForms Eats plugin for WordPress is vulnerable to Full Path Disclo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13421 (The Real Estate 7 WordPress theme for WordPress is vulnerable to Privi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13374 (The WP Table Manager plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12164 (The WPSyncSheets Lite For WPForms \u2013 WPForms Google Spreadsheet Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11746 (The Discover the Best Woocommerce Product Brands Plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0179 (SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver co ...)
TODO: check
CVE-2024-0145 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA nvJPEG2000 library
CVE-2024-0144 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA nvJPEG2000 library
CVE-2024-0143 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA nvJPEG2000 library
CVE-2024-0142 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA nvJPEG2000 library
CVE-2024-0112 (NVIDIA Jetson AGX Orin\u2122 and NVIDIA IGX Orin software contain a vu ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-49780 (Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 an ...)
- TODO: check
+ NOT-FOR-US: acmailer CGI
CVE-2023-31352 (A bug in the SEV firmware may allow an attacker with privileges to rea ...)
TODO: check
CVE-2023-31345 (Improper input validation in the SMM handler may allow a privileged at ...)
@@ -397,7 +397,7 @@ CVE-2025-1182 (A vulnerability, which was classified as critical, was found in G
CVE-2025-1126 (A Reliance on Untrusted Inputs in a Security Decision vulnerability ha ...)
NOT-FOR-US: Lexmark
CVE-2025-1052 (Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Exec ...)
- TODO: check
+ NOT-FOR-US: Mintty
CVE-2025-1044 (Logsign Unified SecOps Platform Authentication Bypass Vulnerability. T ...)
TODO: check
CVE-2025-0911 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...)
@@ -481,7 +481,7 @@ CVE-2024-27780 (MultipleImproper Neutralization of Input During Web Page Generat
CVE-2024-23814 (A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ0 ...)
NOT-FOR-US: Siemens
CVE-2024-21966 (A DLL hijacking vulnerability in the AMD Ryzen\u2122 Master Utility c ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-13843 (Cleartext storage of information in Ivanti Connect Secure before versi ...)
NOT-FOR-US: Ivanti
CVE-2024-13842 (A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and I ...)
@@ -521,9 +521,9 @@ CVE-2023-40721 (A use of externally-controlled format string vulnerability [CWE-
CVE-2023-37482 (The login functionality of the web server in affected devices does not ...)
NOT-FOR-US: Siemens
CVE-2023-31361 (A DLL hijacking vulnerability in AMD Integrated Management Technology ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31360 (Incorrect default permissions in the AMD Integrated Management Technol ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-12797 (Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authent ...)
- openssl <unfixed> (bug #1095765)
[bookworm] - openssl <not-affected> (Vulnerable code not present)
@@ -203312,7 +203312,7 @@ CVE-2022-40502 (Transient DOS due to improper input validation in WLAN Host.)
CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral VTScada ...)
NOT-FOR-US: Trihedral VTScada
CVE-2022-3180 (The WPGateway Plugin for WordPress is vulnerable to privilege escalati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3179 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.)
@@ -404288,7 +404288,7 @@ CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel o
CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3432 (A vulnerability in the uninstaller component of Cisco AnyConnect Secur ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3431 (A vulnerability in the web-based management interface of Cisco Sm ...)
NOT-FOR-US: Cisco
CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/982afc76002648d2c41161bee25dd113791d6695
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/982afc76002648d2c41161bee25dd113791d6695
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250212/85875d56/attachment.htm>
More information about the debian-security-tracker-commits
mailing list