[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 13 08:48:12 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7cf0e000 by Salvatore Bonaccorso at 2025-02-13T09:48:02+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,103 +1,103 @@
CVE-2025-25286 (Crayfish is a collection of Islandora 8 microservices, one of which, H ...)
TODO: check
CVE-2025-20097 (Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-1229 (A vulnerability classified as critical was found in olajowon Loggrove ...)
TODO: check
CVE-2025-1228 (A vulnerability classified as problematic has been found in olajowon L ...)
TODO: check
CVE-2025-1227 (A vulnerability was found in ywoa up to 2024.07.03. It has been rated ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2025-1226 (A vulnerability was found in ywoa up to 2024.07.03. It has been declar ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2025-1198 (An issue discovered in GitLab CE/EE affecting all versions from 16.11 ...)
TODO: check
CVE-2025-1070 (CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-1060 (CWE-319: Cleartext Transmission of Sensitive Information vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-1059 (CWE-770: Allocation of Resources Without Limits or Throttling vulnerab ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-1058 (CWE-494: Download of Code Without Integrity Check vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-0896 (Orthanc server prior to version 1.5.8 does not enable basic authentica ...)
TODO: check
CVE-2025-0837 (The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2025-0816 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-0815 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-0814 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-0692 (The Simple Video Management System WordPress plugin through 1.0.4 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0661 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0327 (CWE-269: Improper Privilege Management vulnerability exists for two se ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-0113 (A problem with the network isolation mechanism of the Palo Alto Networ ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0111 (An authenticated file read vulnerability in the Palo Alto Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0110 (A command injection vulnerability in the Palo Alto Networks PAN-OS Ope ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0109 (An unauthenticated file deletion vulnerability in the Palo Alto Networ ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0108 (An authentication bypass in the Palo Alto Networks PAN-OS software ena ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-8266 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-7102 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-57605 (Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 ...)
- TODO: check
+ NOT-FOR-US: Daylight Studio Fuel CMS
CVE-2024-57604 (An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to e ...)
- TODO: check
+ NOT-FOR-US: MaysWind ezBookkeeping
CVE-2024-57603 (An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to e ...)
- TODO: check
+ NOT-FOR-US: MaysWind ezBookkeeping
CVE-2024-57602 (An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: Alex Tselegidis EasyAppointments
CVE-2024-57601 (Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments ...)
- TODO: check
+ NOT-FOR-US: Alex Tselegidis EasyAppointments
CVE-2024-56940 (An issue in the profile image upload function of LearnDash v6.7.1 allo ...)
- TODO: check
+ NOT-FOR-US: LearnDash
CVE-2024-56939 (LearnDash v6.7.1 was discovered to contain a stored cross-site scripti ...)
- TODO: check
+ NOT-FOR-US: LearnDash
CVE-2024-56938 (LearnDash v6.7.1 was discovered to contain a stored cross-site scripti ...)
- TODO: check
+ NOT-FOR-US: LearnDash
CVE-2024-51440 (An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to e ...)
- TODO: check
+ NOT-FOR-US: Nothing Tech Nothing OS
CVE-2024-51376 (Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a r ...)
- TODO: check
+ NOT-FOR-US: yeqifu carRental
CVE-2024-51123 (An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240 ...)
- TODO: check
+ NOT-FOR-US: Zertificon Z1 SecureMail Z1 SecureMail Gateway
CVE-2024-51122 (Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 Cert ...)
- TODO: check
+ NOT-FOR-US: Zertificon Z1 SecureMail Z1 CertServer
CVE-2024-47266 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47265 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47264 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47006 (Uncontrolled search path for the Intel(R) RealSense D400 Series Univer ...)
- TODO: check
+ NOT-FOR-US: INtel
CVE-2024-46923 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-46922 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-42492 (Uncontrolled search path element in some BIOS and System Firmware Upda ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-42419 (Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA F ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-42410 (Improper input validation in some Intel(R) Graphics Drivers may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-42405 (Uncontrolled search path for some Intel(R) Quartus(R) Prime Software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-41934 (Improper access control in some Intel(R) GPA software before version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-41917 (Time-of-check time-of-use race condition for some Intel(R) Battery Lif ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-41168 (Use after free in some Intel(R) PROSet/Wireless WiFi and Killer\xe2\u2 ...)
TODO: check
CVE-2024-41166 (Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiFi and ...)
@@ -105,13 +105,13 @@ CVE-2024-41166 (Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiF
CVE-2024-40887 (Race condition in some Intel(R) PROSet/Wireless WiFi and Killer\xe2\u2 ...)
TODO: check
CVE-2024-39813 (Uncontrolled search path for some EPCT software before version 1.42.8. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39805 (Insufficient verification of data authenticity in some Intel(R) DSA so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39797 (Improper access control in some drivers for Intel(R) Ethernet Connecti ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39779 (Stack-based buffer overflow in some drivers for Intel(R) Ethernet Conn ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39606 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...)
TODO: check
CVE-2024-39372 (Uncontrolled search path for the Intel(R) XTU software for Windows bef ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf0e000ebde9a06af222abe61451af7c4a06dcd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf0e000ebde9a06af222abe61451af7c4a06dcd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250213/60b82404/attachment.htm>
More information about the debian-security-tracker-commits
mailing list