[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 13 15:37:14 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e513eca2 by Moritz Mühlenhoff at 2025-02-13T16:36:27+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,13 +13,13 @@ CVE-2025-0995
- chromium 133.0.6943.98-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-25286 (Crayfish is a collection of Islandora 8 microservices, one of which, H ...)
- TODO: check
+ NOT-FOR-US: Crayfish
CVE-2025-20097 (Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP ...)
NOT-FOR-US: Intel
CVE-2025-1229 (A vulnerability classified as critical was found in olajowon Loggrove ...)
- TODO: check
+ NOT-FOR-US: olajowon Loggrove
CVE-2025-1228 (A vulnerability classified as problematic has been found in olajowon L ...)
- TODO: check
+ NOT-FOR-US: olajowon Loggrove
CVE-2025-1227 (A vulnerability was found in ywoa up to 2024.07.03. It has been rated ...)
NOT-FOR-US: ywoa
CVE-2025-1226 (A vulnerability was found in ywoa up to 2024.07.03. It has been declar ...)
@@ -189,31 +189,31 @@ CVE-2024-21859 (Improper buffer restrictions in the UEFI firmware for some Intel
CVE-2024-21830 (Uncontrolled search path in some Intel(R) VPL software before version ...)
TODO: check
CVE-2024-13770 (The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13644 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13346 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13345 (The Avada Builder plugin for WordPress is vulnerable to arbitrary shor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13229 (The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13227 (The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13125 (The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13121 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13120 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13119 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12673 (An improper privilege vulnerability was reported in a BIOS customizati ...)
TODO: check
CVE-2024-12586 (The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10763 (The Campress theme for WordPress is vulnerable to Local File Inclusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10083 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
TODO: check
CVE-2023-49618 (Improper buffer restrictions in some Intel(R) System Security Report a ...)
@@ -229,9 +229,9 @@ CVE-2023-48267 (Improper buffer restrictions in some Intel(R) System Security Re
CVE-2023-32277 (Untrusted Pointer Dereference in I/O subsystem for some Intel(R) QAT s ...)
TODO: check
CVE-2023-31276 (Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Boa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29164 (Improper access control in BMC Firmware for the Intel(R) Server Board ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-1247
NOT-FOR-US: Quarkus
CVE-2025-26378 (A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q- ...)
@@ -406,7 +406,7 @@ CVE-2025-1188 (A vulnerability, which was classified as critical, has been found
CVE-2025-1187 (A vulnerability classified as critical was found in code-projects Poli ...)
NOT-FOR-US: code-projects Police FIR Record Management System
CVE-2025-1146 (CrowdStrike uses industry-standard TLS (transport layer security) to s ...)
- TODO: check
+ NOT-FOR-US: CrowdStrike
CVE-2025-1102 (A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Fre ...)
NOT-FOR-US: Q-Free MaxTime
CVE-2025-1101 (A CWE-204 "Observable Response Discrepancy" in the login page in Q-Fre ...)
@@ -416,7 +416,7 @@ CVE-2025-1100 (A CWE-259 "Use of Hard-coded Password" for the root account in Q-
CVE-2025-1042 (An insecure direct object reference vulnerability in GitLab EE affecti ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-0937 (Nomad Community and Nomad Enterprise ("Nomad") event stream configured ...)
- TODO: check
+ - nomad <removed>
CVE-2025-0925
REJECTED
CVE-2025-0919
@@ -1884,7 +1884,7 @@ CVE-2024-48091 (Tally Prime Edit Log v2.1 was discovered to contain a DLL hijack
CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer ove ...)
NOT-FOR-US: NEXTU FLETA AX1500 WIFI6
CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork compone ...)
- TODO: check
+ NOT-FOR-US: gitlab-web-ide-vscode-fork
CVE-2025-24032 (PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificat ...)
{DSA-5864-1}
- pam-pkcs11 0.6.13-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e513eca2cd0e76fa3868984eb6c805988f97f924
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e513eca2cd0e76fa3868984eb6c805988f97f924
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250213/a98d3ad8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list