[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 13 19:46:50 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7158a2e by Salvatore Bonaccorso at 2025-02-13T20:46:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54,7 +54,7 @@ CVE-2025-1059 (CWE-770: Allocation of Resources Without Limits or Throttling vul
 CVE-2025-1058 (CWE-494: Download of Code Without Integrity Check vulnerability exists ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2025-0896 (Orthanc server prior to version 1.5.8 does not enable basic authentica ...)
-	TODO: check
+	NOT-FOR-US: Orthanc server
 CVE-2025-0837 (The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
 	NOT-FOR-US: WordPress theme
 CVE-2025-0816 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
@@ -148,65 +148,65 @@ CVE-2024-39779 (Stack-based buffer overflow in some drivers for Intel(R) Etherne
 CVE-2024-39606 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...)
 	NOT-FOR-US: Intel
 CVE-2024-39372 (Uncontrolled search path for the Intel(R) XTU software for Windows bef ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-39365 (Uncontrolled search path for the FPGA Support Package for the Intel(R) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-39356 (NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Kil ...)
 	NOT-FOR-US: Intel
 CVE-2024-39286 (Incorrect execution-assigned permissions in the Linux kernel mode driv ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-39284 (Uncontrolled search path for some Intel(R) Advisor software before ver ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-39271 (Improper restriction of communication channel to intended endpoints in ...)
 	NOT-FOR-US: Intel
 CVE-2024-38310 (Improper access control in some Intel(R) Graphics Driver software inst ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-38307 (Improper input validation in the firmware for some Intel(R) AMT and In ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-37355 (Improper access control in some Intel(R) Graphics software may allow a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-36291 (Uncontrolled search path for some Intel(R) Chipset Software Installati ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-36285 (Race condition in some Intel(R) PROSet/Wireless WiFi and Killer\xe2\u2 ...)
 	NOT-FOR-US: Intel
 CVE-2024-36283 (Uncontrolled search path for the Intel(R) Thread Director Visualizer s ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-36280 (Uncontrolled search path for some Intel(R) High Level Synthesis Compil ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-36274 (Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver for Int ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-36262 (Race condition in some Intel(R) System Security Report and System Reso ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-34521 (A directory traversal vulnerability exists in the Mavenir SCE Applicat ...)
-	TODO: check
+	NOT-FOR-US: Mavenir SCE Application Provisioning Portal
 CVE-2024-34520 (An authorization bypass vulnerability exists in the Mavenir SCE Applic ...)
-	TODO: check
+	NOT-FOR-US: Mavenir SCE Application Provisioning Portal
 CVE-2024-32942 (Incorrect default permissions for some Intel(R) DSA installer for Wind ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-32941 (NULL pointer dereference for some Intel(R) MLC software before version ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-32938 (Uncontrolled search path for some Intel(R) MPI Library for Windows sof ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-31858 (Out-of-bounds write for some Intel(R) QuickAssist Technology software  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-31155 (Improper buffer restrictions in the UEFI firmware for some Intel(R) Pr ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-31153 (Improper input validation for some Intel(R) QuickAssist Technology sof ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-30211 (Improper access control in some Intel(R) ME driver pack installer engi ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-29223 (Uncontrolled search path for some Intel(R) QuickAssist Technology soft ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-26021 (Improper initialization in the firmware for some Intel(R) AMT and Inte ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-25571 (Improper input validation in some Intel(R) SPS firmware before SPS_E5_ ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-24852 (Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Dr ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-21859 (Improper buffer restrictions in the UEFI firmware for some Intel(R) Pr ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-21830 (Uncontrolled search path in some Intel(R) VPL software before version  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-13770 (The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13644 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...)
@@ -228,25 +228,25 @@ CVE-2024-13120 (The Paid Membership Plugin, Ecommerce, User Registration Form, L
 CVE-2024-13119 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12673 (An improper privilege vulnerability was reported in a BIOS customizati ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-12586 (The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10763 (The Campress theme for WordPress is vulnerable to Local File Inclusion ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10083 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-49618 (Improper buffer restrictions in some Intel(R) System Security Report a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-49615 (Improper input validation in some Intel(R) System Security Report and  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-49603 (Race condition in some Intel(R) System Security Report and System Reso ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-48366 (Race condition in some Intel(R) System Security Report and System Reso ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-48267 (Improper buffer restrictions in some Intel(R) System Security Report a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-32277 (Untrusted Pointer Dereference in I/O subsystem for some Intel(R) QAT s ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-31276 (Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Boa ...)
 	NOT-FOR-US: Intel
 CVE-2023-29164 (Improper access control in BMC Firmware for the Intel(R) Server Board  ...)
@@ -350,15 +350,15 @@ CVE-2025-25349 (PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQ
 CVE-2025-25343 (Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in ...)
 	NOT-FOR-US: Tenda
 CVE-2025-25283 (parse-duraton is software that allows users to convert a human readabl ...)
-	TODO: check
+	NOT-FOR-US: parse-duration
 CVE-2025-25205 (Audiobookshelf is a self-hosted audiobook and podcast server. Starting ...)
-	TODO: check
+	NOT-FOR-US: Audiobookshelf
 CVE-2025-25201 (Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For re ...)
 	NOT-FOR-US: Nitrokey 3 Firmware
 CVE-2025-25200 (Koa is expressive middleware for Node.js using ES2017 async functions. ...)
-	TODO: check
+	NOT-FOR-US: Koa
 CVE-2025-25199 (go-crypto-winnative Go crypto backend for Windows using Cryptography A ...)
-	TODO: check
+	NOT-FOR-US: go-crypto-winnative
 CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite based on d ...)
 	NOT-FOR-US: mailcow
 CVE-2025-25184 (Rack provides an interface for developing web applications in Ruby. Pr ...)
@@ -457,7 +457,7 @@ CVE-2024-9870 (An external service interaction vulnerability in GitLab EE affect
 CVE-2024-6097 (In Progress\xae Telerik\xae Reporting versions prior to 2025 Q1 (19.0. ...)
 	NOT-FOR-US: Progress Telerik
 CVE-2024-54160 (dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as ship ...)
-	TODO: check
+	NOT-FOR-US: dashboards-reporting (aka Dashboards Reports)
 CVE-2024-32838 (SQL Injection vulnerability in various API endpoints - offices, dashbo ...)
 	NOT-FOR-US: Apache Fineract
 CVE-2024-23563 (HCL Connections Docs is vulnerable to a sensitive information disclosu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7158a2e3cc583670519557cf18d332be07d6774

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7158a2e3cc583670519557cf18d332be07d6774
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250213/a29c772a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list