[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 8 08:35:20 GMT 2025



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0924b4d2 by Salvatore Bonaccorso at 2025-01-08T09:34:59+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,125 +1,125 @@
 CVE-2025-22215 (VMware Aria Automation contains a server-side request forgery (SSRF) v ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-22133 (WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-22132 (WeGIA is a web manager for charitable institutions. A Cross-Site Scrip ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-21603 (Cross-site scripting vulnerability exists in MZK-DP300N firmware versi ...)
-	TODO: check
+	NOT-FOR-US: MZK-DP300N firmware
 CVE-2024-9673 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8002 (A vulnerability has been found in VIWIS LMS 9.11 and classified as pro ...)
 	TODO: check
 CVE-2024-56456 (Vulnerability of input parameters not being verified during glTF model ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56455 (Vulnerability of input parameters not being verified during glTF model ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56454 (Vulnerability of input parameters not being verified during glTF model ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56453 (Vulnerability of input parameters not being verified during glTF model ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56452 (Vulnerability of input parameters not being verified during glTF model ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56451 (Integer overflow vulnerability during glTF model loading in the 3D eng ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56450 (Buffer overflow vulnerability in the component driver module Impact: S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56449 (Privilege escalation vulnerability in the Account module Impact: Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56448 (Vulnerability of improper access control in the home screen widget mod ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56447 (Vulnerability of improper permission control in the window management  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56446 (Vulnerability of variables not being initialized in the notification m ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56445 (Instruction authentication bypass vulnerability in the Findnetwork mod ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56444 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56443 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56442 (Vulnerability of native APIs not being implemented in the NFC service  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56441 (Race condition vulnerability in the Bastet module Impact: Successful e ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56440 (Permission control vulnerability in the Connectivity module Impact: Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56439 (Access control vulnerability in the identity authentication module Imp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56438 (Vulnerability of improper memory address protection in the HUKS module ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56437 (Vulnerability of input parameters not being verified in the widget fra ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56436 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56435 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-56434 (UAF vulnerability in the device node access module Impact: Successful  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-55356
 	REJECTED
 CVE-2024-55355
 	REJECTED
 CVE-2024-54731 (cpdf through 2.8 allows stack consumption via a crafted PDF document.)
-	TODO: check
+	NOT-FOR-US: cpdf
 CVE-2024-54121 (Startup control vulnerability in the ability module Impact: Successful ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-54120 (Race condition vulnerability in the distributed notification module Im ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-50603 (An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2 ...)
-	TODO: check
+	NOT-FOR-US: Aviatrix
 CVE-2024-47934 (Improper Input Validation vulnerability in Management Program in TXOne ...)
-	TODO: check
+	NOT-FOR-US: TXOne
 CVE-2024-47239 (Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an unco ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-40679 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
 	NOT-FOR-US: IBM
 CVE-2024-13173 (The health module has insufficient restrictions on loading URLs, which ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2024-12852 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12851 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12713 (The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12585 (The Property Hive WordPress plugin before 2.1.1 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12584 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12521 (The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12205 (The Themesflat Addons For Elementor plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12112 (The Easy Form Builder \u2013 WordPress plugin form builder: contact fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12045 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns &  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12030 (The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11916 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11816 (The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11635 (The WordPress File Upload plugin for WordPress is vulnerable to Remote ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11613 (The WordPress File Upload plugin for WordPress is vulnerable to Remote ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11271 (The WordPress Webinar Plugin \u2013 WebinarPress plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11270 (The WordPress Webinar Plugin \u2013 WebinarPress plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10585 (The InfiniteWP Client plugin for WordPress is vulnerable to Path Trave ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10541
 	REJECTED
 CVE-2024-10151 (The Auto iFrame WordPress plugin before 2.0 does not validate and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52955 (Vulnerability of improper authentication in the ANS system service mod ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52954 (Vulnerability of improper permission control in the Gallery module Imp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52953 (Path traversal vulnerability in the Medialibrary module Impact: Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-0291
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -189644,7 +189644,7 @@ CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 thro
 CVE-2022-41573 (An issue was discovered in Ovidentia 8.3. The file upload feature does ...)
 	TODO: check
 CVE-2022-41572 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privile ...)
-	TODO: check
+	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2022-41571 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local f ...)
 	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2022-41570 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthe ...)
@@ -300997,7 +300997,7 @@ CVE-2021-27287
 CVE-2021-27286
 	RESERVED
 CVE-2021-27285 (An issue was discovered in Inspur ClusterEngine v4.0 that allows attac ...)
-	TODO: check
+	NOT-FOR-US: Inspur ClusterEngine
 CVE-2021-27284
 	RESERVED
 CVE-2021-27283



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0924b4d215a8954d0bd3e52782b84bf0e47ba7ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0924b4d215a8954d0bd3e52782b84bf0e47ba7ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250108/c7e52a73/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list