[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jan 9 19:22:26 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8b3371da by Moritz Muehlenhoff at 2025-01-09T20:21:41+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,7 +57,7 @@ CVE-2024-53705 (A Server-Side Request Forgery vulnerability in the SonicOS SSH m
CVE-2024-53704 (An Improper Authentication vulnerability in the SSLVPN authentication ...)
NOT-FOR-US: SonicWall
CVE-2024-52869 (Certain Teradata account-handling code through 2024-11-04, used with S ...)
- TODO: check
+ NOT-FOR-US: Teradata
CVE-2024-43663 (There are many buffer overflow vulnerabilities present in several CGI ...)
NOT-FOR-US: Iocharger
CVE-2024-43662 (The <redacted>.exe or <redacted>.exe CGI binary can be used to upload ...)
@@ -199,15 +199,15 @@ CVE-2024-55656 (RedisBloom adds a set of probabilistic data structures to Redis.
CVE-2024-55517 (An issue was discovered in the Interllect Core Search in Polaris FT In ...)
NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2024-55459 (An issue in keras 3.7.0 allows attackers to write arbitrary files to t ...)
- TODO: check
+ NOT-FOR-US: keras
CVE-2024-54818 (SourceCodester Computer Laboratory Management System 1.0 is vulnerable ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
CVE-2024-53526 (composio >=0.5.40 is vulnerable to Command Execution in composio_opena ...)
- TODO: check
+ NOT-FOR-US: composio
CVE-2024-51737 (RediSearch is a Redis module that provides querying, secondary indexin ...)
TODO: check
CVE-2024-51480 (RedisTimeSeries is a time-series database (TSDB) module for Redis, by ...)
- TODO: check
+ NOT-FOR-US: RedisTimeSeries Redis module
CVE-2024-51442 (Command Injection in Minidlna version v1.3.3 and before allows an atta ...)
- minidlna <unfixed>
NOTE: https://sourceforge.net/p/minidlna/bugs/364/
@@ -221,39 +221,39 @@ CVE-2024-45343
CVE-2024-45342
REJECTED
CVE-2024-45033 (Insufficient Session Expiration vulnerability in Apache Airflow Fab Pr ...)
- TODO: check
+ NOT-FOR-US: Apache Airflow Fab provider
CVE-2024-13189 (A vulnerability classified as critical has been found in ZeroWdd myblo ...)
- TODO: check
+ NOT-FOR-US: ZeroWdd myblog
CVE-2024-13188 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linu ...)
- TODO: check
+ NOT-FOR-US: MicroWorld eScan Antivirus
CVE-2024-13187 (A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It h ...)
- TODO: check
+ NOT-FOR-US: Kingsoft WPS Office
CVE-2024-13186 (The MinigameCenter module has insufficient restrictions on loading UR ...)
- TODO: check
+ NOT-FOR-US: MinigameCenter
CVE-2024-13185 (The MinigameCenter module has insufficient restrictions on loading UR ...)
- TODO: check
+ NOT-FOR-US: MinigameCenter
CVE-2024-12855 (The AdForest theme for WordPress is vulnerable to unauthorized modific ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-12854 (The Garden Gnome Package plugin for WordPress is vulnerable to arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12853 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12712 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12337 (The Shipping via Planzer for WooCommerce plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12328 (The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11939 (The Cost Calculator Builder PRO plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11830 (The PDF Flipbook, 3D Flipbook\u2014DearFlip plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11423 (The Ultimate Gift Cards for WooCommerce \u2013 Create WooCommerce Gift ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11350 (The AdForest theme for WordPress is vulnerable to privilege escalation ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-35685 (In DevmemIntMapPages of devicemem_server.c, there is a possible physic ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-56787 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
@@ -685,11 +685,11 @@ CVE-2025-22293 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-22261 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-21624 (ClipBucket V5 provides open source video hosting with PHP. Prior to 5. ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-21623 (ClipBucket V5 provides open source video hosting with PHP. Prior to 5. ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-21622 (ClipBucket V5 provides open source video hosting with PHP. During the ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-0301 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: code-projects Online Book Shop
CVE-2025-0300 (A vulnerability classified as critical was found in code-projects Onli ...)
@@ -711,7 +711,7 @@ CVE-2025-0218 (When batch jobs are executed by pgAgent, a script is created in a
NOTE: Fixed by: https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c (master)
NOTE: Fixed by: https://github.com/pgadmin-org/pgagent/commit/5b10c3d435d3f92ccc2f05b69ff10516ef3154e0 (pgagent-4.2.3)
CVE-2024-8361 (In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits ...)
- TODO: check
+ NOT-FOR-US: SiWx91x devices
CVE-2024-56300 (Insertion of Sensitive Information Into Sent Data vulnerability in WPS ...)
NOT-FOR-US: WordPress plugin
CVE-2024-56299 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -779,11 +779,11 @@ CVE-2024-55555 (Invoice Ninja before 5.10.43 allows remote code execution from a
CVE-2024-55414 (A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WD ...)
NOT-FOR-US: Motorola
CVE-2024-55413 (A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver ...)
- TODO: check
+ NOT-FOR-US: SUNIX
CVE-2024-55412 (A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x6 ...)
- TODO: check
+ NOT-FOR-US: SUNIX
CVE-2024-55411 (An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0 ...)
- TODO: check
+ NOT-FOR-US: SUNIX
CVE-2024-55410 (An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys component of ...)
NOT-FOR-US: ASUS
CVE-2024-55218 (IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via ...)
@@ -807,7 +807,7 @@ CVE-2024-52893 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 co
CVE-2024-52891 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could a ...)
NOT-FOR-US: IBM
CVE-2024-52813 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
- TODO: check
+ NOT-FOR-US: matrix-rust-sdk
CVE-2024-52367 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could dis ...)
NOT-FOR-US: IBM
CVE-2024-52366 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3could allo ...)
@@ -899,7 +899,7 @@ CVE-2024-12033 (The Jupiter X Core plugin for WordPress is vulnerable to unautho
CVE-2024-11826 (The Quill Forms | The Best Typeform Alternative | Create Conversationa ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11681 (A malicious or compromised MacPorts mirror can execute arbitrary comma ...)
- TODO: check
+ NOT-FOR-US: MacPorts
CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of ...)
- firefox 134.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b3371dae9c6c49740131e281d473f1e989afb59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b3371dae9c6c49740131e281d473f1e989afb59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250109/5cecdc01/attachment.htm>
More information about the debian-security-tracker-commits
mailing list