[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 14 05:44:53 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5e2c49c by Salvatore Bonaccorso at 2025-01-14T06:44:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-23027 (next-forge is a Next.js project boilerplate for modern web application ...)
-	TODO: check
+	NOT-FOR-US: next-forge Next.js project
 CVE-2025-23026 (jte (Java Template Engine) is a secure and lightweight template engine ...)
-	TODO: check
+	NOT-FOR-US: jte (Java Template Engine)
 CVE-2025-22963 (Teedy through 1.11 allows CSRF for account takeover via POST /api/user ...)
 	NOT-FOR-US: TeedyTeedy
 CVE-2025-22828 (CloudStack users can add and read comments (annotations) on resources  ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2025-22800 (Missing Authorization vulnerability in Post SMTP Post SMTP allows Expl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-22777 (Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allow ...)
@@ -45,7 +45,7 @@ CVE-2025-22144 (NamelessMC is a free, easy to use & powerful website software fo
 CVE-2025-22142 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
 	NOT-FOR-US: NamelessMC
 CVE-2024-6352 (A malformed packet can cause a buffer overflow in the APS layer of the ...)
-	TODO: check
+	NOT-FOR-US: Silabs (Ember Znet stack)
 CVE-2024-5743 (An attacker could exploit the 'Use of Password Hash With Insufficient  ...)
 	NOT-FOR-US: EveHome Eve Play
 CVE-2024-57488 (Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site ...)
@@ -59,13 +59,13 @@ CVE-2024-56065 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2024-54999 (MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vuln ...)
 	NOT-FOR-US: MonicaHQ
 CVE-2024-52938 (Kernel software installed and running inside a Guest VM may post impro ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-52937 (Kernel software installed and running inside a Guest VM may exploit me ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-52936 (Kernel software installed and running inside a Guest VM may post impro ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-52935 (Kernel software installed and running inside a Guest VM may exploit me ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-52333 (An improper array index validation vulnerability exists in the determi ...)
 	TODO: check
 CVE-2024-51728
@@ -73,31 +73,31 @@ CVE-2024-51728
 CVE-2024-48883 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
 	NOT-FOR-US: Samsung
 CVE-2024-47897 (Software installed and run as a non-privileged user may conduct improp ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-47895 (Kernel software installed and running inside a Guest VM may post impro ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-47894 (Kernel software installed and running inside a Guest VM may post impro ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-47796 (An improper array index validation vulnerability exists in the nowindo ...)
 	TODO: check
 CVE-2024-46921 (An issue was discovered in Samsung Mobile Processor and Modem Exynos 9 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-46920 (An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-46919 (An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-46481 (The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to o ...)
-	TODO: check
+	NOT-FOR-US: Venki Supravizio BPM
 CVE-2024-46480 (An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenti ...)
-	TODO: check
+	NOT-FOR-US: Venki Supravizio BPM
 CVE-2024-46479 (Venki Supravizio BPM through 18.0.1 was discovered to contain an arbit ...)
-	TODO: check
+	NOT-FOR-US: Venki Supravizio BPM
 CVE-2024-46310 (Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows u ...)
-	TODO: check
+	NOT-FOR-US: Cfx.re FXServer
 CVE-2024-44771 (BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: BigId PrivacyPortal
 CVE-2024-12211 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Store ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2025-0412 (Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code E ...)
 	NOT-FOR-US: Luxion KeyShot Viewer
 CVE-2025-0410 (A vulnerability classified as critical was found in liujianview gymxmj ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e2c49cad4b823585ae068f595c20aea832c91f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e2c49cad4b823585ae068f595c20aea832c91f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250114/0be87653/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list