[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 18 08:37:53 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
946fd692 by Salvatore Bonaccorso at 2025-01-18T09:37:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,77 +1,77 @@
CVE-2025-23209 (Craft is a flexible, user-friendly CMS for creating custom digital exp ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2025-23208 (zot is a production-ready vendor-neutral OCI image registry. The group ...)
- TODO: check
+ NOT-FOR-US: zot
CVE-2025-23207 (KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering ...)
TODO: check
CVE-2025-23206 (The AWS Cloud Development Kit (AWS CDK) is an open-source software dev ...)
- TODO: check
+ NOT-FOR-US: AWS Cloud Development Kit (AWS CDK)
CVE-2025-23205 (nbgrader is a system for assigning and grading notebooks. Enabling fra ...)
- TODO: check
+ NOT-FOR-US: nbgrader
CVE-2025-23202 (Bible Module is a tool designed for ROBLOX developers to integrate Bib ...)
- TODO: check
+ NOT-FOR-US: Bible Module
CVE-2025-23039 (Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Caido
CVE-2025-21606 (stats is a macOS system monitor in for the menu bar. The Stats applica ...)
- TODO: check
+ NOT-FOR-US: stats macOS system mointor
CVE-2025-0554 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0541 (A vulnerability was found in Codezips Gym Management System 1.0 and cl ...)
- TODO: check
+ NOT-FOR-US: Codezips Gym Management System
CVE-2025-0540 (A vulnerability has been found in itsourcecode Tailoring Management Sy ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2025-0538 (A vulnerability, which was classified as problematic, was found in cod ...)
- TODO: check
+ NOT-FOR-US: code-projects Tourism Management System
CVE-2025-0515 (The Buzz Club \u2013 Night Club, DJ and Music Festival Event WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0369 (The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0318 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0308 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9020 (The List category posts WordPress plugin before 0.90.3 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57252 (OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in / ...)
- TODO: check
+ NOT-FOR-US: OtCMS
CVE-2024-57035 (WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-57033 (WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dado ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-13519 (The MarketKing \u2014 Ultimate WooCommerce Multivendor Marketplace Sol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13517 (The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13516 (The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13515 (The Image Source Control Lite \u2013 Show Image Credits and Captions p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13433 (The Utilities for MTG plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13432 (The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13393 (The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13392 (The Rate Star Review Vote \u2013 AJAX Reviews, Votes, Star Ratings plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13391 (The MicroPayments \u2013 Fans Paysite: Paid Creator Subscriptions, Dig ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13385 (The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13317 (The ShipWorks Connector for Woocommerce plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12696 (The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo List plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12385 (The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12071 (The Evergreen Content Poster \u2013 Auto Post and Schedule Your Best C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11923 (Under certain log settings the IAM or CORE service will log credential ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2023-50739 (Abuffer overflow vulnerability has been identified in the Internet Pri ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2023-50738 (Anew feature to prevent Firmware downgrades was recently added to some ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-21399 (Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
CVE-2025-21185 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
@@ -143,7 +143,7 @@ CVE-2024-13378 (The Gravity Forms plugin for WordPress is vulnerable to Stored C
CVE-2024-13377 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13026 (A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (l ...)
- TODO: check
+ NOT-FOR-US: Algo Edge
CVE-2024-12757 (Nedap Librix Ecoreader is missing authentication for critical functi ...)
NOT-FOR-US: Nedap Librix Ecoreader
CVE-2024-12703 (CWE-502: Deserialization of untrusted data vulnerability exists that c ...)
@@ -490046,13 +490046,13 @@ CVE-2018-9465 (In task_get_unused_fd_flags of binder.c, there is a possible memo
NOTE: Android drivers from staging not enabled in any released suite
NOTE: https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1
CVE-2018-9464 (In multiple locations, there is a possible way to read protected files ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a pos ...)
NOT-FOR-US: Android
CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds write du ...)
NOT-FOR-US: Android
CVE-2018-9461 (In onAttachFragment of ShareIntentActivity.java, there is a possible w ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9460
RESERVED
CVE-2018-9459 (In Attachment of Attachment.java and getFilePath of EmlAttachmentProvi ...)
@@ -490080,7 +490080,7 @@ CVE-2018-9449 (In process_service_search_attr_rsp of sdp_discovery.cc, there is
CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bou ...)
NOT-FOR-US: Android
CVE-2018-9447 (In onCreate of EmergencyCallbackModeExitDialog.java, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9446 (In smp_br_state_machine_event of smp_br_main.cc, there is a possible o ...)
NOT-FOR-US: Android
CVE-2018-9445 (In readMetadata of Utils.cpp, there is a possible path traversal bug d ...)
@@ -490168,9 +490168,9 @@ CVE-2018-9408 (In m3326_gps_write and m3326_gps_read of gps.s, there is a possib
CVE-2018-9407 (In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure ...)
NOT-FOR-US: Android
CVE-2018-9406 (In NlpService, there is a possible way to obtain location information ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9405 (In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9404 (In oemCallback of ril.cpp, there is a possible out of bounds write due ...)
NOT-FOR-US: Android
CVE-2018-9403 (In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- i ...)
@@ -490178,7 +490178,7 @@ CVE-2018-9403 (In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_-
CVE-2018-9402 (In multiple functions of gl_proc.c, there is a buffer overwrite due to ...)
NOT-FOR-US: Android
CVE-2018-9401 (In many locations, there is a possible way to access kernel memory in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9400 (In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touc ...)
NOT-FOR-US: Android
CVE-2018-9399 (In /proc/driver/wmt_dbg driver, there are several possible out of boun ...)
@@ -490206,7 +490206,7 @@ CVE-2018-9389 (In ip6_append_data of ip6_output.c, there is a possible way to ac
CVE-2018-9388 (In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_p ...)
NOT-FOR-US: Android
CVE-2018-9387 (In multiple functions of mnh-sm.c, there is a possible way to trigger ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9386 (In reboot_block_command of htc reboot_block driver, there is a possibl ...)
NOT-FOR-US: Android
CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bounds w ...)
@@ -490216,17 +490216,17 @@ CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bou
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100491
NOTE: Related, but not the same as CVE-2018-9415
CVE-2018-9384 (In multiple locations, there is a possible way to bypass KASLR due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9383 (In asn1_ber_decoder of asn1_decoder.c, there is a possible out of boun ...)
TODO: check
CVE-2018-9382 (In multiple functions of WifiServiceImpl.java, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a possibleinf ...)
NOT-FOR-US: Android
CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds w ...)
NOT-FOR-US: Android
CVE-2018-9379 (In multiple functions of MiniThumbFile.java, there is a possible way t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9378
RESERVED
CVE-2018-9377 (In getIntentForIntentSender of ActivityManagerService.java, there is a ...)
@@ -490234,7 +490234,7 @@ CVE-2018-9377 (In getIntentForIntentSender of ActivityManagerService.java, there
CVE-2018-9376 (In rpc_msg_handler and related handlers ofdrivers/misc/mediatek/eccci/ ...)
NOT-FOR-US: Android
CVE-2018-9375 (In multiple functions of UserDictionaryProvider.java, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9374 (In installPackageLI of PackageManagerService.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2018-9373
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946fd692adb30d7e3123e3da8b4013b1348a87cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946fd692adb30d7e3123e3da8b4013b1348a87cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250118/9e28b2c8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list