[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jan 22 15:06:07 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
456c2f7a by Moritz Muehlenhoff at 2025-01-22T16:05:53+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,11 +13,11 @@ CVE-2025-23237 (Improper neutralization of special elements used in an OS comman
CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can be hooke ...)
TODO: check
CVE-2025-23089 (This CVE has been issued to inform users that they are using End-of-Li ...)
- TODO: check
+ NOT-FOR-US: EOL notification for nodejs 21
CVE-2025-23088 (This CVE has been issued to inform users that they are using End-of-Li ...)
- TODO: check
+ NOT-FOR-US: EOL notification for nodejs 19
CVE-2025-23087 (This CVE has been issued to inform users that they are using End-of-Li ...)
- TODO: check
+ NOT-FOR-US: EOL notification for nodejs 17
CVE-2025-22450 (Inclusion of undocumented features issue exists in UD-LT2 firmware Ver ...)
NOT-FOR-US: UD-LT2 firmware
CVE-2025-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -57,7 +57,7 @@ CVE-2025-21555 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-21554 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
NOT-FOR-US: Oracle
CVE-2025-21553 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-21552 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
NOT-FOR-US: Oracle
CVE-2025-21551 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -174,7 +174,7 @@ CVE-2025-21498 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion
CVE-2025-21497 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2025-21495 (Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-21494 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.40-1
CVE-2025-21493 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -224,37 +224,37 @@ CVE-2024-55958 (Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5,
CVE-2024-49749 (In DGifSlurp of dgif_lib.c, there is a possible out of bounds write du ...)
TODO: check
CVE-2024-49748 (In gatts_process_primary_service_req of gatt_sr.cc, there is a possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49747 (In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49745 (In growData of Parcel.cpp, there is a possible out of bounds write due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49744 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49742 (In onCreate of NotificationAccessConfirmationActivity.java , there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49738 (In writeInplace of Parcel.cpp, there is a possible out of bounds write ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49737 (In applyTaskFragmentOperation of WindowOrganizerController.java, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49736 (In onClick of MainClear.java, there is a possible way to trigger facto ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49735 (In multiple locations, there is a possible failure to persist permissi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49734 (In multiple functions of ConnectivityService.java, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49733 (In reload of ServiceListing.java , there is a possible way to allow a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49732 (In multiple functions of CompanionDeviceManagerService.java, there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-49724 (In multiple functions of AccountManagerService.java, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-48392 (OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An at ...)
- TODO: check
+ NOT-FOR-US: OrangeScrum
CVE-2024-43771 (In gatts_process_read_req of gatt_sr.cc, there is a possible out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-43770 (In gatts_process_find_info of gatt_sr.cc, there is a possible out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-43765 (In multiple locations, there is a possible way to obtain access to a f ...)
TODO: check
CVE-2024-43763 (In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of s ...)
@@ -330,37 +330,37 @@ CVE-2023-40132 (In setActualDefaultRingtoneUri of RingtoneManager.java, there is
CVE-2023-40108 (In multiple locations, there is a possible way to access media content ...)
TODO: check
CVE-2023-37039 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37038 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37037 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37036 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37035 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37034 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37033 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37032 (A Stack-based buffer overflow in the Mobile Management Entity (MME) of ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37031 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37030 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37029 (Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f56 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37028 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37027 (Null pointer dereference vulnerability in the Mobile Management Entity ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37026 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37025 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2023-37024 (A reachable assertion in the Mobile Management Entity (MME) of Magma v ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2025-0411 [7-Zip Mark-of-the-Web Bypass Vulnerability]
- 7zip 24.09+dfsg-1
- p7zip 16.02+transitional.1 (unimportant)
@@ -569,7 +569,7 @@ CVE-2024-43709 (An allocation of resources without limits or throttling in Elast
CVE-2024-42936 (The mqlink.elf is service component in Ruijie RG-EW300N with firmware ...)
NOT-FOR-US: Ruijie
CVE-2024-37284 (Improper handling of alternate encoding occurs when Elastic Defend on ...)
- TODO: check
+ NOT-FOR-US: Elastic Defend
CVE-2024-32555 (Incorrect Privilege Assignment vulnerability in NotFound Easy Real Est ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13536 (The 1003 Mortgage Application plugin for WordPress is vulnerable to Fu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/456c2f7ac82dfd7d69f47667d5b1329389594deb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/456c2f7ac82dfd7d69f47667d5b1329389594deb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250122/0784c330/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list