[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 27 20:27:47 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9c079c1 by Salvatore Bonaccorso at 2025-01-27T21:27:23+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-24783 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Ran ...)
- TODO: check
+ NOT-FOR-US: Apache Cocoon
CVE-2025-24782 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin
CVE-2025-24754 (Missing Authorization vulnerability in Houzez.co Houzez. This issue af ...)
@@ -75,109 +75,109 @@ CVE-2025-24365 (vaultwarden is an unofficial Bitwarden compatible server written
CVE-2025-24364 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
TODO: check
CVE-2025-24357 (vLLM is a library for LLM inference and serving. vllm/model_executor/w ...)
- TODO: check
+ NOT-FOR-US: vLLM
CVE-2025-24354 (imgproxy is server for resizing, processing, and converting images. Im ...)
- TODO: check
+ NOT-FOR-US: imgproxy
CVE-2025-23982 (Missing Authorization vulnerability in Marian Kanev Cab fare calculato ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23849 (Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23792 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23669 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23656 (Missing Authorization vulnerability in Saul Morales Pacheco Donate vis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23531 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23529 (Missing Authorization vulnerability in Blokhaus Minterpress allows Acc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23457 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23197 (matrix-hookshot is a Matrix bot for connecting to external services li ...)
TODO: check
CVE-2025-22604 (Cacti is an open source performance and fault management framework. Du ...)
TODO: check
CVE-2025-22513 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0751 (A vulnerability classified as critical has been found in Axiomatic Ben ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2025-0734 (A vulnerability has been found in y_project RuoYi up to 4.8.0 and clas ...)
- TODO: check
+ NOT-FOR-US: y_project RuoYi
CVE-2025-0733 (A vulnerability, which was classified as problematic, was found in Pos ...)
- TODO: check
+ NOT-FOR-US: Postman
CVE-2025-0732 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Discord
CVE-2025-0730 (A vulnerability classified as problematic has been found in TP-Link TL ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-0729 (A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Re ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-0696 (A NULL Pointer Dereferencevulnerability in Cesanta Frozen versions les ...)
TODO: check
CVE-2025-0695 (An Allocation of Resources Without Limits orThrottling vulnerability i ...)
TODO: check
CVE-2024-57595 (DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: DLINK
CVE-2024-57590 (TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vul ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2024-57276 (In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service c ...)
- TODO: check
+ NOT-FOR-US: Electronic Arts Dragon Age Origins
CVE-2024-57272 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnera ...)
- TODO: check
+ NOT-FOR-US: SecuSTATION Camera
CVE-2024-56972 (An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attacker ...)
- TODO: check
+ NOT-FOR-US: Midea Home
CVE-2024-56971 (An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technolog ...)
- TODO: check
+ NOT-FOR-US: Shuqi Novel
CVE-2024-56969 (An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7. ...)
- TODO: check
+ NOT-FOR-US: BeautyPlus
CVE-2024-56968 (An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 a ...)
- TODO: check
+ NOT-FOR-US: Govee Home
CVE-2024-56967 (An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.2 ...)
- TODO: check
+ NOT-FOR-US: PolyBuzz
CVE-2024-56966 (An issue in Shanghai Xuan Ting Entertainment Information & Technology ...)
- TODO: check
+ NOT-FOR-US: Qidian Reader
CVE-2024-56965 (An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS ...)
- TODO: check
+ NOT-FOR-US: Shihuo
CVE-2024-56964 (An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guaz ...)
- TODO: check
+ NOT-FOR-US: Guazi Used Car
CVE-2024-56963 (An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input ...)
- TODO: check
+ NOT-FOR-US: Sogou Input
CVE-2024-56962 (An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 ...)
- TODO: check
+ NOT-FOR-US: WeSing
CVE-2024-56960 (An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdi ...)
- TODO: check
+ NOT-FOR-US: BeiKe Holdings
CVE-2024-56959 (An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows ...)
- TODO: check
+ NOT-FOR-US: Anyihua
CVE-2024-56957 (An issue in Kingsoft Office Software Corporation Limited WPS Office iO ...)
- TODO: check
+ NOT-FOR-US: Kingsoft Office Software Corporation Limited WPS Office
CVE-2024-56955 (An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6 ...)
- TODO: check
+ NOT-FOR-US: QQMail
CVE-2024-56954 (An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Vi ...)
- TODO: check
+ NOT-FOR-US: Haokan Video
CVE-2024-56953 (An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12. ...)
- TODO: check
+ NOT-FOR-US: Baidu Input Method (iOS version)
CVE-2024-56952 (An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lit ...)
- TODO: check
+ NOT-FOR-US: Baidu Lite
CVE-2024-56951 (An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.1 ...)
- TODO: check
+ NOT-FOR-US: UU Game Booster
CVE-2024-56950 (An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows ...)
- TODO: check
+ NOT-FOR-US: KuGou Concept
CVE-2024-56949 (An issue in Guangzhou Polar Future Culture Technology Co., Ltd Univers ...)
- TODO: check
+ NOT-FOR-US: University Search
CVE-2024-56948 (An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows at ...)
- TODO: check
+ NOT-FOR-US: KuGou Music
CVE-2024-56947 (An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 a ...)
- TODO: check
+ NOT-FOR-US: BeautyCam
CVE-2024-55931 (Xerox Workplace Suite stores tokens in session storage, which may expo ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55228 (A cross-site scripting (XSS) vulnerability in the Product module of Do ...)
TODO: check
CVE-2024-55227 (A cross-site scripting (XSS) vulnerability in the Events/Agenda module ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c079c1b6848f6dba005bbec20d75ca1a2e227f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c079c1b6848f6dba005bbec20d75ca1a2e227f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250127/a343adce/attachment.htm>
More information about the debian-security-tracker-commits
mailing list