[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 28 08:45:13 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
21afe046 by Salvatore Bonaccorso at 2025-01-28T09:44:53+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-24810 (Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24369 (Anubis is a tool that allows administrators to protect bots against AI ...)
TODO: check
CVE-2025-24177 (A null pointer dereference was addressed with improved input validatio ...)
@@ -131,27 +131,27 @@ CVE-2025-24085 (A use after free issue was addressed with improved memory manage
CVE-2025-22865 (Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT ...)
TODO: check
CVE-2025-0753 (A vulnerability classified as critical was found in Axiomatic Bento4 u ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2025-0321 (The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57549 (CMSimple 5.16 allows the user to read cms source code through manipula ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-57548 (CMSimple 5.16 allows the user to edit log.php file via print page.)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-57547 (Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-57546 (An issue in CMSimple v.5.16 allows a remote attacker to obtain sensiti ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-57373 (Cross Site Request Forgery vulnerability in LifestyleStore v.1.0 allow ...)
- TODO: check
+ NOT-FOR-US: LifestyleStore
CVE-2024-57052 (An issue in youdiancms v.9.5.20 and before allows a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: youdiancms
CVE-2024-56316 (In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized us ...)
- TODO: check
+ NOT-FOR-US: AXESS ACS (Auto Configuration Server)
CVE-2024-56178 (An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A use ...)
TODO: check
CVE-2024-54728 (Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.220 ...)
- TODO: check
+ NOT-FOR-US: BYD QIN PLUS DM-i Dilink OS
CVE-2024-54557 (A logic issue was addressed with improved restrictions. This issue is ...)
TODO: check
CVE-2024-54550 (This issue was addressed with improved redaction of sensitive informat ...)
@@ -207,9 +207,9 @@ CVE-2024-54475 (A privacy issue was addressed with improved private data redacti
CVE-2024-54468 (The issue was addressed with improved checks. This issue is fixed in m ...)
TODO: check
CVE-2024-53881 (NVIDIA vGPU software contains a vulnerability in the host driver, wher ...)
- TODO: check
+ NOT-FOR-US: NVIDIA vGPU software
CVE-2024-48662 (Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (47 ...)
- TODO: check
+ NOT-FOR-US: AdGuard Application
CVE-2024-45340 (Credentials provided via the new GOAUTH feature were not being properl ...)
TODO: check
CVE-2024-45339 (When logs are written to a widely-writable directory (the default), an ...)
@@ -225,15 +225,15 @@ CVE-2024-27263 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0
CVE-2024-22315 (IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to ins ...)
NOT-FOR-US: IBM
CVE-2024-13521 (The MailUp Auto Subscription plugin for WordPress is vulnerable to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13509 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13448 (The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12807 (The Social Share Buttons for WordPress plugin through 2.7 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12723 (The Infility Global WordPress plugin through 2.9.8 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12649 (Buffer overflow in XPS data font processing of Small Office Multifunct ...)
TODO: check
CVE-2024-12648 (Buffer overflow in TIFF data EXIF tag processing of Small Office Multi ...)
@@ -241,17 +241,17 @@ CVE-2024-12648 (Buffer overflow in TIFF data EXIF tag processing of Small Office
CVE-2024-12647 (Buffer overflow in CPCA font download processing of Small Office Multi ...)
TODO: check
CVE-2024-11135 (The Eventer plugin for WordPress is vulnerable to SQL Injection via th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0146 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA vGPU software
CVE-2024-0140 (NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user ...)
TODO: check
CVE-2024-0137 (NVIDIA Container Toolkit contains an improper isolation vulnerability ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Container Toolkit
CVE-2024-0136 (NVIDIA Container Toolkit contains an improper isolation vulnerability ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Container Toolkit
CVE-2024-0135 (NVIDIA Container Toolkit contains an improper isolation vulnerability ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Container Toolkit
CVE-2023-50316 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
NOT-FOR-US: IBM
CVE-2025-0754
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21afe0463483a3f85207abc8b5d83d023ccfc9d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21afe0463483a3f85207abc8b5d83d023ccfc9d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250128/e0c92b03/attachment.htm>
More information about the debian-security-tracker-commits
mailing list