[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 30 21:59:49 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25bd04cc by Salvatore Bonaccorso at 2025-01-30T22:59:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-24883 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
- golang-github-go-ethereum <itp> (bug #890541)
CVE-2025-24802 (Plonky2 is a SNARK implementation based on techniques from PLONK and F ...)
- TODO: check
+ NOT-FOR-US: Plonky2
CVE-2025-24784 (kubewarden-controller is a Kubernetes controller that allows you to dy ...)
- TODO: check
+ NOT-FOR-US: kubewarden-controller
CVE-2025-24507 (This vulnerability allows appliance compromise at boot time.)
TODO: check
CVE-2025-24506 (A specific authentication strategy allows to learn ids of PAM users as ...)
@@ -21,197 +21,197 @@ CVE-2025-24501 (An improper input validation allows an unauthenticated attacker
CVE-2025-24500 (The vulnerability allows an unauthenticated attacker to access informa ...)
TODO: check
CVE-2025-24376 (kubewarden-controller is a Kubernetes controller that allows you to dy ...)
- TODO: check
+ NOT-FOR-US: kubewarden-controller
CVE-2025-24099 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-23367 (A flaw was found in the Wildfly Server Role Based Access Control (RBAC ...)
TODO: check
CVE-2025-23216 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2025-23007 (A vulnerability in the NetExtender Windows client log export function ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-22222 (VMware Aria Operations contains an information disclosure vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22221 (VMware Aria Operation for Logs contains a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22220 (VMware Aria Operations for Logs contains a privilege escalationvulnera ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22219 (VMware Aria Operations for Logs contains a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22218 (VMware Aria Operations for Logs contains an information disclosure vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-21107 (Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-0874 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Simple Plugins Car Rental Management
CVE-2025-0873 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2025-0872 (A vulnerability classified as critical has been found in itsourcecode ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2025-0871 (A vulnerability classified as problematic has been found in Maybecms 1 ...)
- TODO: check
+ NOT-FOR-US: Maybecms
CVE-2025-0870 (A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2025-0869 (A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has ...)
- TODO: check
+ NOT-FOR-US: Cianet ONU GW24AC
CVE-2025-0861 (The VR-Frases (collect & share quotes) plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0860 (The VR-Frases (collect & share quotes) plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0834 (Privilege escalation vulnerability has been found in Wondershare Dr.Fo ...)
- TODO: check
+ NOT-FOR-US: Wondershare Dr.Fone
CVE-2025-0747 (A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0746 (A Reflected Cross-Site Scripting vulnerability has been found in Embed ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0745 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0744 (an Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0743 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0742 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0741 (An Improper Access Control vulnerability has been found in EmbedAI 2 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0740 (An Improper Access Control vulnerability has been found in EmbedAI 2 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0739 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0683 (In its default configuration, the affected product transmits plain-tex ...)
- TODO: check
+ NOT-FOR-US: Contec Health
CVE-2025-0681 (The Cloud MQTT service of the affected products supports wildcard topi ...)
- TODO: check
+ NOT-FOR-US: New Rock Technologies
CVE-2025-0680 (Affected products contain a vulnerability in the device cloud rpc comm ...)
- TODO: check
+ NOT-FOR-US: New Rock Technologies
CVE-2025-0626 (The affected product sends out remote access requests to a hard-coded ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2025-0498 (A data exposure vulnerability exists in all versions prior to V15.00.0 ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-0497 (A data exposure vulnerability exists in all versions prior to V15.00.0 ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-0477 (An encryption vulnerability exists in all versions prior to V15.00.001 ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-0367 (In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2025-0147 (Type confusion in the Zoom Workplace App for Linux before 6.2.10 may a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0146 (Symlink following in the installer for Zoom Workplace App for macOS be ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0145 (Untrusted search path in the installer for some Zoom Workplace Apps fo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0144 (Out-of-bounds write in some Zoom Workplace Apps may allow an authorize ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0143 (Out-of-bounds write in the Zoom Workplace App for Linux before version ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0142 (Cleartext storage of sensitive information in the Zoom Jenkins Marketp ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-8494 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55417 (DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the f ...)
- TODO: check
+ NOT-FOR-US: DevDojo Voyager
CVE-2024-55416 (DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS v ...)
- TODO: check
+ NOT-FOR-US: DevDojo Voyager
CVE-2024-55415 (DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the / ...)
- TODO: check
+ NOT-FOR-US: DevDojo Voyager
CVE-2024-53615 (A command injection vulnerability in the video thumbnail rendering com ...)
- TODO: check
+ NOT-FOR-US: Karl Ward's files.gallery
CVE-2024-44142 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-2658 (A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior ...)
- TODO: check
+ NOT-FOR-US: FlexNet Publisher
CVE-2024-13758 (The CP Contact Form with PayPal plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13742 (The iControlWP \u2013 Multiple WordPress Site Manager plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13732 (The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13720 (The WP Image Uploader plugin for WordPress is vulnerable to arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13715 (The zStore Manager Basic plugin for WordPress is vulnerable to unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13707 (The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13706 (The WP Image Uploader plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13705 (The StageShow plugin for WordPress is vulnerable to Reflected Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13700 (The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13694 (The WooCommerce Wishlist (High customization, fast setup,Free Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13671 (The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13670 (The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13664 (The WP Post List Table plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13661 (The Table Editor plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13652 (The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13646 (The Single-user-chat plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13596 (The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13549 (The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13512 (The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13466 (The Automatically Hierarchic Categories in Menu plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13460 (The WE \u2013 Testimonial Slider plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13453 (The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13400 (The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13380 (The Alex Reservations: Smart Restaurant Booking plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13349 (The Stockdio Historical Chart plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12861 (The W2S \u2013 Migrate WooCommerce to Shopify plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12822 (The Media Manager for UserPro plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12821 (The Media Manager for UserPro plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12524 (The Clinked Client Portal plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12451 (The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12444 (The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12409 (The Simple:Press Forum plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12320 (The Team Rosters plugin for WordPress is vulnerable to Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12299 (The System Dashboard plugin for WordPress is vulnerable to Reflected C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12269 (The Safe Ai Malware Protection for WP plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12248 (The affected product is vulnerable to an out-of-bounds write, which co ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2024-12177 (The Ai Image Alt Text Generator for WP plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12129 (The Royal Core plugin for WordPress is vulnerable to unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12102 (The Typer Core plugin for WordPress is vulnerable to Information Expos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11600 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11583 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10847 (The Storely theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10604 (Vulnerabilities in the algorithms used by Fuchsia to populate network ...)
- TODO: check
+ NOT-FOR-US: Fuchsia
CVE-2024-10603 (Weaknesses in the generation of TCP/UDP source ports and some other he ...)
- TODO: check
+ NOT-FOR-US: gVisor
CVE-2024-10591 (The MWB HubSpot for WooCommerce \u2013 CRM, Abandoned Cart, Email Mark ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10026 (A weak hashing algorithm and small sizes of seeds/secrets in Google's ...)
- TODO: check
+ NOT-FOR-US: gVisor
CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation requests to th ...)
NOT-FOR-US: kube-audit-rest
CVE-2025-24795 (The Snowflake Connector for Python provides an interface for developin ...)
@@ -151997,7 +151997,7 @@ CVE-2023-29082
CVE-2023-29081 (A vulnerability has been reported in Suite Setups built with versions ...)
NOT-FOR-US: InstallShield
CVE-2023-29080 (Potential privilege escalation vulnerability in Revenera InstallShield ...)
- TODO: check
+ NOT-FOR-US: Revenera
CVE-2023-29079
REJECTED
CVE-2023-29078
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25bd04cc8bdb5caf3a0e7910de3c6e14c557343f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25bd04cc8bdb5caf3a0e7910de3c6e14c557343f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250130/f1d5752f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list