[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 3 21:38:08 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99017761 by Salvatore Bonaccorso at 2025-03-03T22:37:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -112,7 +112,7 @@ CVE-2025-25301 (Rembg is a tool to remove images background. In Rembg 2.0.57 and
 CVE-2025-25280 (Buffer overflow vulnerability exists in FutureNet AS series (Industria ...)
 	NOT-FOR-US: Century Systems
 CVE-2025-25185 (GPT Academic provides interactive interfaces for large language models ...)
-	TODO: check
+	NOT-FOR-US: GPT Academic
 CVE-2025-25170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-25169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -393,9 +393,9 @@ CVE-2025-23433 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-23425 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-21424 (Memory corruption while calling the NPU driver APIs concurrently.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-1889 (picklescan before 0.0.22 only considers standard pickle file extension ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-1880 (A vulnerability was found in i-Drive i11 and i12 up to 20250227. It ha ...)
 	NOT-FOR-US: i-Drive
 CVE-2025-1879 (A vulnerability was found in i-Drive i11 and i12 up to 20250227 and cl ...)
@@ -421,9 +421,9 @@ CVE-2025-1870 (SQL injection vulnerability have been found in 101news affecting
 CVE-2025-1869 (SQL injection vulnerability have been found in 101news affecting versi ...)
 	NOT-FOR-US: 101news
 CVE-2025-1868 (Vulnerability of unauthorized exposure of confidential information aff ...)
-	TODO: check
+	NOT-FOR-US: Famatech
 CVE-2025-1867 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response S ...)
-	TODO: check
+	NOT-FOR-US: libhv
 CVE-2025-1866 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
 	TODO: check
 CVE-2025-1864 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
@@ -433,43 +433,43 @@ CVE-2025-1859 (A vulnerability, which was classified as critical, has been found
 CVE-2025-1858 (A vulnerability classified as critical was found in Codezips Online Sh ...)
 	NOT-FOR-US: Codezips Online Shopping Website
 CVE-2025-0289 (Paragon Partition Manager version 17, both community and Business vers ...)
-	TODO: check
+	NOT-FOR-US: Paragon Partition Manager
 CVE-2025-0288 (Paragon Partition Manager version 7.9.1 contains an arbitrary kernel m ...)
-	TODO: check
+	NOT-FOR-US: Paragon Partition Manager
 CVE-2025-0287 (Paragon Partition Manager version 7.9.1 contains a null pointer derefe ...)
-	TODO: check
+	NOT-FOR-US: Paragon Partition Manager
 CVE-2025-0286 (Paragon Partition Manager version 7.9.1 contains an arbitrary kernel m ...)
-	TODO: check
+	NOT-FOR-US: Paragon Partition Manager
 CVE-2025-0285 (Paragon Partition Manager version 7.9.1 contains an arbitrary kernel m ...)
-	TODO: check
+	NOT-FOR-US: Paragon Partition Manager
 CVE-2024-8262 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Proliz Software OBS
 CVE-2024-8261 (Authorization Bypass Through User-Controlled Key vulnerability in Prol ...)
-	TODO: check
+	NOT-FOR-US: Proliz Software OBS
 CVE-2024-5888 (There is a stored Cross-site Scripting vulnerability in ArcGIS Server  ...)
-	TODO: check
+	NOT-FOR-US: ArcGIS Server
 CVE-2024-57240 (A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine com ...)
-	TODO: check
+	NOT-FOR-US: Apryse WebViewer
 CVE-2024-55570 (/api/user/users in the web GUI for the Cubro EXA48200 network packet b ...)
-	TODO: check
+	NOT-FOR-US: Cubro EXA48200 network packet broker
 CVE-2024-55532 (Improper Neutralization of Formula Elements in Export CSV feature of A ...)
-	TODO: check
+	NOT-FOR-US: Apache Ranger
 CVE-2024-54179 (IBM Business Automation Workflow and IBM Business Automation Workflow  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-53388 (A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to exec ...)
-	TODO: check
+	NOT-FOR-US: mavo
 CVE-2024-53387 (A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: umeditor
 CVE-2024-53384 (A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to exec ...)
-	TODO: check
+	NOT-FOR-US: tsup
 CVE-2024-53034 (Memory corruption occurs during an Escape call if an invalid Kernel Mo ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53033 (Memory corruption while doing Escape call when user provides valid ker ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53032 (Memory corruption may occur in keyboard virtual device due to guest VM ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53031 (Memory corruption while reading a type value from a buffer controlled  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53030 (Memory corruption while processing input message passed from FE driver ...)
 	TODO: check
 CVE-2024-53029 (Memory corruption while reading a value from a buffer controlled by th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/990177617b483e4ab45bb983aea1a5cceb8e8c70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/990177617b483e4ab45bb983aea1a5cceb8e8c70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250303/12412262/attachment.htm>

More information about the debian-security-tracker-commits mailing list