[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 4 20:41:49 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
575ed834 by Salvatore Bonaccorso at 2025-03-04T21:41:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,23 +23,23 @@ CVE-2025-27111 (Rack is a modular Ruby web server interface. The Rack::Sendfile
 	NOTE: Fixed by: https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53 (v3.0.13)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b (v3.1.11)
 CVE-2025-26849 (There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, a ...)
-	TODO: check
+	NOT-FOR-US: Docusnap
 CVE-2025-26320 (t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command  ...)
-	TODO: check
+	NOT-FOR-US: t0mer BroadlinkManager
 CVE-2025-26202 (Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passph ...)
-	TODO: check
+	NOT-FOR-US: DZS Router Web Interface
 CVE-2025-26182 (An issue in xxyopen novel plus v.4.4.0 and before allows a remote atta ...)
-	TODO: check
+	NOT-FOR-US: xxyopen novel plus
 CVE-2025-26091 (A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManag ...)
-	TODO: check
+	NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
 CVE-2025-23368 (A flaw was found in Wildfly Elytron integration. The component does no ...)
 	TODO: check
 CVE-2025-22226 (VMware ESXi, Workstation, and Fusion containan information disclosure  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-22225 (VMware ESXi contains an arbitrary writevulnerability.A malicious actor ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-22224 (VMware ESXi, and Workstationcontain a TOCTOU (Time-of-Check Time-of-Us ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-1969 (Improper request input validation in Temporary Elevated Access Managem ...)
 	TODO: check
 CVE-2025-1953 (A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as  ...)
@@ -47,17 +47,17 @@ CVE-2025-1953 (A vulnerability has been found in vLLM AIBrix 0.2.0 and classifie
 CVE-2025-1952 (A vulnerability, which was classified as critical, was found in PHPGur ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-1949 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2025-1947 (A vulnerability classified as critical has been found in hzmanyun Educ ...)
-	TODO: check
+	NOT-FOR-US: hzmanyun Education and Training System
 CVE-2025-1946 (A vulnerability was found in hzmanyun Education and Training System 2. ...)
-	TODO: check
+	NOT-FOR-US: hzmanyun Education and Training System
 CVE-2025-1925 (A vulnerability classified as problematic was found in Open5GS up to 2 ...)
 	TODO: check
 CVE-2025-1425 (A Sudo privilege misconfiguration vulnerability in PocketBook InkPad C ...)
-	TODO: check
+	NOT-FOR-US: PocketBook InkPad Color
 CVE-2025-1424 (A privilege escalation vulnerability in PocketBook InkPad Color 3 allo ...)
-	TODO: check
+	NOT-FOR-US: PocketBook InkPad Color
 CVE-2025-1260 (On affected platforms running Arista EOS with OpenConfig configured, a ...)
 	NOT-FOR-US: Arista Networks
 CVE-2025-1259 (On affected platforms running Arista EOS with OpenConfig configured, a ...)
@@ -76,15 +76,15 @@ CVE-2025-0370 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for Wo
 CVE-2024-9618 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9149 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Wind Media E-Commerce Website Template
 CVE-2024-50707 (Unauthenticated remote code execution vulnerability in Uniguest Triple ...)
-	TODO: check
+	NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-50706 (Unauthenticated SQL injection vulnerability in Uniguest Tripleplay bef ...)
-	TODO: check
+	NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-50705 (Unauthenticated reflected cross-site scripting (XSS) vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-50704 (Unauthenticated remote code execution vulnerability in Uniguest Triple ...)
-	TODO: check
+	NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-41147 (An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_ ...)
 	TODO: check
 CVE-2024-13724 (The Wallet System for WooCommerce \u2013 Wallet, Wallet Cashback, Refu ...)
@@ -287,25 +287,25 @@ CVE-2025-0360 (During an annual penetration test conducted on behalf of Axis Com
 CVE-2025-0359 (During an annual penetration test conducted on behalf of Axis Communic ...)
 	NOT-FOR-US: Axis Communication
 CVE-2024-58050 (Vulnerability of improper access permission in the HDC module Impact:  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-58049 (Permission verification vulnerability in the media library module Impa ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-58048 (Multi-thread problem vulnerability in the package management module Im ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-58047 (Permission verification vulnerability in the media library module Impa ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-58046 (Permission management vulnerability in the lock screen module Impact:  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-58045 (Multi-concurrency vulnerability in the media digital copyright protect ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-58044 (Permission verification bypass vulnerability in the notification modul ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-58043 (Permission bypass vulnerability in the window module Impact: Successfu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-55064 (Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC Net ...)
 	TODO: check
 CVE-2024-48248 (NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path t ...)
-	TODO: check
+	NOT-FOR-US: NAKIVO Backup & Replication
 CVE-2024-47262 (Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has foun ...)
 	NOT-FOR-US: Axis Communication
 CVE-2024-47260 (51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the  ...)
@@ -791,27 +791,27 @@ CVE-2024-53032 (Memory corruption may occur in keyboard virtual device due to gu
 CVE-2024-53031 (Memory corruption while reading a type value from a buffer controlled  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2024-53030 (Memory corruption while processing input message passed from FE driver ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53029 (Memory corruption while reading a value from a buffer controlled by th ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53028 (Memory corruption may occur while processing message from frontend dur ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53027 (Transient DOS may occur while processing the country IE.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53025 (Transient DOS can occur while processing UCI command.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53024 (Memory corruption in display driver while detaching a device.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53023 (Memory corruption may occur while accessing a variable during extended ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53022 (Memory corruption may occur during communication between primary and g ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53014 (Memory corruption may occur while validating  ports and channels in Au ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53012 (Memory corruption may occur due to improper input validation in clock  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-53011 (Information disclosure may occur due to improper permission and access ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-51966 (There is a path traversal vulnerability in ESRI ArcGIS Server versions ...)
 	NOT-FOR-US: Esri
 CVE-2024-51963 (There is a stored Cross-site Scripting vulnerability in ArcGIS Server  ...)
@@ -857,7 +857,7 @@ CVE-2024-51942 (There is a stored Cross-site Scripting vulnerability in ArcGIS S
 CVE-2024-51091 (Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote at ...)
 	TODO: check
 CVE-2024-49836 (Memory corruption may occur during the synchronization of the camera`s ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-47092 (Insecure deserialization and improper certificate validation in Checkm ...)
 	TODO: check
 CVE-2024-45580 (Memory corruption while handling multuple IOCTL calls from userspace f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/575ed834611654eb685e7a15fccbea151c5444ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/575ed834611654eb685e7a15fccbea151c5444ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250304/f03eadbb/attachment.htm>

More information about the debian-security-tracker-commits mailing list