[Git][security-tracker-team/security-tracker][master] Associate some NFUs with node-vite, itp'ed

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 24 20:33:42 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8fa0166c by Salvatore Bonaccorso at 2025-03-24T21:32:26+01:00
Associate some NFUs with node-vite, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19877,7 +19877,7 @@ CVE-2025-24337 (WriteFreely through 0.15.1, when MySQL is used, allows local use
 CVE-2025-24013 (CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgn ...)
 	- codeigniter <itp> (bug #471583)
 CVE-2025-24010 (Vite is a frontend tooling framework for javascript. Vite allowed any  ...)
-	NOT-FOR-US: Vite
+	- node-vite <itp> (bug #1053782)
 CVE-2025-23221 (Fedify is a TypeScript library for building federated server apps powe ...)
 	NOT-FOR-US: Fedify
 CVE-2025-23220 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
@@ -55513,9 +55513,9 @@ CVE-2024-46362 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Fo
 CVE-2024-46085 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
 	NOT-FOR-US: FrogCMS
 CVE-2024-45812 (Vite a frontend build tooling framework for javascript. Affected versi ...)
-	NOT-FOR-US: Vite
+	- node-vite <itp> (bug #1053782)
 CVE-2024-45811 (Vite a frontend build tooling framework for javascript. In affected ve ...)
-	NOT-FOR-US: Vite
+	- node-vite <itp> (bug #1053782)
 CVE-2024-45804
 	REJECTED
 CVE-2024-45803 (Wire UI is a library of components and resources to empower Laravel an ...)
@@ -123316,7 +123316,7 @@ CVE-2023-47024 (Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.
 CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth  ...)
 	NOT-FOR-US: POPS! Rebel
 CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite dev serv ...)
-	NOT-FOR-US: Vite
+	- node-vite <itp> (bug #1053782)
 CVE-2024-23329 (changedetection.io is an open source tool designed to monitor websites ...)
 	NOT-FOR-US: changedetection.io
 CVE-2024-22957 (swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnera ...)
@@ -132523,7 +132523,7 @@ CVE-2023-5105 (The Frontend File Manager Plugin WordPress plugin before 22.6 has
 CVE-2023-4460 (The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML transformation  ...)
-	NOT-FOR-US: Vite
+	- node-vite <itp> (bug #1053782)
 CVE-2023-49292 (ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1  ...)
 	NOT-FOR-US: ecies
 CVE-2023-49291 (tj-actions/branch-names is a Github action to retrieve branch or tag n ...)
@@ -159895,7 +159895,7 @@ CVE-2023-3035 (A vulnerability has been found in Guangdong Pythagorean OA Office
 CVE-2023-34339 (In JetBrains Ktor before 2.3.1 headers containing authentication data  ...)
 	NOT-FOR-US: JetBrains Ktor
 CVE-2023-34092 (Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5 ...)
-	NOT-FOR-US: Vite
+	- node-vite <itp> (bug #1053782)
 CVE-2023-34091 (Kyverno is a policy engine designed for Kubernetes. In versions of Kyv ...)
 	NOT-FOR-US: Kyverno
 CVE-2023-33965 (Brook is a cross-platform programmable network tool. The `tproxy` serv ...)
@@ -231894,7 +231894,7 @@ CVE-2022-35205 (An issue was discovered in Binutils readelf 2.38.50, reachable a
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5
 	NOTE: binutils not covered by security support
 CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers to perfor ...)
-	NOT-FOR-US: Vitejs Vite
+	- node-vite <itp> (bug #1053782)
 CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows unauthentic ...)
 	NOT-FOR-US: TrendNet TV-IP572PI
 CVE-2022-35202 (A security issue in Sitevision version 10.3.1 and older allows a remot ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fa0166cc41359f13670b765e6cb86235e752d64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fa0166cc41359f13670b765e6cb86235e752d64
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250324/d4eb436f/attachment.htm>

More information about the debian-security-tracker-commits mailing list