Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0924b4d2 by Salvatore Bonaccorso at 2025-01-08T09:34:59+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,125 +1,125 @@
CVE-2025-22215 (VMware Aria Automation contains a server-side request forgery
(SSRF) v ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22133 (WeGIA is a web manager for charitable institutions. Prior to
3.2.8, a ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22132 (WeGIA is a web manager for charitable institutions. A
Cross-Site Scrip ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-21603 (Cross-site scripting vulnerability exists in MZK-DP300N
firmware versi ...)
- TODO: check
+ NOT-FOR-US: MZK-DP300N firmware
CVE-2024-9673 (The Piotnet Addons For Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8002 (A vulnerability has been found in VIWIS LMS 9.11 and classified
as pro ...)
TODO: check
CVE-2024-56456 (Vulnerability of input parameters not being verified during
glTF model ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56455 (Vulnerability of input parameters not being verified during
glTF model ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56454 (Vulnerability of input parameters not being verified during
glTF model ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56453 (Vulnerability of input parameters not being verified during
glTF model ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56452 (Vulnerability of input parameters not being verified during
glTF model ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56451 (Integer overflow vulnerability during glTF model loading in
the 3D eng ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56450 (Buffer overflow vulnerability in the component driver module
Impact: S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56449 (Privilege escalation vulnerability in the Account module
Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56448 (Vulnerability of improper access control in the home screen
widget mod ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56447 (Vulnerability of improper permission control in the window
management ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56446 (Vulnerability of variables not being initialized in the
notification m ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56445 (Instruction authentication bypass vulnerability in the
Findnetwork mod ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56444 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56443 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56442 (Vulnerability of native APIs not being implemented in the NFC
service ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56441 (Race condition vulnerability in the Bastet module Impact:
Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56440 (Permission control vulnerability in the Connectivity module
Impact: Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56439 (Access control vulnerability in the identity authentication
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56438 (Vulnerability of improper memory address protection in the
HUKS module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56437 (Vulnerability of input parameters not being verified in the
widget fra ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56436 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56435 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-56434 (UAF vulnerability in the device node access module Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-55356
REJECTED
CVE-2024-55355
REJECTED
CVE-2024-54731 (cpdf through 2.8 allows stack consumption via a crafted PDF
document.)
- TODO: check
+ NOT-FOR-US: cpdf
CVE-2024-54121 (Startup control vulnerability in the ability module Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54120 (Race condition vulnerability in the distributed notification
module Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-50603 (An issue was discovered in Aviatrix Controller before 7.1.4191
and 7.2 ...)
- TODO: check
+ NOT-FOR-US: Aviatrix
CVE-2024-47934 (Improper Input Validation vulnerability in Management Program
in TXOne ...)
- TODO: check
+ NOT-FOR-US: TXOne
CVE-2024-47239 (Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain
an unco ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-40679 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
NOT-FOR-US: IBM
CVE-2024-13173 (The health module has insufficient restrictions on loading
URLs, which ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2024-12852 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12851 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12713 (The SureForms \u2013 Drag and Drop Form Builder for WordPress
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12585 (The Property Hive WordPress plugin before 2.1.1 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12584 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE
plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12521 (The Slotti Ajanvaraus plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12205 (The Themesflat Addons For Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12112 (The Easy Form Builder \u2013 WordPress plugin form builder:
contact fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12045 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks,
Patterns & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12030 (The MDTF \u2013 Meta Data and Taxonomies Filter plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11916 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11816 (The Ultimate WordPress Toolkit \u2013 WP Extended plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11635 (The WordPress File Upload plugin for WordPress is vulnerable
to Remote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11613 (The WordPress File Upload plugin for WordPress is vulnerable
to Remote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11271 (The WordPress Webinar Plugin \u2013 WebinarPress plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11270 (The WordPress Webinar Plugin \u2013 WebinarPress plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10585 (The InfiniteWP Client plugin for WordPress is vulnerable to
Path Trave ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10541
REJECTED
CVE-2024-10151 (The Auto iFrame WordPress plugin before 2.0 does not validate
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52955 (Vulnerability of improper authentication in the ANS system
service mod ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52954 (Vulnerability of improper permission control in the Gallery
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52953 (Path traversal vulnerability in the Medialibrary module
Impact: Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-0291
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -189644,7 +189644,7 @@ CVE-2022-41574 (An access-control vulnerability in
Gradle Enterprise 2022.4 thro
CVE-2022-41573 (An issue was discovered in Ovidentia 8.3. The file upload
feature does ...)
TODO: check
CVE-2022-41572 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
Privile ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2022-41571 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
Local f ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2022-41570 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
Unauthe ...)
@@ -300997,7 +300997,7 @@ CVE-2021-27287
CVE-2021-27286
RESERVED
CVE-2021-27285 (An issue was discovered in Inspur ClusterEngine v4.0 that
allows attac ...)
- TODO: check
+ NOT-FOR-US: Inspur ClusterEngine
CVE-2021-27284
RESERVED
CVE-2021-27283
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0924b4d215a8954d0bd3e52782b84bf0e47ba7ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0924b4d215a8954d0bd3e52782b84bf0e47ba7ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
