Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
946fd692 by Salvatore Bonaccorso at 2025-01-18T09:37:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,77 +1,77 @@
CVE-2025-23209 (Craft is a flexible, user-friendly CMS for creating custom
digital exp ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2025-23208 (zot is a production-ready vendor-neutral OCI image registry.
The group ...)
- TODO: check
+ NOT-FOR-US: zot
CVE-2025-23207 (KaTeX is a fast, easy-to-use JavaScript library for TeX math
rendering ...)
TODO: check
CVE-2025-23206 (The AWS Cloud Development Kit (AWS CDK) is an open-source
software dev ...)
- TODO: check
+ NOT-FOR-US: AWS Cloud Development Kit (AWS CDK)
CVE-2025-23205 (nbgrader is a system for assigning and grading notebooks.
Enabling fra ...)
- TODO: check
+ NOT-FOR-US: nbgrader
CVE-2025-23202 (Bible Module is a tool designed for ROBLOX developers to
integrate Bib ...)
- TODO: check
+ NOT-FOR-US: Bible Module
CVE-2025-23039 (Caido is a web security auditing toolkit. A Cross-Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Caido
CVE-2025-21606 (stats is a macOS system monitor in for the menu bar. The Stats
applica ...)
- TODO: check
+ NOT-FOR-US: stats macOS system mointor
CVE-2025-0554 (The Podlove Podcast Publisher plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0541 (A vulnerability was found in Codezips Gym Management System 1.0
and cl ...)
- TODO: check
+ NOT-FOR-US: Codezips Gym Management System
CVE-2025-0540 (A vulnerability has been found in itsourcecode Tailoring
Management Sy ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2025-0538 (A vulnerability, which was classified as problematic, was found
in cod ...)
- TODO: check
+ NOT-FOR-US: code-projects Tourism Management System
CVE-2025-0515 (The Buzz Club \u2013 Night Club, DJ and Music Festival Event
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0369 (The JetEngine plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0318 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0308 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9020 (The List category posts WordPress plugin before 0.90.3 does not
valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57252 (OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery
(SSRF) in / ...)
- TODO: check
+ NOT-FOR-US: OtCMS
CVE-2024-57035 (WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage
parameter ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-57033 (WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via
the dado ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-13519 (The MarketKing \u2014 Ultimate WooCommerce Multivendor
Marketplace Sol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13517 (The Easy Digital Downloads \u2013 eCommerce Payments and
Subscriptions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13516 (The Kubio AI Page Builder plugin for WordPress is vulnerable
to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13515 (The Image Source Control Lite \u2013 Show Image Credits and
Captions p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13433 (The Utilities for MTG plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13432 (The Webcamconsult plugin for WordPress is vulnerable to
Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13393 (The Video Share VOD \u2013 Turnkey Video Site Builder Script
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13392 (The Rate Star Review Vote \u2013 AJAX Reviews, Votes, Star
Ratings plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13391 (The MicroPayments \u2013 Fans Paysite: Paid Creator
Subscriptions, Dig ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13385 (The JSM Screenshot Machine Shortcode plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13317 (The ShipWorks Connector for Woocommerce plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12696 (The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo
List plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12385 (The WP Abstracts plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12071 (The Evergreen Content Poster \u2013 Auto Post and Schedule
Your Best C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11923 (Under certain log settings the IAM or CORE service will log
credential ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2023-50739 (Abuffer overflow vulnerability has been identified in the
Internet Pri ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2023-50738 (Anew feature to prevent Firmware downgrades was recently added
to some ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-21399 (Microsoft Edge (Chromium-based) Update Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
CVE-2025-21185 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
@@ -143,7 +143,7 @@ CVE-2024-13378 (The Gravity Forms plugin for WordPress is
vulnerable to Stored C
CVE-2024-13377 (The Gravity Forms plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13026 (A vulnerability exists in Algo Edge up to 2.1.1 - a previously
used (l ...)
- TODO: check
+ NOT-FOR-US: Algo Edge
CVE-2024-12757 (Nedap Librix Ecoreader is missing authentication for
critical functi ...)
NOT-FOR-US: Nedap Librix Ecoreader
CVE-2024-12703 (CWE-502: Deserialization of untrusted data vulnerability
exists that c ...)
@@ -490046,13 +490046,13 @@ CVE-2018-9465 (In task_get_unused_fd_flags of
binder.c, there is a possible memo
NOTE: Android drivers from staging not enabled in any released suite
NOTE:
https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1
CVE-2018-9464 (In multiple locations, there is a possible way to read
protected files ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there
is a pos ...)
NOT-FOR-US: Android
CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds
write du ...)
NOT-FOR-US: Android
CVE-2018-9461 (In onAttachFragment of ShareIntentActivity.java, there is a
possible w ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9460
RESERVED
CVE-2018-9459 (In Attachment of Attachment.java and getFilePath of
EmlAttachmentProvi ...)
@@ -490080,7 +490080,7 @@ CVE-2018-9449 (In process_service_search_attr_rsp of
sdp_discovery.cc, there is
CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out
of bou ...)
NOT-FOR-US: Android
CVE-2018-9447 (In onCreate of EmergencyCallbackModeExitDialog.java, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9446 (In smp_br_state_machine_event of smp_br_main.cc, there is a
possible o ...)
NOT-FOR-US: Android
CVE-2018-9445 (In readMetadata of Utils.cpp, there is a possible path
traversal bug d ...)
@@ -490168,9 +490168,9 @@ CVE-2018-9408 (In m3326_gps_write and m3326_gps_read
of gps.s, there is a possib
CVE-2018-9407 (In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information
Disclosure ...)
NOT-FOR-US: Android
CVE-2018-9406 (In NlpService, there is a possible way to obtain location
information ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9405 (In BnDmAgent::onTransact of dm_agent.cpp, there is a possible
out of b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9404 (In oemCallback of ril.cpp, there is a possible out of bounds
write due ...)
NOT-FOR-US: Android
CVE-2018-9403 (In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of
flp2hal_- i ...)
@@ -490178,7 +490178,7 @@ CVE-2018-9403 (In the
MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_-
CVE-2018-9402 (In multiple functions of gl_proc.c, there is a buffer overwrite
due to ...)
NOT-FOR-US: Android
CVE-2018-9401 (In many locations, there is a possible way to access kernel
memory in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9400 (In gt1x_debug_write_proc and gt1x_tool_write of
drivers/input/touc ...)
NOT-FOR-US: Android
CVE-2018-9399 (In /proc/driver/wmt_dbg driver, there are several possible out
of boun ...)
@@ -490206,7 +490206,7 @@ CVE-2018-9389 (In ip6_append_data of ip6_output.c,
there is a possible way to ac
CVE-2018-9388 (In store_upgrade and store_cmd of
drivers/input/touchscreen/stm/ftm4_p ...)
NOT-FOR-US: Android
CVE-2018-9387 (In multiple functions of mnh-sm.c, there is a possible way to
trigger ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9386 (In reboot_block_command of htc reboot_block driver, there is a
possibl ...)
NOT-FOR-US: Android
CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of
bounds w ...)
@@ -490216,17 +490216,17 @@ CVE-2018-9385 (In driver_override_store of bus.c,
there is a possible out of bou
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100491
NOTE: Related, but not the same as CVE-2018-9415
CVE-2018-9384 (In multiple locations, there is a possible way to bypass KASLR
due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9383 (In asn1_ber_decoder of asn1_decoder.c, there is a possible out
of boun ...)
TODO: check
CVE-2018-9382 (In multiple functions of WifiServiceImpl.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a
possibleinf ...)
NOT-FOR-US: Android
CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of
bounds w ...)
NOT-FOR-US: Android
CVE-2018-9379 (In multiple functions of MiniThumbFile.java, there is a
possible way t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9378
RESERVED
CVE-2018-9377 (In getIntentForIntentSender of ActivityManagerService.java,
there is a ...)
@@ -490234,7 +490234,7 @@ CVE-2018-9377 (In getIntentForIntentSender of
ActivityManagerService.java, there
CVE-2018-9376 (In rpc_msg_handler and related handlers
ofdrivers/misc/mediatek/eccci/ ...)
NOT-FOR-US: Android
CVE-2018-9375 (In multiple functions of UserDictionaryProvider.java, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9374 (In installPackageLI of PackageManagerService.java, there is a
possible ...)
NOT-FOR-US: Android
CVE-2018-9373
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946fd692adb30d7e3123e3da8b4013b1348a87cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946fd692adb30d7e3123e3da8b4013b1348a87cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
