Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
21afe046 by Salvatore Bonaccorso at 2025-01-28T09:44:53+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-24810 (Cross-site scripting vulnerability exists in Simple Image
Sizes 3.2.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24369 (Anubis is a tool that allows administrators to protect bots
against AI ...)
TODO: check
CVE-2025-24177 (A null pointer dereference was addressed with improved input
validatio ...)
@@ -131,27 +131,27 @@ CVE-2025-24085 (A use after free issue was addressed with
improved memory manage
CVE-2025-22865 (Using ParsePKCS1PrivateKey to parse a RSA key that is missing
the CRT ...)
TODO: check
CVE-2025-0753 (A vulnerability classified as critical was found in Axiomatic
Bento4 u ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2025-0321 (The ElementsKit Pro plugin for WordPress is vulnerable to
DOM-Based St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57549 (CMSimple 5.16 allows the user to read cms source code through
manipula ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-57548 (CMSimple 5.16 allows the user to edit log.php file via print
page.)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-57547 (Insecure Permissions vulnerability in CMSimple v.5.16 allows a
remote ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-57546 (An issue in CMSimple v.5.16 allows a remote attacker to obtain
sensiti ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-57373 (Cross Site Request Forgery vulnerability in LifestyleStore
v.1.0 allow ...)
- TODO: check
+ NOT-FOR-US: LifestyleStore
CVE-2024-57052 (An issue in youdiancms v.9.5.20 and before allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: youdiancms
CVE-2024-56316 (In AXESS ACS (Auto Configuration Server) through 5.2.0,
unsanitized us ...)
- TODO: check
+ NOT-FOR-US: AXESS ACS (Auto Configuration Server)
CVE-2024-56178 (An issue was discovered in Couchbase Server 7.6.x through
7.6.3. A use ...)
TODO: check
CVE-2024-54728 (Incorrect access control in BYD QIN PLUS DM-i Dilink OS
3.0_13.1.7.220 ...)
- TODO: check
+ NOT-FOR-US: BYD QIN PLUS DM-i Dilink OS
CVE-2024-54557 (A logic issue was addressed with improved restrictions. This
issue is ...)
TODO: check
CVE-2024-54550 (This issue was addressed with improved redaction of sensitive
informat ...)
@@ -207,9 +207,9 @@ CVE-2024-54475 (A privacy issue was addressed with improved
private data redacti
CVE-2024-54468 (The issue was addressed with improved checks. This issue is
fixed in m ...)
TODO: check
CVE-2024-53881 (NVIDIA vGPU software contains a vulnerability in the host
driver, wher ...)
- TODO: check
+ NOT-FOR-US: NVIDIA vGPU software
CVE-2024-48662 (Cross Site Scripting vulnerability in AdGuard Application
v.7.18.1 (47 ...)
- TODO: check
+ NOT-FOR-US: AdGuard Application
CVE-2024-45340 (Credentials provided via the new GOAUTH feature were not being
properl ...)
TODO: check
CVE-2024-45339 (When logs are written to a widely-writable directory (the
default), an ...)
@@ -225,15 +225,15 @@ CVE-2024-27263 (IBM Sterling B2B Integrator 6.0.0.0
through 6.1.2.5 and 6.2.0.0
CVE-2024-22315 (IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is
vulnerable to ins ...)
NOT-FOR-US: IBM
CVE-2024-13521 (The MailUp Auto Subscription plugin for WordPress is
vulnerable to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13509 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13448 (The ThemeREX Addons plugin for WordPress is vulnerable to
arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12807 (The Social Share Buttons for WordPress plugin through 2.7 does
not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12723 (The Infility Global WordPress plugin through 2.9.8 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12649 (Buffer overflow in XPS data font processing of Small Office
Multifunct ...)
TODO: check
CVE-2024-12648 (Buffer overflow in TIFF data EXIF tag processing of Small
Office Multi ...)
@@ -241,17 +241,17 @@ CVE-2024-12648 (Buffer overflow in TIFF data EXIF tag
processing of Small Office
CVE-2024-12647 (Buffer overflow in CPCA font download processing of Small
Office Multi ...)
TODO: check
CVE-2024-11135 (The Eventer plugin for WordPress is vulnerable to SQL
Injection via th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0146 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA vGPU software
CVE-2024-0140 (NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where
a user ...)
TODO: check
CVE-2024-0137 (NVIDIA Container Toolkit contains an improper isolation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Container Toolkit
CVE-2024-0136 (NVIDIA Container Toolkit contains an improper isolation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Container Toolkit
CVE-2024-0135 (NVIDIA Container Toolkit contains an improper isolation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Container Toolkit
CVE-2023-50316 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and
6.2.0.0 throug ...)
NOT-FOR-US: IBM
CVE-2025-0754
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21afe0463483a3f85207abc8b5d83d023ccfc9d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21afe0463483a3f85207abc8b5d83d023ccfc9d1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
