Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9db89417 by Salvatore Bonaccorso at 2025-02-07T08:55:49+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,113 +11,113 @@ CVE-2025-24531 [Possible Authentication Bypass in Error
Situations]
CVE-2025-24981 (MDC is a tool to take regular Markdown and write documents
interacting ...)
TODO: check
CVE-2025-24787 (WhoDB is an open source database management tool. In affected
versions ...)
- TODO: check
+ NOT-FOR-US: WhoDB
CVE-2025-24786 (WhoDB is an open source database management tool. While the
applicatio ...)
- TODO: check
+ NOT-FOR-US: WhoDB
CVE-2025-23217 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy
for pen ...)
TODO: check
CVE-2025-22992 (A SQL Injection vulnerability exists in the /feed/insert.json
endpoint ...)
- TODO: check
+ NOT-FOR-US: Emoncms
CVE-2025-22936 (An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi
router SAM-4 ...)
- TODO: check
+ NOT-FOR-US: Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router
CVE-2025-22867 (On Darwin, building a Go module which contains CGO can trigger
arbitra ...)
TODO: check
CVE-2025-22866 (Due to the usage of a variable time instruction in the
assembly implem ...)
TODO: check
CVE-2025-1078 (A vulnerability has been found in AppHouseKitchen AlDente
Charge Limit ...)
- TODO: check
+ NOT-FOR-US: AppHouseKitchen AlDente Charge
CVE-2025-1076 (A Stored Cross-Site Scripting (Stored XSS) vulnerability has
been foun ...)
- TODO: check
+ NOT-FOR-US: Holded application
CVE-2025-1074 (A vulnerability, which was classified as problematic, was found
in Web ...)
- TODO: check
+ NOT-FOR-US: Webkul QloApps
CVE-2025-0994 (Trimble Cityworks versions prior to 15.8.9 and Cityworks with
office c ...)
- TODO: check
+ NOT-FOR-US: Trimble Cityworks
CVE-2025-0982 (Sandbox escape in the JavaScript Task feature of Google Cloud
Applicat ...)
TODO: check
CVE-2025-0859 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and
Drop Edit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57962 (Vulnerability of incomplete verification information in the
VPN servic ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57961 (Out-of-bounds write vulnerability in the emcom module Impact:
Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57960 (Input verification vulnerability in the
ExternalStorageProvider module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57959 (Use-After-Free (UAF) vulnerability in the display module
Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57958 (Out-of-bounds array read vulnerability in the FFRT module
Impact: Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57957 (Vulnerability of improper log information control in the UI
framework ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57956 (Out-of-bounds read vulnerability in the interpreter string
module Impa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57955 (Arbitrary write vulnerability in the Gallery module Impact:
Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57954 (Permission verification vulnerability in the media library
module Impa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-57673 (An issue in floodlight v1.2 allows a local attacker to cause a
denial ...)
TODO: check
CVE-2024-57672 (An issue in floodlight v1.2 allows a local attacker to cause a
denial ...)
TODO: check
CVE-2024-57668 (In Code-projects Shopping Portal v1.0, the insert-product.php
page has ...)
- TODO: check
+ NOT-FOR-US: Code-projects Shopping Portal
CVE-2024-57610 (A rate limiting issue in Sylius v2.0.2 allows a remote
attacker to per ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2024-57599 (Cross Site Scripting vulnerability in DouPHP v.1.8 Release
20231203 al ...)
- TODO: check
+ NOT-FOR-US: DouPHP
CVE-2024-57523 (Cross Site Request Forgery (CSRF) in Users.php in
SourceCodester Packe ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Packers and Movers Management System
CVE-2024-57430 (An SQL injection vulnerability in the pjActionGetUser function
of PHPJ ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2024-57429 (A cross-site request forgery (CSRF) vulnerability in the
pjActionUpdat ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2024-57428 (A stored cross-site scripting (XSS) vulnerability in
PHPJabbers Cinema ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2024-57427 (PHPJabbers Cinema Booking System v2.0 is vulnerable to
reflected cross ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2024-57426 (NetMod VPN Client 5.3.1 is vulnerable to DLL injection,
allowing an at ...)
- TODO: check
+ NOT-FOR-US: NetMod VPN Client
CVE-2024-52892 (IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is
vulnerable t ...)
NOT-FOR-US: IBM
CVE-2024-47258 (2N Access Commander version 2.1 and prior is vulnerable in
default set ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-47256 (Successful exploitation of this vulnerability could allow an
attacker ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-45626 (Apache James server JMAP HTML to text plain implementation in
versions ...)
- TODO: check
+ NOT-FOR-US: Apache James
CVE-2024-43811
REJECTED
CVE-2024-43779 (An information disclosure vulnerability exists in the Vault
API functi ...)
- TODO: check
+ NOT-FOR-US: ClearML Enterprise Server
CVE-2024-39272 (A cross-site scripting (xss) vulnerability exists in the
dataset uploa ...)
- TODO: check
+ NOT-FOR-US: ClearML Enterprise Server
CVE-2024-39033 (In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object
Referen ...)
- TODO: check
+ NOT-FOR-US: Newgensoft OmniDocs
CVE-2024-37358 (Similarly to CVE-2024-34055, Apache James is vulnerable to
denial of s ...)
- TODO: check
+ NOT-FOR-US: Apache James
CVE-2024-36558 (Forever KidsWatch Call Me KW-50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36557 (The device ID is based on IMEI in Forever KidsWatch Call Me
KW50 R36_Y ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36556 (Forever KidsWatch Call Me KW50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19 ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36555 (Built-in SMS-configuration command in Forever KidsWatch Call
Me KW50 R ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36554 (Forever KidsWatch Call Me KW-50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-36553 (Forever KidsWatch Call Me KW-50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
- TODO: check
+ NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-24911 (In rare scenarios, the cpca process on the Security Management
Server ...)
TODO: check
CVE-2024-13614 (Kaspersky has fixed a security issue in Kaspersky Anti-Virus
SDK for W ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2024-13417 (Specifically crafted payloads sent to the RFID reader could
cause DoS ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-13416 (Using API in the 2N OS device, authorized user can enable
logging, whi ...)
- TODO: check
+ NOT-FOR-US: 2N OS device
CVE-2024-12602 (Identity verification vulnerability in the ParamWatcher module
Impact: ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-5878 (Honeywell OneWireless Wireless Device Manager (WDM)for the
following ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-24845 (Improper neutralization of argument delimiters in a command
('Argument ...)
NOT-FOR-US: Defense Platform Home Edition
CVE-2025-24483 (NULL pointer dereference vulnerability exists in Defense
Platform Home ...)
@@ -459,7 +459,7 @@ CVE-2025-1028 (The Contact Manager plugin for WordPress is
vulnerable to arbitra
CVE-2025-1026 (Versions of the package spatie/browsershot before 5.0.5 are
vulnerable ...)
NOT-FOR-US: spatie/browsershot
CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2025-1022 (Versions of the package spatie/browsershot before 5.0.5 are
vulnerable ...)
NOT-FOR-US: spatie/browsershot
CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds
checks ...)
@@ -324479,7 +324479,7 @@ CVE-2020-36086
CVE-2020-36085
RESERVED
CVE-2020-36084 (SQL Injection vulnerability in SourceCodester Responsive
E-Learning Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Responsive E-Learning System
CVE-2020-36083
RESERVED
CVE-2020-36082 (File Upload vulnerability in bloofoxCMS version 0.5.2.1,
allows remote ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9db89417e6438953e385556baf4b3244f7d49f13
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9db89417e6438953e385556baf4b3244f7d49f13
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
