Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
982afc76 by Salvatore Bonaccorso at 2025-02-12T09:27:46+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,111 +1,111 @@
CVE-2025-25203 (CtrlPanel is open-source billing software for hosting
providers. Prior ...)
- TODO: check
+ NOT-FOR-US: CtrlPanel
CVE-2025-23359 (NVIDIA Container Toolkit for Linux contains a Time-of-Check
Time-of-Us ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Container Toolkit
CVE-2025-1243 (The Temporal api-go library prior to version 1.44.1 did not
send `upda ...)
TODO: check
CVE-2025-1240 (WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: WinZip
CVE-2025-1186 (A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It
has been ...)
- TODO: check
+ NOT-FOR-US: dayrui XunRuiCMS
CVE-2025-1185 (A vulnerability was found in pihome-shc PiHome 2.0. It has been
classi ...)
- TODO: check
+ NOT-FOR-US: pihome-shc PiHome
CVE-2025-1184 (A vulnerability was found in pihome-shc PiHome 1.77 and
classified as ...)
- TODO: check
+ NOT-FOR-US: pihome-shc PiHome
CVE-2025-1183 (A vulnerability has been found in CodeZips Gym Management
System 1.0 a ...)
- TODO: check
+ NOT-FOR-US: CodeZips Gym Management System
CVE-2025-0989
REJECTED
CVE-2025-0808 (The Houzez Property Feed plugin for WordPress is vulnerable to
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57777 (Directory Traversal vulnerability in Ianproxy v.0.1 and before
allows ...)
- TODO: check
+ NOT-FOR-US: ffay/lanproxy
CVE-2024-57241 (Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In
the web ...)
- TODO: check
+ NOT-FOR-US: Dedecms
CVE-2024-57000 (An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0
allows a rem ...)
- TODO: check
+ NOT-FOR-US: Anyscale Inc Ray
CVE-2024-55212 (DNNGo xBlog v6.5.0 was discovered to contain a SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: DNNGo xBlog
CVE-2024-54916 (An issue in the SharedConfig class of Telegram Android APK
v.11.7.0 al ...)
- TODO: check
+ NOT-FOR-US: Telegram Android APK
CVE-2024-54772 (An issue was discovered in the Winbox service of MikroTik
RouterOS v6. ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2024-53880 (NVIDIA Triton Inference Server contains a vulnerability in the
model l ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Triton Inference Server
CVE-2024-51324 (An issue in the BdApiUtil driver of Baidu Antivirus
v5.2.3.116083 allo ...)
- TODO: check
+ NOT-FOR-US: Baidu Antivirus
CVE-2024-44336 (An issue in AnkiDroid Android Application v2.17.6 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: AnkiDroid Android Application
CVE-2024-33469 (An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in
v.3.10 ...)
- TODO: check
+ NOT-FOR-US: Team Amaze Amaze File Manager
CVE-2024-32037 (GeoNetwork is a catalog application to manage spatially
referenced res ...)
- TODO: check
+ NOT-FOR-US: GeoNetwork
CVE-2024-29172 (Dell BSAFE SSL-J contains a deadlock vulnerability. A remote
attacker ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-29171 (Dell BSAFE SSL-J contains an Improper certificate verification
vulnera ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-21971 (Improper input validation in AMD Crash Defender could allow an
attacke ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-21925 (Improper input validation within the AmdPspP2CmboxV2 driver
may allow ...)
TODO: check
CVE-2024-21924 (SMM callout vulnerability within the AmdPlatformRasSspSmm
driver could ...)
TODO: check
CVE-2024-13821 (The WP Booking Calendar plugin for WordPress is vulnerable to
Unauthen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13800 (The ConvertPlus plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13794 (The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13769 (The Puzzles | WP Magazine / Review with Store WordPress Theme
+ RTL th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13749 (The StaffList plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13714 (The All-Images.ai \u2013 IA Image Bank and Custom Image
creation plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13701 (The Liveticker (by stklcode) plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13665 (The Admire Extra plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13658 (The NGG Smart Image Search plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13656 (The Click Mag - Viral WordPress News Magazine/Blog Theme theme
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13654 (The ZoxPress - The All-In-One WordPress News Theme theme for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13653 (The ZoxPress - The All-In-One WordPress News Theme theme for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13601 (The Majestic Support \u2013 The Leading-Edge Help Desk &
Customer Supp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13600 (The Majestic Support \u2013 The Leading-Edge Help Desk &
Customer Supp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13554 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13541 (The aDirectory \u2013 WordPress Directory Listing Plugin
plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13539 (The AForms Eats plugin for WordPress is vulnerable to Full
Path Disclo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13421 (The Real Estate 7 WordPress theme for WordPress is vulnerable
to Privi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13374 (The WP Table Manager plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12164 (The WPSyncSheets Lite For WPForms \u2013 WPForms Google
Spreadsheet Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11746 (The Discover the Best Woocommerce Product Brands Plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0179 (SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM
driver co ...)
TODO: check
CVE-2024-0145 (NVIDIA nvJPEG2000 library contains a vulnerability where an
attacker c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA nvJPEG2000 library
CVE-2024-0144 (NVIDIA nvJPEG2000 library contains a vulnerability where an
attacker c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA nvJPEG2000 library
CVE-2024-0143 (NVIDIA nvJPEG2000 library contains a vulnerability where an
attacker c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA nvJPEG2000 library
CVE-2024-0142 (NVIDIA nvJPEG2000 library contains a vulnerability where an
attacker c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA nvJPEG2000 library
CVE-2024-0112 (NVIDIA Jetson AGX Orin\u2122 and NVIDIA IGX Orin software
contain a vu ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-49780 (Cross-site scripting vulnerability exists in acmailer CGI
ver.4.0.5 an ...)
- TODO: check
+ NOT-FOR-US: acmailer CGI
CVE-2023-31352 (A bug in the SEV firmware may allow an attacker with
privileges to rea ...)
TODO: check
CVE-2023-31345 (Improper input validation in the SMM handler may allow a
privileged at ...)
@@ -397,7 +397,7 @@ CVE-2025-1182 (A vulnerability, which was classified as
critical, was found in G
CVE-2025-1126 (A Reliance on Untrusted Inputs in a Security Decision
vulnerability ha ...)
NOT-FOR-US: Lexmark
CVE-2025-1052 (Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote
Code Exec ...)
- TODO: check
+ NOT-FOR-US: Mintty
CVE-2025-1044 (Logsign Unified SecOps Platform Authentication Bypass
Vulnerability. T ...)
TODO: check
CVE-2025-0911 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read
Information Dis ...)
@@ -481,7 +481,7 @@ CVE-2024-27780 (MultipleImproper Neutralization of Input
During Web Page Generat
CVE-2024-23814 (A vulnerability has been identified in SCALANCE WAB762-1
(6GK5762-1AJ0 ...)
NOT-FOR-US: Siemens
CVE-2024-21966 (A DLL hijacking vulnerability in the AMD Ryzen\u2122 Master
Utility c ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-13843 (Cleartext storage of information in Ivanti Connect Secure
before versi ...)
NOT-FOR-US: Ivanti
CVE-2024-13842 (A hardcoded key in Ivanti Connect Secure before version
22.7R2.3 and I ...)
@@ -521,9 +521,9 @@ CVE-2023-40721 (A use of externally-controlled format
string vulnerability [CWE-
CVE-2023-37482 (The login functionality of the web server in affected devices
does not ...)
NOT-FOR-US: Siemens
CVE-2023-31361 (A DLL hijacking vulnerability in AMD Integrated Management
Technology ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31360 (Incorrect default permissions in the AMD Integrated Management
Technol ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-12797 (Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to
authent ...)
- openssl <unfixed> (bug #1095765)
[bookworm] - openssl <not-affected> (Vulnerable code not present)
@@ -203312,7 +203312,7 @@ CVE-2022-40502 (Transient DOS due to improper input
validation in WLAN Host.)
CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral
VTScada ...)
NOT-FOR-US: Trihedral VTScada
CVE-2022-3180 (The WPGateway Plugin for WordPress is vulnerable to privilege
escalati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3179 (Weak Password Requirements in GitHub repository
ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to
2.1.0-DEV.)
@@ -404288,7 +404288,7 @@ CVE-2020-3434 (A vulnerability in the interprocess
communication (IPC) channel o
CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3432 (A vulnerability in the uninstaller component of Cisco
AnyConnect Secur ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3431 (A vulnerability in the web-based management interface of
Cisco Sm ...)
NOT-FOR-US: Cisco
CVE-2020-3430 (A vulnerability in the application protocol handling features
of Cisco ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/982afc76002648d2c41161bee25dd113791d6695
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/982afc76002648d2c41161bee25dd113791d6695
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
