Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b7158a2e by Salvatore Bonaccorso at 2025-02-13T20:46:31+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54,7 +54,7 @@ CVE-2025-1059 (CWE-770: Allocation of Resources Without
Limits or Throttling vul
CVE-2025-1058 (CWE-494: Download of Code Without Integrity Check vulnerability
exists ...)
NOT-FOR-US: Schneider Electric
CVE-2025-0896 (Orthanc server prior to version 1.5.8 does not enable basic
authentica ...)
- TODO: check
+ NOT-FOR-US: Orthanc server
CVE-2025-0837 (The Puzzles theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
NOT-FOR-US: WordPress theme
CVE-2025-0816 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
@@ -148,65 +148,65 @@ CVE-2024-39779 (Stack-based buffer overflow in some
drivers for Intel(R) Etherne
CVE-2024-39606 (Improper input validation in some Intel(R) PROSet/Wireless
WiFi and Ki ...)
NOT-FOR-US: Intel
CVE-2024-39372 (Uncontrolled search path for the Intel(R) XTU software for
Windows bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39365 (Uncontrolled search path for the FPGA Support Package for the
Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39356 (NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi
and Kil ...)
NOT-FOR-US: Intel
CVE-2024-39286 (Incorrect execution-assigned permissions in the Linux kernel
mode driv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39284 (Uncontrolled search path for some Intel(R) Advisor software
before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-39271 (Improper restriction of communication channel to intended
endpoints in ...)
NOT-FOR-US: Intel
CVE-2024-38310 (Improper access control in some Intel(R) Graphics Driver
software inst ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-38307 (Improper input validation in the firmware for some Intel(R)
AMT and In ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-37355 (Improper access control in some Intel(R) Graphics software may
allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-36291 (Uncontrolled search path for some Intel(R) Chipset Software
Installati ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-36285 (Race condition in some Intel(R) PROSet/Wireless WiFi and
Killer\xe2\u2 ...)
NOT-FOR-US: Intel
CVE-2024-36283 (Uncontrolled search path for the Intel(R) Thread Director
Visualizer s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-36280 (Uncontrolled search path for some Intel(R) High Level
Synthesis Compil ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-36274 (Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver
for Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-36262 (Race condition in some Intel(R) System Security Report and
System Reso ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-34521 (A directory traversal vulnerability exists in the Mavenir SCE
Applicat ...)
- TODO: check
+ NOT-FOR-US: Mavenir SCE Application Provisioning Portal
CVE-2024-34520 (An authorization bypass vulnerability exists in the Mavenir
SCE Applic ...)
- TODO: check
+ NOT-FOR-US: Mavenir SCE Application Provisioning Portal
CVE-2024-32942 (Incorrect default permissions for some Intel(R) DSA installer
for Wind ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-32941 (NULL pointer dereference for some Intel(R) MLC software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-32938 (Uncontrolled search path for some Intel(R) MPI Library for
Windows sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-31858 (Out-of-bounds write for some Intel(R) QuickAssist Technology
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-31155 (Improper buffer restrictions in the UEFI firmware for some
Intel(R) Pr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-31153 (Improper input validation for some Intel(R) QuickAssist
Technology sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-30211 (Improper access control in some Intel(R) ME driver pack
installer engi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-29223 (Uncontrolled search path for some Intel(R) QuickAssist
Technology soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-26021 (Improper initialization in the firmware for some Intel(R) AMT
and Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25571 (Improper input validation in some Intel(R) SPS firmware before
SPS_E5_ ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24852 (Uncontrolled search path in some Intel(R) Ethernet Adapter
Complete Dr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21859 (Improper buffer restrictions in the UEFI firmware for some
Intel(R) Pr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21830 (Uncontrolled search path in some Intel(R) VPL software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-13770 (The Puzzles | WP Magazine / Review with Store WordPress Theme
+ RTL th ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13644 (The DethemeKit For Elementor plugin for WordPress is
vulnerable to Sto ...)
@@ -228,25 +228,25 @@ CVE-2024-13120 (The Paid Membership Plugin, Ecommerce,
User Registration Form, L
CVE-2024-13119 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12673 (An improper privilege vulnerability was reported in a BIOS
customizati ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-12586 (The Chalet-Montagne.com Tools WordPress plugin through 2.7.8
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10763 (The Campress theme for WordPress is vulnerable to Local File
Inclusion ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10083 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-49618 (Improper buffer restrictions in some Intel(R) System Security
Report a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-49615 (Improper input validation in some Intel(R) System Security
Report and ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-49603 (Race condition in some Intel(R) System Security Report and
System Reso ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-48366 (Race condition in some Intel(R) System Security Report and
System Reso ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-48267 (Improper buffer restrictions in some Intel(R) System Security
Report a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32277 (Untrusted Pointer Dereference in I/O subsystem for some
Intel(R) QAT s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-31276 (Heap-based buffer overflow in BMC Firmware for the Intel(R)
Server Boa ...)
NOT-FOR-US: Intel
CVE-2023-29164 (Improper access control in BMC Firmware for the Intel(R)
Server Board ...)
@@ -350,15 +350,15 @@ CVE-2025-25349 (PHPGurukul Daily Expense Tracker System
v1.1 is vulnerable to SQ
CVE-2025-25343 (Tenda AC6 V15.03.05.16 firmware has a buffer overflow
vulnerability in ...)
NOT-FOR-US: Tenda
CVE-2025-25283 (parse-duraton is software that allows users to convert a human
readabl ...)
- TODO: check
+ NOT-FOR-US: parse-duration
CVE-2025-25205 (Audiobookshelf is a self-hosted audiobook and podcast server.
Starting ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2025-25201 (Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB
keys. For re ...)
NOT-FOR-US: Nitrokey 3 Firmware
CVE-2025-25200 (Koa is expressive middleware for Node.js using ES2017 async
functions. ...)
- TODO: check
+ NOT-FOR-US: Koa
CVE-2025-25199 (go-crypto-winnative Go crypto backend for Windows using
Cryptography A ...)
- TODO: check
+ NOT-FOR-US: go-crypto-winnative
CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite
based on d ...)
NOT-FOR-US: mailcow
CVE-2025-25184 (Rack provides an interface for developing web applications in
Ruby. Pr ...)
@@ -457,7 +457,7 @@ CVE-2024-9870 (An external service interaction
vulnerability in GitLab EE affect
CVE-2024-6097 (In Progress\xae Telerik\xae Reporting versions prior to 2025 Q1
(19.0. ...)
NOT-FOR-US: Progress Telerik
CVE-2024-54160 (dashboards-reporting (aka Dashboards Reports) before 2.19.0.0,
as ship ...)
- TODO: check
+ NOT-FOR-US: dashboards-reporting (aka Dashboards Reports)
CVE-2024-32838 (SQL Injection vulnerability in various API endpoints -
offices, dashbo ...)
NOT-FOR-US: Apache Fineract
CVE-2024-23563 (HCL Connections Docs is vulnerable to a sensitive information
disclosu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7158a2e3cc583670519557cf18d332be07d6774
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7158a2e3cc583670519557cf18d332be07d6774
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
