[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 04 Mar 2025 12:42:07 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
575ed834 by Salvatore Bonaccorso at 2025-03-04T21:41:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,23 +23,23 @@ CVE-2025-27111 (Rack is a modular Ruby web server 
interface. The Rack::Sendfile
        NOTE: Fixed by: 
https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53 
(v3.0.13)
        NOTE: Fixed by: 
https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b 
(v3.1.11)
 CVE-2025-26849 (There is a Hard-coded Cryptographic Key in Docusnap 
13.0.1440.24261, a ...)
-       TODO: check
+       NOT-FOR-US: Docusnap
 CVE-2025-26320 (t0mer BroadlinkManager v5.9.1 was discovered to contain an OS 
command  ...)
-       TODO: check
+       NOT-FOR-US: t0mer BroadlinkManager
 CVE-2025-26202 (Cross-Site Scripting (XSS) vulnerability exists in the 
WPA/WAPI Passph ...)
-       TODO: check
+       NOT-FOR-US: DZS Router Web Interface
 CVE-2025-26182 (An issue in xxyopen novel plus v.4.4.0 and before allows a 
remote atta ...)
-       TODO: check
+       NOT-FOR-US: xxyopen novel plus
 CVE-2025-26091 (A Cross Site Scripting (XSS) vulnerability exists in 
TeamPasswordManag ...)
-       TODO: check
+       NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
 CVE-2025-23368 (A flaw was found in Wildfly Elytron integration. The component 
does no ...)
        TODO: check
 CVE-2025-22226 (VMware ESXi, Workstation, and Fusion containan information 
disclosure  ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2025-22225 (VMware ESXi contains an arbitrary writevulnerability.A 
malicious actor ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2025-22224 (VMware ESXi, and Workstationcontain a TOCTOU (Time-of-Check 
Time-of-Us ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2025-1969 (Improper request input validation in Temporary Elevated Access 
Managem ...)
        TODO: check
 CVE-2025-1953 (A vulnerability has been found in vLLM AIBrix 0.2.0 and 
classified as  ...)
@@ -47,17 +47,17 @@ CVE-2025-1953 (A vulnerability has been found in vLLM 
AIBrix 0.2.0 and classifie
 CVE-2025-1952 (A vulnerability, which was classified as critical, was found in 
PHPGur ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-1949 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: ZZCMS
 CVE-2025-1947 (A vulnerability classified as critical has been found in 
hzmanyun Educ ...)
-       TODO: check
+       NOT-FOR-US: hzmanyun Education and Training System
 CVE-2025-1946 (A vulnerability was found in hzmanyun Education and Training 
System 2. ...)
-       TODO: check
+       NOT-FOR-US: hzmanyun Education and Training System
 CVE-2025-1925 (A vulnerability classified as problematic was found in Open5GS 
up to 2 ...)
        TODO: check
 CVE-2025-1425 (A Sudo privilege misconfiguration vulnerability in PocketBook 
InkPad C ...)
-       TODO: check
+       NOT-FOR-US: PocketBook InkPad Color
 CVE-2025-1424 (A privilege escalation vulnerability in PocketBook InkPad Color 
3 allo ...)
-       TODO: check
+       NOT-FOR-US: PocketBook InkPad Color
 CVE-2025-1260 (On affected platforms running Arista EOS with OpenConfig 
configured, a ...)
        NOT-FOR-US: Arista Networks
 CVE-2025-1259 (On affected platforms running Arista EOS with OpenConfig 
configured, a ...)
@@ -76,15 +76,15 @@ CVE-2025-0370 (The WP Shortcodes Plugin \u2014 Shortcodes 
Ultimate plugin for Wo
 CVE-2024-9618 (The Master Addons \u2013 Elementor Addons with White Label, 
Free Widge ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-9149 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Wind Media E-Commerce Website Template
 CVE-2024-50707 (Unauthenticated remote code execution vulnerability in 
Uniguest Triple ...)
-       TODO: check
+       NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-50706 (Unauthenticated SQL injection vulnerability in Uniguest 
Tripleplay bef ...)
-       TODO: check
+       NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-50705 (Unauthenticated reflected cross-site scripting (XSS) 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-50704 (Unauthenticated remote code execution vulnerability in 
Uniguest Triple ...)
-       TODO: check
+       NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-41147 (An out-of-bounds write vulnerability exists in the 
ma_dr_flac__decode_ ...)
        TODO: check
 CVE-2024-13724 (The Wallet System for WooCommerce \u2013 Wallet, Wallet 
Cashback, Refu ...)
@@ -287,25 +287,25 @@ CVE-2025-0360 (During an annual penetration test 
conducted on behalf of Axis Com
 CVE-2025-0359 (During an annual penetration test conducted on behalf of Axis 
Communic ...)
        NOT-FOR-US: Axis Communication
 CVE-2024-58050 (Vulnerability of improper access permission in the HDC module 
Impact:  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-58049 (Permission verification vulnerability in the media library 
module Impa ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-58048 (Multi-thread problem vulnerability in the package management 
module Im ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-58047 (Permission verification vulnerability in the media library 
module Impa ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-58046 (Permission management vulnerability in the lock screen module 
Impact:  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-58045 (Multi-concurrency vulnerability in the media digital copyright 
protect ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-58044 (Permission verification bypass vulnerability in the 
notification modul ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-58043 (Permission bypass vulnerability in the window module Impact: 
Successfu ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-55064 (Multiple cross-site scripting (XSS) vulnerabilities in 
EasyVirt DC Net ...)
        TODO: check
 CVE-2024-48248 (NAKIVO Backup & Replication before 11.0.0.88174 allows 
absolute path t ...)
-       TODO: check
+       NOT-FOR-US: NAKIVO Backup & Replication
 CVE-2024-47262 (Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, 
has foun ...)
        NOT-FOR-US: Axis Communication
 CVE-2024-47260 (51l3nc3, member of the AXIS OS Bug Bounty Program, has found 
that the  ...)
@@ -791,27 +791,27 @@ CVE-2024-53032 (Memory corruption may occur in keyboard 
virtual device due to gu
 CVE-2024-53031 (Memory corruption while reading a type value from a buffer 
controlled  ...)
        NOT-FOR-US: Qualcomm
 CVE-2024-53030 (Memory corruption while processing input message passed from 
FE driver ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53029 (Memory corruption while reading a value from a buffer 
controlled by th ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53028 (Memory corruption may occur while processing message from 
frontend dur ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53027 (Transient DOS may occur while processing the country IE.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53025 (Transient DOS can occur while processing UCI command.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53024 (Memory corruption in display driver while detaching a device.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53023 (Memory corruption may occur while accessing a variable during 
extended ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53022 (Memory corruption may occur during communication between 
primary and g ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53014 (Memory corruption may occur while validating  ports and 
channels in Au ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53012 (Memory corruption may occur due to improper input validation 
in clock  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-53011 (Information disclosure may occur due to improper permission 
and access ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-51966 (There is a path traversal vulnerability in ESRI ArcGIS Server 
versions ...)
        NOT-FOR-US: Esri
 CVE-2024-51963 (There is a stored Cross-site Scripting vulnerability in ArcGIS 
Server  ...)
@@ -857,7 +857,7 @@ CVE-2024-51942 (There is a stored Cross-site Scripting 
vulnerability in ArcGIS S
 CVE-2024-51091 (Cross Site Scripting vulnerability in seajs v.2.2.3 allows a 
remote at ...)
        TODO: check
 CVE-2024-49836 (Memory corruption may occur during the synchronization of the 
camera`s ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-47092 (Insecure deserialization and improper certificate validation 
in Checkm ...)
        TODO: check
 CVE-2024-45580 (Memory corruption while handling multuple IOCTL calls from 
userspace f ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/575ed834611654eb685e7a15fccbea151c5444ab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/575ed834611654eb685e7a15fccbea151c5444ab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to