Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b5e2c49c by Salvatore Bonaccorso at 2025-01-14T06:44:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-23027 (next-forge is a Next.js project boilerplate for modern web
application ...)
- TODO: check
+ NOT-FOR-US: next-forge Next.js project
CVE-2025-23026 (jte (Java Template Engine) is a secure and lightweight
template engine ...)
- TODO: check
+ NOT-FOR-US: jte (Java Template Engine)
CVE-2025-22963 (Teedy through 1.11 allows CSRF for account takeover via POST
/api/user ...)
NOT-FOR-US: TeedyTeedy
CVE-2025-22828 (CloudStack users can add and read comments (annotations) on
resources ...)
- TODO: check
+ NOT-FOR-US: Apache CloudStack
CVE-2025-22800 (Missing Authorization vulnerability in Post SMTP Post SMTP
allows Expl ...)
NOT-FOR-US: WordPress plugin
CVE-2025-22777 (Deserialization of Untrusted Data vulnerability in GiveWP
GiveWP allow ...)
@@ -45,7 +45,7 @@ CVE-2025-22144 (NamelessMC is a free, easy to use & powerful
website software fo
CVE-2025-22142 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
NOT-FOR-US: NamelessMC
CVE-2024-6352 (A malformed packet can cause a buffer overflow in the APS layer
of the ...)
- TODO: check
+ NOT-FOR-US: Silabs (Ember Znet stack)
CVE-2024-5743 (An attacker could exploit the 'Use of Password Hash With
Insufficient ...)
NOT-FOR-US: EveHome Eve Play
CVE-2024-57488 (Code-Projects Online Car Rental System 1.0 is vulnerable to
Cross Site ...)
@@ -59,13 +59,13 @@ CVE-2024-56065 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2024-54999 (MonicaHQ v4.1.2 was discovered to contain a Client-Side
Injection vuln ...)
NOT-FOR-US: MonicaHQ
CVE-2024-52938 (Kernel software installed and running inside a Guest VM may
post impro ...)
- TODO: check
+ NOT-FOR-US: Imagination GPU Driver
CVE-2024-52937 (Kernel software installed and running inside a Guest VM may
exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination GPU Driver
CVE-2024-52936 (Kernel software installed and running inside a Guest VM may
post impro ...)
- TODO: check
+ NOT-FOR-US: Imagination GPU Driver
CVE-2024-52935 (Kernel software installed and running inside a Guest VM may
exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination GPU Driver
CVE-2024-52333 (An improper array index validation vulnerability exists in the
determi ...)
TODO: check
CVE-2024-51728
@@ -73,31 +73,31 @@ CVE-2024-51728
CVE-2024-48883 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
NOT-FOR-US: Samsung
CVE-2024-47897 (Software installed and run as a non-privileged user may
conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination GPU Driver
CVE-2024-47895 (Kernel software installed and running inside a Guest VM may
post impro ...)
- TODO: check
+ NOT-FOR-US: Imagination GPU Driver
CVE-2024-47894 (Kernel software installed and running inside a Guest VM may
post impro ...)
- TODO: check
+ NOT-FOR-US: Imagination GPU Driver
CVE-2024-47796 (An improper array index validation vulnerability exists in the
nowindo ...)
TODO: check
CVE-2024-46921 (An issue was discovered in Samsung Mobile Processor and Modem
Exynos 9 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-46920 (An issue was discovered in Samsung Mobile Processor Exynos
9820, 9825, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-46919 (An issue was discovered in Samsung Mobile Processor Exynos
9820, 9825, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-46481 (The login page of Venki Supravizio BPM up to 18.1.1 is
vulnerable to o ...)
- TODO: check
+ NOT-FOR-US: Venki Supravizio BPM
CVE-2024-46480 (An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows
authenti ...)
- TODO: check
+ NOT-FOR-US: Venki Supravizio BPM
CVE-2024-46479 (Venki Supravizio BPM through 18.0.1 was discovered to contain
an arbit ...)
- TODO: check
+ NOT-FOR-US: Venki Supravizio BPM
CVE-2024-46310 (Incorrect Access Control in Cfx.re FXServer v9601 and earlier
allows u ...)
- TODO: check
+ NOT-FOR-US: Cfx.re FXServer
CVE-2024-44771 (BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting
(XSS) v ...)
- TODO: check
+ NOT-FOR-US: BigId PrivacyPortal
CVE-2024-12211 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by
an Store ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-0412 (Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote
Code E ...)
NOT-FOR-US: Luxion KeyShot Viewer
CVE-2025-0410 (A vulnerability classified as critical was found in liujianview
gymxmj ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e2c49cad4b823585ae068f595c20aea832c91f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e2c49cad4b823585ae068f595c20aea832c91f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
