Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c757603 by Salvatore Bonaccorso at 2025-02-04T09:20:07+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,163 +1,163 @@
CVE-2025-24982 (Cross-site request forgery vulnerability exists in Activity
Log Winter ...)
- TODO: check
+ NOT-FOR-US: Activity Log WinterLock
CVE-2025-24962 (reNgine is an automated reconnaissance framework for web
applications. ...)
- TODO: check
+ NOT-FOR-US: reNgine
CVE-2025-24961 (org.gaul S3Proxy implements the S3 API and proxies requests.
Users of ...)
TODO: check
CVE-2025-24960 (Jellystat is a free and open source Statistics App for
Jellyfin. In af ...)
- TODO: check
+ NOT-FOR-US: Jellystat
CVE-2025-24959 (zx is a tool for writing better scripts. An attacker with
control over ...)
TODO: check
CVE-2025-24958 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24957 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24906 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24905 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24902 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24901 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-24899 (reNgine is an automated reconnaissance framework for web
applications. ...)
- TODO: check
+ NOT-FOR-US: reNgine
CVE-2025-24371 (CometBFT is a distributed, Byzantine fault-tolerant,
deterministic sta ...)
TODO: check
CVE-2025-24370 (Django-Unicorn adds modern reactive component functionality to
Django ...)
TODO: check
CVE-2025-24029 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-23210 (phpoffice/phpspreadsheet is a pure PHP library for reading and
writing ...)
- TODO: check
+ NOT-FOR-US: phpoffice/phpspreadsheet
CVE-2025-22918 (Polycom RealPresence Group 500 <=20 has Insecure Permissions
due to au ...)
- TODO: check
+ NOT-FOR-US: Polycom RealPresence Group 500
CVE-2025-22475 (Dell PowerProtect DD, versions prior to DDOS 8.3.0.0,
7.10.1.50, and 7 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-22205 (Improper handling of input variables lead to multiple path
traversal v ...)
- TODO: check
+ NOT-FOR-US: Admiror Gallery extension for Joomla
CVE-2025-22204 (Improper control of generation of code in the sourcerer
extension for ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2025-22129 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-20907 (Improper privilege management in Samsung Find prior to SMR
Feb-2025 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20906 (Improper Export of Android Application Components in Settings
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20905 (Out-of-bounds read and write in mPOS TUI trustlet prior to SMR
Feb-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20904 (Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025
Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20902 (Improper access control in Media Controller prior to version
1.0.24.52 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20901 (Out-of-bounds read in Blockchain Keystore prior to version
1.3.16.5 al ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20900 (Out-of-bounds write in Blockchain Keystore prior to version
1.3.16.5 a ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20899 (Improper access control in PushNotification prior to version
13.0.00.1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20898 (Improper input validation in Samsung Members prior to version
5.2.00.1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20897 (Improper access control in Secure Folder prior to version
1.9.20.50 in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20896 (Use of implicit intent for sensitive communication in
EasySetup prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20895 (Authentication Bypass Using an Alternate Path in Galaxy Store
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20894 (Improper access control in Samsung Email prior to version
6.1.97.1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20893 (Improper access control in NotificationManager prior to SMR
Jan-2025 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20892 (Protection Mechanism Failure in bootloader prior to SMR
Jan-2025 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20891 (Out-of-bounds read in decoding malformed bitstream of video
thumbnails ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20890 (Out-of-bounds write in decoding frame buffer in libsthmbc.so
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20889 (Out-of-bounds read in decoding malformed bitstream for smp4vtd
in libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20888 (Out-of-bounds write in handling the block size for smp4vtd in
libsthmb ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20887 (Out-of-bounds read in accessing table used for svp8t in
libsthmbc.so p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20886 (Inclusion of sensitive information in test code in softsim TA
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20885 (Out-of-bounds write in softsim TA prior to SMR Jan-2025
Release 1 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20884 (Improper access control in Samsung Message prior to SMR
Jan-2025 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20883 (Improper access control in SoundPicker prior to SMR Jan-2025
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20882 (Out-of-bounds write in accessing uninitialized memory for
svc1td in li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-20881 (Out-of-bounds write in accessing buffer storing the decoded
video fram ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-1003 (A potential vulnerability has been identified in HP Anyware
Agent for ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-0466 (The Sensei LMS WordPress plugin before 4.24.4 does not
properly prote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0368 (The Banner Garden Plugin for WordPress plugin through 0.1.3
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0148 (Missing password field masking in the Zoom Jenkins Marketplace
plugin ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-57451 (ChestnutCMS <=1.5.0 has a directory traversal vulnerability in
content ...)
- TODO: check
+ NOT-FOR-US: ChestnutCMS
CVE-2024-56903 (A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with
the ver ...)
- TODO: check
+ NOT-FOR-US: Geovision GV-ASWeb
CVE-2024-56902 (An issue in Geovision GV-ASWeb with version 6.1.0.0 or less
allows una ...)
- TODO: check
+ NOT-FOR-US: Geovision GV-ASWeb
CVE-2024-56901 (A Cross-Site Request Forgery (CSRF) in the Account Management
componen ...)
- TODO: check
+ NOT-FOR-US: Geovision GV-ASWeb
CVE-2024-56898 (Incorrect access control in Geovision GV-ASWeb version 6.1.0.0
or less ...)
- TODO: check
+ NOT-FOR-US: Geovision GV-ASWeb
CVE-2024-47770 (Wazuh is a free and open source platform used for threat
prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2024-44449 (Cross Site Scripting vulnerability in Quorum onQ OS
v.6.0.0.5.2064 all ...)
TODO: check
CVE-2024-35177 (Wazuh is a free and open source platform used for threat
prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2024-34897 (Nedis SmartLife android app v1.4.0 was discovered to contain
an API ke ...)
- TODO: check
+ NOT-FOR-US: Nedis SmartLife android app
CVE-2024-34896 (An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY),
Nedis SmartL ...)
- TODO: check
+ NOT-FOR-US: Nedis
CVE-2024-13607 (The JS Help Desk \u2013 The Ultimate Help Desk & Support
Plugin plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13514 (The B Slider- Gutenberg Slider Block for WP plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13332 (The TransFinanz WordPress plugin through 1.0.0 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13331 (The WP Dream Carousel WordPress plugin through 1.0.1b does not
sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13330 (The JustRows free WordPress plugin through 0.2 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13329 (The Solidres WordPress plugin through 0.9.4 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13328 (The Giga Messenger WordPress plugin through 2.3.1 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13327 (The Musicbox WordPress plugin through 2.0.3 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13326 (The iBuildApp WordPress plugin through 0.2.0 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13325 (The Glossy WordPress plugin through 2.3.5 does not sanitise
and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13115 (The WP Projects Portfolio with Client Testimonials WordPress
plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13114 (The WP Projects Portfolio with Client Testimonials WordPress
plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12597 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12046 (The Medical Addon for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10239 (A security issue in the firmware image verification
implementation at ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-10238 (A security issue in the firmware image verification
implementation ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2024-10237 (There is a vulnerability in the BMC firmware image
authentication desi ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-52164 (access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices
allows a ...)
- TODO: check
+ NOT-FOR-US: Digiever DS-2105 Pro
CVE-2023-52163 (Digiever DS-2105 Pro 3.1.0.71-11 devices allow
time_tzsetup.cgi Comman ...)
- TODO: check
+ NOT-FOR-US: Digiever DS-2105 Pro
CVE-2025-25181 (A SQL injection vulnerability in timeoutWarning.asp in
Advantive VeraC ...)
NOT-FOR-US: Advantive VeraCore
CVE-2025-25066 (nDPI through 4.12 has a potential stack-based buffer overflow
in ndpi_ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c757603203ecc7da005eda1d80f367b0c08a8ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c757603203ecc7da005eda1d80f367b0c08a8ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
