Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b406912f by Salvatore Bonaccorso at 2025-02-11T09:15:40+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -399,7 +399,7 @@ CVE-2024-57407 (An arbitrary file upload vulnerability in
the component /userPic
CVE-2024-57178 (An SQL injection vulnerability exists in Stock-Forecaster
<=01-04-2020 ...)
NOT-FOR-US: Stock-Forecaster
CVE-2024-57177 (A host header injection vulnerability exists in the NPM
package of per ...)
- TODO: check
+ NOT-FOR-US: perfood/couch-auth
CVE-2024-54954 (OneBlog v2.3.6 was discovered to contain a template injection
vulnerab ...)
NOT-FOR-US: OneBlog
CVE-2024-48170 (PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting
(XSS) v ...)
@@ -439,7 +439,7 @@ CVE-2024-11831 (A flaw was found in
npm-serialize-javascript. The vulnerability
CVE-2024-11621 (Missing certificate validation in Devolutions Remote Desktop
Manager o ...)
NOT-FOR-US: Devolutions
CVE-2024-10649 (wandb/openui latest commit
c945bb859979659add5f490a874140ad17c56a5d co ...)
- TODO: check
+ NOT-FOR-US: wandb/openui
CVE-2024-10334 (A vulnerability exists in the VideONet product included in the
listed ...)
NOT-FOR-US: VideONet product
CVE-2025-21693 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
@@ -887,9 +887,9 @@ CVE-2024-57955 (Arbitrary write vulnerability in the
Gallery module Impact: Suc
CVE-2024-57954 (Permission verification vulnerability in the media library
module Impa ...)
NOT-FOR-US: Huawei
CVE-2024-57673 (An issue in floodlight v1.2 allows a local attacker to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: floodlight
CVE-2024-57672 (An issue in floodlight v1.2 allows a local attacker to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: floodlight
CVE-2024-57668 (In Code-projects Shopping Portal v1.0, the insert-product.php
page has ...)
NOT-FOR-US: Code-projects Shopping Portal
CVE-2024-57610 (A rate limiting issue in Sylius v2.0.2 allows a remote
attacker to per ...)
@@ -939,7 +939,7 @@ CVE-2024-36554 (Forever KidsWatch Call Me KW-50
R36_YDR_A3PW_GM7S_V1.0_2019_07_1
CVE-2024-36553 (Forever KidsWatch Call Me KW-50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
NOT-FOR-US: Forever KidsWatch Call Me KW-50
CVE-2024-24911 (In rare scenarios, the cpca process on the Security Management
Server ...)
- TODO: check
+ NOT-FOR-US: Checkpoint Security Management Server
CVE-2024-13614 (Kaspersky has fixed a security issue in Kaspersky Anti-Virus
SDK for W ...)
NOT-FOR-US: Kaspersky
CVE-2024-13417 (Specifically crafted payloads sent to the RFID reader could
cause DoS ...)
@@ -1513,7 +1513,7 @@ CVE-2025-24899 (reNgine is an automated reconnaissance
framework for web applica
CVE-2025-24371 (CometBFT is a distributed, Byzantine fault-tolerant,
deterministic sta ...)
NOT-FOR-US: CometBFT
CVE-2025-24370 (Django-Unicorn adds modern reactive component functionality to
Django ...)
- TODO: check
+ NOT-FOR-US: Django Unicorn, different from src:unicorn
CVE-2025-24029 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-23210 (phpoffice/phpspreadsheet is a pure PHP library for reading and
writing ...)
@@ -1871,7 +1871,7 @@ CVE-2024-57175 (A Stored Cross-Site Scripting (XSS)
vulnerability was identified
CVE-2024-57099 (ClassCMS v4.8 has a code execution vulnerability. Attackers
can exploi ...)
NOT-FOR-US: ClassCMS
CVE-2024-57098 (Moss v0.1.3 version has an SQL injection vulnerability that
allows att ...)
- TODO: check
+ NOT-FOR-US: Moss
CVE-2024-57097 (ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in
class/admi ...)
NOT-FOR-US: ClassCMS
CVE-2024-57004 (Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail
1.6.9 al ...)
@@ -1879,7 +1879,7 @@ CVE-2024-57004 (Cross-Site Scripting (XSS) vulnerability
in Roundcube Webmail 1.
[bullseye] - roundcube <postponed> (Minor issue)
NOTE: https://github.com/roundcube/roundcubemail/issues/9767
CVE-2024-56946 (Denial of service in DNS-over-QUIC in Technitium DNS Server <=
v13.2.2 ...)
- TODO: check
+ NOT-FOR-US: Technitium DNS Server
CVE-2024-56921 (An issue was discovered in Open5gs v2.7.2. InitialUEMessage,
Registrat ...)
- open5gs <itp> (bug #1094791)
CVE-2024-56161 (Improper signature verification in AMD CPU ROM microcode patch
loader ...)
@@ -1888,7 +1888,7 @@ CVE-2024-56161 (Improper signature verification in AMD
CPU ROM microcode patch l
NOTE:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
NOTE:
https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
CVE-2024-55456 (lunasvg v3.0.1 was discovered to contain a segmentation
violation via ...)
- TODO: check
+ NOT-FOR-US: lunasvg
CVE-2024-54840 (PVWA (Password Vault Web Access) in CyberArk Privileged Access
Manager ...)
NOT-FOR-US: CyberArk
CVE-2024-53943 (An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5
devices. The ...)
@@ -1972,7 +1972,7 @@ CVE-2024-11133 (The Eventer plugin for WordPress is
vulnerable to unauthorized a
CVE-2024-11132 (The Eventer plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10395 (No proper validation of the length of user input in
http_server_get_co ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-0967 (A vulnerability was found in code-projects Chat System 1.0 and
classif ...)
NOT-FOR-US: code-projects Chat System
CVE-2025-0961 (A vulnerability, which was classified as problematic, has been
found i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b406912f54ca112203325c711062b17b851ebd2a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b406912f54ca112203325c711062b17b851ebd2a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
