Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
075e708d by Salvatore Bonaccorso at 2025-04-10T05:47:19+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -295,7 +295,7 @@ CVE-2025-2223 (CWE-20: Improper Input Validation
vulnerability exists that could
CVE-2025-2222 (CWE-552: Files or Directories Accessible to External Parties
vulnerabi ...)
NOT-FOR-US: Schneider Electric
CVE-2025-29870 (Missing authentication for critical function vulnerability
exists in W ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
CVE-2025-29394 (An insecure permissions vulnerability in verydows v2.0 allows
a remote ...)
NOT-FOR-US: verydows
CVE-2025-29391 (horvey Library-Manager v1.0 is vulnerable to SQL Injection in
Admin/Co ...)
@@ -393,7 +393,7 @@ CVE-2025-27189 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9,
2.4.5-p11, 2.4.4-p12
CVE-2025-27188 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11,
2.4.4-p12, 2.4. ...)
NOT-FOR-US: Adobe
CVE-2025-25013 (Improper restriction of environment variables in Elastic
Defend can le ...)
- TODO: check
+ NOT-FOR-US: Elastic Defend
CVE-2025-24447 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are
affected ...)
NOT-FOR-US: Adobe
CVE-2025-24446 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are
affected ...)
@@ -407,7 +407,7 @@ CVE-2024-6860 (The WP MultiTasking WordPress plugin
through 0.1.12 does not hav
CVE-2024-6857 (The WP MultiTasking WordPress plugin through 0.1.12 does not
have CSR ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55354 (Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an
attacker can ...)
- TODO: check
+ NOT-FOR-US: Lucee
CVE-2024-12556 (Prototype Pollution in Kibana can lead to code injection via
unrestric ...)
- kibana <itp> (bug #700337)
CVE-2025-3437 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
@@ -1311,7 +1311,7 @@ CVE-2025-21423 (Memory corruption occurs when handling
client calls to EnableTes
CVE-2025-21421 (Memory corruption while processing escape code in API.)
NOT-FOR-US: Qualcomm
CVE-2025-0050 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: ARM
CVE-2024-49848 (Memory corruption while processing multiple IOCTL calls from
HLOS to D ...)
NOT-FOR-US: Qualcomm
CVE-2024-46494 (A cross-site scripting (XSS) vulnerability in Typecho v1.2.1
allows at ...)
@@ -518127,7 +518127,7 @@ CVE-2018-9385 (In driver_override_store of bus.c,
there is a possible out of bou
CVE-2018-9384 (In multiple locations, there is a possible way to bypass KASLR
due to ...)
NOT-FOR-US: Android
CVE-2018-9383 (In asn1_ber_decoder of asn1_decoder.c, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9382 (In multiple functions of WifiServiceImpl.java, there is a
possible way ...)
NOT-FOR-US: Android
CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a
possibleinf ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/075e708d76b788f9ad0235df338eea7b7e540180
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/075e708d76b788f9ad0235df338eea7b7e540180
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
