Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40000c92 by Salvatore Bonaccorso at 2025-01-11T09:58:21+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,193 +19,193 @@ CVE-2025-23022 (FreeType 2.8.1 has a signed integer
overflow in cf2_doFlex in cf
CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer
overflow (an ...)
TODO: check
CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command
injectio ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-22946 (Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-22600 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22599 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22598 (WeGIA is a web manager for charitable institutions. A Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22597 (WeGIA is a web manager for charitable institutions. A Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22596 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22152 (Atheos is a self-hosted browser-based cloud IDE. Prior to
v600, the $p ...)
- TODO: check
+ NOT-FOR-US: Atheos
CVE-2025-0390 (A vulnerability classified as critical was found in Guangzhou
Huayi In ...)
- TODO: check
+ NOT-FOR-US: Guangzhou Huayi Intelligent Technology Jeewms
CVE-2025-0107 (An OS command injection vulnerability in Palo Alto Networks
Expedition ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0106 (A wildcard expansion vulnerability in Palo Alto Networks
Expedition al ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0105 (An arbitrary file deletion vulnerability in Palo Alto Networks
Expedit ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0104 (A reflected cross-site scripting (XSS) vulnerability in Palo
Alto Netw ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0103 (An SQL injection vulnerability in Palo Alto Networks Expedition
enable ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9188 (Specially constructed queries cause cross platform scripting
leaking a ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-9134 (Multiple SQL Injection vulnerabilities exist in the reporting
applicat ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-9133 (A user with administrator privileges is able to retrieve
authenticatio ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-9132 (The administrator is able to configure an insecure captive
portal scri ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-9131 (A user with administrator privileges can perform command
injection)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-7142 (On Arista CloudVision Appliance (CVA) affected releases running
on app ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-7095 (On affected platforms running Arista EOS with SNMP configured,
if \u20 ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-6880 (During MegaBIP installation process, a user is encouraged to
change a ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2024-6662 (Websites managed by MegaBIP in versions below 5.15 are
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2024-6437 (On affected platforms running Arista EOS with one of the
following fea ...)
TODO: check
CVE-2024-5872 (On affected platforms running Arista EOS, a specially crafted
packet w ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2024-57823 (In Raptor RDF Syntax Library through 2.0.16, there is an
integer under ...)
TODO: check
CVE-2024-57822 (In Raptor RDF Syntax Library through 2.0.16, there is a
heap-based buf ...)
TODO: check
CVE-2024-57687 (An OS Command Injection vulnerability was found in
/landrecordsys/admi ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Land Record System
CVE-2024-57686 (A Cross Site Scripting (XSS) vulnerability was found in
/landrecordsys ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Land Record System
CVE-2024-57228 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57227 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57226 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57225 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57224 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57223 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57222 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57214 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-57213 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-57212 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-57211 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-56511 (DataEase is an open source data visualization analysis tool.
Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-54998 (MonicaHQ v4.1.2 was discovered to contain an authenticated
Client-Side ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2024-54997 (MonicaHQ v4.1.1 was discovered to contain an authenticated
Client-Side ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2024-54996 (MonicaHQ v4.1.2 was discovered to contain multiple
authenticated Clien ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2024-54994 (MonicaHQ v4.1.2 was discovered to contain multiple Client-Side
Injecti ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2024-54910 (Hasleo Backup Suite Free v4.9.4 and before is vulnerable to
Insecure P ...)
- TODO: check
+ NOT-FOR-US: Hasleo Backup Suite Free
CVE-2024-54849 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows
attackers to obt ...)
- TODO: check
+ NOT-FOR-US: CP Plus CP-VNR-3104
CVE-2024-54848 (Improper handling and storage of certificates in CP Plus
CP-VNR-3104 B ...)
- TODO: check
+ NOT-FOR-US: CP Plus CP-VNR-3104
CVE-2024-54847 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows
attackers to acc ...)
- TODO: check
+ NOT-FOR-US: CP Plus CP-VNR-3104
CVE-2024-54846 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows
attackers to obt ...)
- TODO: check
+ NOT-FOR-US: CP Plus CP-VNR-3104
CVE-2024-54687 (Vtiger CRM v.6.1 and before is vulnerable to Cross Site
Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: Vtiger CRM
CVE-2024-50807 (Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross
Site Scrip ...)
- TODO: check
+ NOT-FOR-US: Trippo Responsive Filemanager
CVE-2024-47520 (A user with advanced report application access rights can
perform acti ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-47519 (Backup uploads to ETM subject to man-in-the-middle
interception)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-47518 (Specially constructed queries targeting ETM could discover
active remo ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-47517 (Expired and unusable administrator authentication tokens can
be reveal ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-46210 (An arbitrary file upload vulnerability in the MediaPool module
of Reda ...)
- TODO: check
+ NOT-FOR-US: Redaxo CMS
CVE-2024-42175 (HCL MyXalytics is affected by a weak input validation
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42174 (HCL MyXalytics is affected by username enumeration
vulnerability. Thi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42173 (HCL MyXalytics is affected by an improper password policy
implementati ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42172 (HCL MyXalytics is affected by broken authentication. It
allows attack ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42171 (HCL MyXalytics is affected by a session fixation
vulnerability. Cyber ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42170 (HCL MyXalytics is affected by a session fixation
vulnerability. Cyber ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42169 (HCL MyXalytics is affected by insecure direct object
references. It o ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42168 (HCL MyXalytics is affected by out-of-band resource load (HTTP)
vulnera ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-41787 (IBM Engineering Requirements Management DOORS Next 7.0.2 and
7.0.3 cou ...)
NOT-FOR-US: IBM
CVE-2024-33299 (Cross Site Scripting vulnerability in Microweber v.2.0.9
allows a remo ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2024-33298 (Microweber Cross Site Scripting vulnerability in Microweber
v.2.0.9 al ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2024-33297 (Cross Site Scripting vulnerability in Microweber v.2.0.9
allows a remo ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2024-29971 (Scontain SCONE 5.8.0 has an interface vulnerability that leads
to stat ...)
- TODO: check
+ NOT-FOR-US: Scontain SCONE
CVE-2024-29970 (Fortanix Enclave OS 3.36.1941-EM has an interface
vulnerability that l ...)
- TODO: check
+ NOT-FOR-US: Fortanix Enclave OS
CVE-2024-25371 (Gramine before a390e33e16ed374a40de2344562a937f289be2e1
suffers from a ...)
- TODO: check
+ NOT-FOR-US: Gramine
CVE-2024-13318 (The Essential WP Real Estate plugin for WordPress is
vulnerable to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12877 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12847 (NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an
authentication by ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2024-12627 (The Coupon X: Discount Pop Up, Promo Code Pop Ups,
Announcement Pop Up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12587 (The Contact Form Master WordPress plugin through 1.0.7 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12527 (The Perfect Portal Widgets plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12520 (The Dominion \u2013 Domain Checker for WPBakery plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12519 (The TCBD Auto Refresher plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12505 (The Trackserver plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12472 (The Post Duplicator plugin for WordPress is vulnerable to
Information ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12412 (The Rental and Booking Manager for Bike, Car, Dress, Resort
with WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12407 (The Push Notification for Post and BuddyPress plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12404 (The CF Internal Link Shortcode plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12304 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder
Feature ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12204 (The Coupon X: Discount Pop Up, Promo Code Pop Ups,
Announcement Pop Up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12116 (The Unlimited Theme Addon For Elementor and WooCommerce plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11915 (The RRAddons for Elementor plugin for WordPress is vulnerable
to Infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11892 (The Accordion Slider Lite plugin for WordPress is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11874 (The Grid Accordion Lite plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11758 (The WP SPID Italia plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11386 (The GatorMail SmartForms plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11327 (The ClickWhale \u2013 Link Manager, Link Shortener and Click
Tracker f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in
Microsoft Purvie ...)
NOT-FOR-US: Microsoft
CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an
authorized a ...)
@@ -213,7 +213,7 @@ CVE-2025-21380 (Improper access control in Azure SaaS
Resources allows an author
CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Store ...)
NOT-FOR-US: WordPress plugin
CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey
titles of ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the
built-in mess ...)
NOT-FOR-US: REDCap
CVE-2024-55226 (Vaultwarden v1.32.5 was discovered to contain an authenticated
reflect ...)
@@ -589,7 +589,7 @@ CVE-2024-11328 (The CLUEVO LMS, E-Learning Platform plugin
for WordPress is vuln
CVE-2024-10215 (The WPBookit plugin for WordPress is vulnerable to Arbitrary
User Pass ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10106 (A buffer overflow vulnerability in the packet handoff plugin
allows an ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite
permission ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-22445 (Mattermost versions 10.x <= 10.2 fail to accurately reflect
missing se ...)
@@ -148029,7 +148029,7 @@ CVE-2023-28356 (A vulnerability has been identified
where a maliciously crafted
CVE-2023-28355
RESERVED
CVE-2023-28354 (An issue was discovered in Opsview Monitor Agent 6.8. An
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Opsview Monitor Agent
CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on
Windows. An ...)
NOT-FOR-US: Faronics Insight
CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on
Windows. By ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40000c92538bea59381e933347ba07a7ef82c678
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40000c92538bea59381e933347ba07a7ef82c678
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
