Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b95424c2 by Moritz Muehlenhoff at 2025-02-06T10:04:39+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,21 +19,21 @@ CVE-2025-0522 (The LikeBot WordPress plugin through 0.85
does not have CSRF che
CVE-2024-57699 (A security issue was found in Netplex Json-smart 2.5.0 through
2.5.1. ...)
TODO: check
CVE-2024-57598 (A floating point exception (divide-by-zero) vulnerability was
discover ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2024-57520 (Insecure Permissions vulnerability in asterisk v22 allows a
remote att ...)
TODO: check
CVE-2024-57086 (A prototype pollution in the function fieldsToJson of
node-opcua-alarm ...)
- TODO: check
+ NOT-FOR-US: Node node-opcua-alarm-condition
CVE-2024-57085 (A prototype pollution in the function deepMerge of
@stryker-mutator/ut ...)
- TODO: check
+ NOT-FOR-US: Node @stryker-mutator/util
CVE-2024-57084 (A prototype pollution in the function lib.parse of
dot-properties v1.0 ...)
- TODO: check
+ NOT-FOR-US: Node dot-properties
CVE-2024-57082 (A prototype pollution in the lib.createUploader function of
@rpldy/upl ...)
- TODO: check
+ NOT-FOR-US: Node @rpldy/uploader
CVE-2024-57081 (A prototype pollution in the lib.fromQuery function of
underscore-cont ...)
- TODO: check
+ NOT-FOR-US: Node underscore-contrib
CVE-2024-57080 (A prototype pollution in the lib.install function of vxe-table
v4.8.10 ...)
- TODO: check
+ NOT-FOR-US: Node vxe-table
CVE-2024-57079 (A prototype pollution in the lib.deepMerge function of
@zag-js/core v0 ...)
TODO: check
CVE-2024-57078 (A prototype pollution in the lib.merge function of cli-util
v1.1.27 al ...)
@@ -73,7 +73,7 @@ CVE-2024-56471 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 is
vulnerable to serv
CVE-2024-56470 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 is vulnerable to
server-sid ...)
NOT-FOR-US: IBM
CVE-2024-54853 (A Stored Cross-Site Scripting (XSS) vulnerability was
identified affec ...)
- TODO: check
+ NOT-FOR-US: Skybox Change Manager
CVE-2024-51547 (Use of Hard-coded Credentials vulnerability in ABB
ASPECT-Enterprise, ...)
NOT-FOR-US: ABB
CVE-2024-51450 (IBM Security Verify Directory 10.0.0 through 10.0.3 could
allow a remo ...)
@@ -119,13 +119,13 @@ CVE-2025-24497 (When URL categorization is configured on
a virtual server, undis
CVE-2025-24372 (CKAN is an open-source DMS (data management system) for
powering data ...)
TODO: check
CVE-2025-24326 (When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS
Signatures fea ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-24320 (A stored cross-site scripting (XSS) vulnerability exists in an
undiscl ...)
TODO: check
CVE-2025-24319 (When BIG-IP Next Central Manager is running, undisclosed
requests to t ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-24312 (When BIG-IP AFM is provisioned with IPS module enabled and
protocol in ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-23419 (When multiple server blocks are configured to share the same
IP addres ...)
TODO: check
CVE-2025-23415 (An insufficient verification of data authenticity
vulnerability exists ...)
@@ -133,61 +133,61 @@ CVE-2025-23415 (An insufficient verification of data
authenticity vulnerability
CVE-2025-23413 (When users log in through the webUI or API using local
authentication, ...)
TODO: check
CVE-2025-23412 (When BIG-IP APM Access Profile is configured on a virtual
server, undi ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-23239 (When running in Appliance mode, an authenticated remote
command inject ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-22891 (When BIG-IP PEM Control Plane listener Virtual Server is
configured wi ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-22846 (When SIP Session and Router ALG profiles are configured on a
Message R ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-21117 (Dell Avamar, version 19.4 or later, contains an access token
reuse vul ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-21091 (When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed
requests c ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-21087 (When Client or Server SSL profiles are configured on a Virtual
Server, ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-20207 (A vulnerability in Simple Network Management Protocol (SNMP)
polling f ...)
TODO: check
CVE-2025-20205 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20204 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20185 (A vulnerability in the implementation of the remote access
functionali ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20184 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20183 (A vulnerability in a policy-based Cisco Application Visibility
and Con ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20180 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20179 (A vulnerability in the web-based management interface of Cisco
Express ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20176 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20175 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20174 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20173 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20172 (A vulnerability in the SNMP subsystem of Cisco IOS Software,
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20171 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20170 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20169 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20125 (A vulnerability in an API of Cisco ISE could allow an
authenticated, r ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20124 (A vulnerability in an API of Cisco ISE could allow an
authenticated, r ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20058 (When a BIG-IP message routing profile is configured on a
virtual serve ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-20045 (When SIP session Application Level Gateway mode (ALG) profile
with Pas ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-20029 (Command injection vulnerability exists in iControl REST and
BIG-IP TMO ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-0858 (A vulnerability was discovered in the firmware builds up to
8.2.1.0820 ...)
TODO: check
CVE-2024-9631 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b95424c2b653d16460d7dace41f6ed4580a46f73
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b95424c2b653d16460d7dace41f6ed4580a46f73
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
