Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d5107b8 by Salvatore Bonaccorso at 2025-02-08T10:44:29+01:00
Add CVE-2025-24366/sftpgo
- - - - -
94f0a184 by Salvatore Bonaccorso at 2025-02-08T10:44:31+01:00
Add CVE-2025-24028/joplin
- - - - -
24cd3c30 by Salvatore Bonaccorso at 2025-02-08T10:44:33+01:00
Process some NFUs
- - - - -
d3bb24a2 by Salvatore Bonaccorso at 2025-02-08T10:44:35+01:00
Add CVE-2024-55630/joplin
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,209 +1,209 @@
CVE-2025-25187 (Joplin is a free, open source note taking and to-do
application, which ...)
- joplin <itp> (bug #931306)
CVE-2025-24366 (SFTPGo is an open source, event-driven file transfer solution.
SFTPGo ...)
- TODO: check
+ - sftpgo <itp> (bug #1050829)
CVE-2025-24028 (Joplin is a free, open source note taking and to-do
application, which ...)
- TODO: check
+ - joplin <itp> (bug #931306)
CVE-2025-1114 (A vulnerability classified as problematic has been found in
newbee-mal ...)
- TODO: check
+ NOT-FOR-US: newbee-mall
CVE-2025-1113 (A vulnerability was found in taisan tarzan-cms up to 1.0.0. It
has bee ...)
- TODO: check
+ NOT-FOR-US: tarzan-cms
CVE-2025-1096
REJECTED
CVE-2024-57606 (SQL injection vulnerability in Beijing Guoju Information
Technology Co ...)
- TODO: check
+ NOT-FOR-US: Beijing Guoju Information Technology Co., Ltd JeecgBoot
CVE-2024-57357 (An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build
20230427 ...)
- TODO: check
+ NOT-FOR-US: TPLINK
CVE-2024-57279 (A reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
TODO: check
CVE-2024-57278 (A reflected Cross-Site Scripting (XSS) vulnerability exists in
/websca ...)
- TODO: check
+ NOT-FOR-US: QingScan
CVE-2024-55630 (Joplin is a free, open source note taking and to-do
application, which ...)
- TODO: check
+ - joplin <itp> (bug #931306)
CVE-2024-55272 (An issue in Brainasoft Braina v2.8 allows a remote attacker to
obtain ...)
- TODO: check
+ NOT-FOR-US: Brainasoft Braina
CVE-2024-55215 (An issue in trojan v.2.0.0 through v.2.15.3 allows a remote
attacker t ...)
TODO: check
CVE-2025-25183 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
- TODO: check
+ NOT-FOR-US: vLLM
CVE-2025-25168 (Cross-Site Request Forgery (CSRF) vulnerability in
blackandwhitedigita ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25167 (Missing Authorization vulnerability in blackandwhitedigital
BookPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25166 (Cross-Site Request Forgery (CSRF) vulnerability in
gabrieldarezzo InLo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25163 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25160 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes
Style T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25159 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25156 (Cross-Site Request Forgery (CSRF) vulnerability in Stanko
Metodiev Quo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25155 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25154 (Cross-Site Request Forgery (CSRF) vulnerability in scweber
Custom Comm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25153 (Cross-Site Request Forgery (CSRF) vulnerability in djjmz
Simple Auto T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25152 (Cross-Site Request Forgery (CSRF) vulnerability in
LukaszWiecek Smart ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25151 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25149 (Cross-Site Request Forgery (CSRF) vulnerability in Danillo
Nunes Login ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25148 (Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo
Read More ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25147 (Cross-Site Request Forgery (CSRF) vulnerability in
Phillip.Gooch Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25146 (Cross-Site Request Forgery (CSRF) vulnerability in saleandro
Songkick ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25145 (Cross-Site Request Forgery (CSRF) vulnerability in
jordan.hatch Infusi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25144 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25143 (Cross-Site Request Forgery (CSRF) vulnerability in ibasit
GlobalQuran ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25141 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25140 (Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite
Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25139 (Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT
Consultanc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25138 (Cross-Site Request Forgery (CSRF) vulnerability in Rishi On
Page SEO + ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25136 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25135 (Cross-Site Request Forgery (CSRF) vulnerability in Victor
Barkalov Cus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25128 (Cross-Site Request Forgery (CSRF) vulnerability in orlandolac
Facilita ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25126 (Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25125 (Cross-Site Request Forgery (CSRF) vulnerability in CyrilG
Fyrebox Quiz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25123 (Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy
Related ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25120 (Missing Authorization vulnerability in Melodic Media Slide
Banners all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25117 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25116 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25111 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell
Check WP S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25110 (Missing Authorization vulnerability in Metagauss Event Kikfyre
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25107 (Cross-Site Request Forgery (CSRF) vulnerability in sainwp
OneStore Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25106 (Cross-Site Request Forgery (CSRF) vulnerability in FancyWP
Starter Tem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25105 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25104 (Cross-Site Request Forgery (CSRF) vulnerability in mraliende
URL-Previ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25103 (Cross-Site Request Forgery (CSRF) vulnerability in bnielsen
Indeed API ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25101 (Cross-Site Request Forgery (CSRF) vulnerability in
MetricThemes Munk S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25098 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25097 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25096 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25095 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25093 (Cross-Site Request Forgery (CSRF) vulnerability in
paulswarthout Child ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25091 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25088 (Cross-Site Request Forgery (CSRF) vulnerability in blackus3r
WP Keywor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25085 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25082 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25081 (Missing Authorization vulnerability in DeannaS Embed RSS
allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25080 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25079 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25078 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25077 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25076 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25075 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal
Show noti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25074 (Cross-Site Request Forgery (CSRF) vulnerability in Nirmal
Kumar Ram WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25073 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25072 (Cross-Site Request Forgery (CSRF) vulnerability in thunderbax
WP Admin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25071 (Cross-Site Request Forgery (CSRF) vulnerability in topplugins
Vignette ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25069 (A Cross-Protocol Scripting vulnerability is found in Apache
Kvrocks. ...)
- TODO: check
+ NOT-FOR-US: Apache Kvrocks
CVE-2025-24980 (pimcore/admin-ui-classic-bundle provides a Backend UI for
Pimcore. In ...)
- TODO: check
+ NOT-FOR-US: pimcore/admin-ui-classic-bundle
CVE-2025-1108 (Insufficient data authenticity verification vulnerability in
Janto, ve ...)
- TODO: check
+ NOT-FOR-US: Janto
CVE-2025-1107 (Unverified password change vulnerability in Janto, versions
prior to r ...)
- TODO: check
+ NOT-FOR-US: Janto
CVE-2025-1106 (A vulnerability classified as critical has been found in
CmsEasy 7.7.7 ...)
- TODO: check
+ NOT-FOR-US: CmsEasy
CVE-2025-1105 (A vulnerability was found in SiberianCMS 4.20.6. It has been
rated as ...)
- TODO: check
+ NOT-FOR-US: SiberianCMS
CVE-2025-1104 (A vulnerability has been found in D-Link DHP-W310AV 1.04 and
classifie ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-1103 (A vulnerability, which was classified as problematic, was found
in D-L ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-1077 (A security vulnerability has been identified in the IBL
Software Engin ...)
- TODO: check
+ NOT-FOR-US: IBL Software Engineering Visual Weather and derived products
CVE-2025-0307
REJECTED
CVE-2025-0304 (in OpenHarmony v4.1.2 and prior versions allow a local attacker
cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2025-0303 (in OpenHarmony v4.1.2 and prior versions allow a local attacker
cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2025-0302 (in OpenHarmony v4.1.2 and prior versions allow a local attacker
cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-9664 (The WP All Import Pro plugin for WordPress is vulnerable to PHP
Object ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9661 (The WP All Import Pro plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7425 (The WP ALL Export Pro plugin for WordPress is vulnerable to
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7419 (The WP ALL Export Pro plugin for WordPress is vulnerable to
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57707 (An issue in DataEase v1 allows an attacker to execute
arbitrary code v ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-57249 (Incorrect Access Control in the Preview Function of Gleamtech
FileVist ...)
- TODO: check
+ NOT-FOR-US: Gleamtech FileVista
CVE-2024-57248 (Directory Traversal in File Upload in Gleamtech FileVista
9.2.0.0 allo ...)
- TODO: check
+ NOT-FOR-US: Gleamtech FileVista
CVE-2024-55214 (Local File Inclusion vulnerability in dhtmlxFileExplorer
v.8.4.6 allow ...)
- TODO: check
+ NOT-FOR-US: dhtmlxFileExplorer
CVE-2024-55213 (Directory Traversal vulnerability in dhtmlxFileExplorer
v.8.4.6 allows ...)
- TODO: check
+ NOT-FOR-US: dhtmlxFileExplorer
CVE-2024-52884 (An issue was discovered in AudioCodes Mediant Session Border
Controlle ...)
- TODO: check
+ NOT-FOR-US: AudioCodes
CVE-2024-52883 (An issue was discovered in AudioCodes One Voice Operations
Center (OVO ...)
- TODO: check
+ NOT-FOR-US: AudioCodes
CVE-2024-52882 (An issue was discovered in AudioCodes One Voice Operations
Center (OVO ...)
- TODO: check
+ NOT-FOR-US: AudioCodes
CVE-2024-52881 (An issue was discovered in AudioCodes One Voice Operations
Center (OVO ...)
- TODO: check
+ NOT-FOR-US: AudioCodes
CVE-2024-48091 (Tally Prime Edit Log v2.1 was discovered to contain a DLL
hijacking vu ...)
- TODO: check
+ NOT-FOR-US: Tally Prime Edit Log
CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a
buffer ove ...)
- TODO: check
+ NOT-FOR-US: NEXTU FLETA AX1500 WIFI6
CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork
compone ...)
TODO: check
CVE-2025-24032
@@ -267,7 +267,7 @@ CVE-2024-56889 (Incorrect access control in the endpoint
/admin/m_delete.php of
CVE-2024-56467 (IBM EntireX 11.1 could allow a local user to obtain sensitive
informat ...)
NOT-FOR-US: IBM
CVE-2024-55241 (An issue in deep-diver LLM-As-Chatbot before commit 99c2c03
allows a r ...)
- TODO: check
+ NOT-FOR-US: deep-diver LLM-As-Chatbot
CVE-2024-54909 (A vulnerability has been identified in GoldPanKit eva-server
v4.1.0. I ...)
NOT-FOR-US: GoldPanKit eva-server
CVE-2024-54171 (IBM EntireX 11.1 is vulnerable to an XML external entity
injection (XX ...)
@@ -242210,9 +242210,9 @@ CVE-2022-26391
CVE-2022-26390 (The Baxter Spectrum Wireless Battery Module (WBM) stores
network crede ...)
NOT-FOR-US: Baxter Spectrum Wireless Battery Module (WBM)
CVE-2022-26389 (An improper access control vulnerability may allow privilege
escalatio ...)
- TODO: check
+ NOT-FOR-US: Welch Allyn medical devices
CVE-2022-26388 (A use of hard-coded password vulnerability may allow
authentication ab ...)
- TODO: check
+ NOT-FOR-US: Welch Allyn medical devices
CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe
buffer ...)
{DSA-5092-1}
- linux 5.16.11-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4239c4f64a46f65dd7d9609b1e143f3f94ee0c4b...d3bb24a27d36e9a8586a47691067e8d1758c65ed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4239c4f64a46f65dd7d9609b1e143f3f94ee0c4b...d3bb24a27d36e9a8586a47691067e8d1758c65ed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
