Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ef8ef7e by Salvatore Bonaccorso at 2025-02-13T07:09:58+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,177 +1,177 @@
CVE-2025-26378 (A CWE-862 "Missing Authorization" in
maxprofile/users/routes.lua in Q- ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26377 (A CWE-862 "Missing Authorization" in
maxprofile/users/routes.lua in Q- ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26376 (A CWE-862 "Missing Authorization" in
maxprofile/users/routes.lua in Q- ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26375 (A CWE-862 "Missing Authorization" in
maxprofile/users/routes.lua in Q- ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26374 (A CWE-862 "Missing Authorization" in
maxprofile/users/routes.lua (user ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26373 (A CWE-862 "Missing Authorization" in
maxprofile/users/routes.lua (user ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26372 (A CWE-862 "Missing Authorization" in
maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26371 (A CWE-862 "Missing Authorization" in
maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26370 (A CWE-862 "Missing Authorization" in
maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26369 (A CWE-862 "Missing Authorization" in
maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26368 (A CWE-862 "Missing Authorization" in
maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26367 (A CWE-862 "Missing Authorization" in
maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26366 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26365 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26364 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26363 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26362 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26361 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26360 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26359 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26358 (A CWE-20 "Improper Input Validation" in ldbMT.so in Q-Free
MaxTime les ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26357 (A CWE-35 "Path Traversal" in maxtime/api/database/database.lua
in Q-Fr ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26356 (A CWE-35 "Path Traversal" in maxtime/api/database/database.lua
(setAct ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26355 (A CWE-35 "Path Traversal" in maxtime/api/database/database.lua
in Q-Fr ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26354 (A CWE-35 "Path Traversal" in maxtime/api/database/database.lua
(copy e ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26353 (A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free
MaxTime ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26352 (A CWE-35 "Path Traversal" in the template deletion mechanism
in Q-Free ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26351 (A CWE-35 "Path Traversal" in the template download mechanism
in Q-Free ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26350 (A CWE-434 "Unrestricted Upload of File with Dangerous Type" in
the tem ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26349 (A CWE-23 "Relative Path Traversal" in the file upload
mechanism in Q-F ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26348 (A CWE-89 "Improper Neutralization of Special Elements used in
an SQL C ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26347 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26346 (A CWE-89 "Improper Neutralization of Special Elements used in
an SQL C ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26345 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26344 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26343 (A CWE-1390 "Weak Authentication" in the PIN authentication
mechanism i ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26342 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26341 (A CWE-306 "Missing Authentication for Critical Function" in
maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26340 (A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT
signing in ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26339 (A CWE-306 "Missing Authentication for Critical Function" in
maxtime/ha ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-25746 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25744 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25743 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
command inject ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25742 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25741 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25351 (PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to
SQL Inje ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Daily Expense Tracker System
CVE-2025-25349 (PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to
SQL Inje ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Daily Expense Tracker System
CVE-2025-25343 (Tenda AC6 V15.03.05.16 firmware has a buffer overflow
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25283 (parse-duraton is software that allows users to convert a human
readabl ...)
TODO: check
CVE-2025-25205 (Audiobookshelf is a self-hosted audiobook and podcast server.
Starting ...)
TODO: check
CVE-2025-25201 (Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB
keys. For re ...)
- TODO: check
+ NOT-FOR-US: Nitrokey 3 Firmware
CVE-2025-25200 (Koa is expressive middleware for Node.js using ES2017 async
functions. ...)
TODO: check
CVE-2025-25199 (go-crypto-winnative Go crypto backend for Windows using
Cryptography A ...)
TODO: check
CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite
based on d ...)
- TODO: check
+ NOT-FOR-US: mailcow
CVE-2025-25184 (Rack provides an interface for developing web applications in
Ruby. Pr ...)
TODO: check
CVE-2025-25182 (Stroom is a data processing, storage and analysis platform. A
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Stroom
CVE-2025-1244 (A flaw was found in the Emacs text editor. Improper handling of
custom ...)
TODO: check
CVE-2025-1230 (Stored Cross-Site Scripting (XSS) vulnerability in Prestashop
8.1.7, d ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2025-1225 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2025-1224 (A vulnerability classified as critical was found in ywoa up to
2024.07 ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2025-1216 (A vulnerability, which was classified as critical, has been
found in y ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2025-1215 (A vulnerability classified as problematic was found in vim up
to 9.1.1 ...)
TODO: check
CVE-2025-1214 (A vulnerability classified as critical has been found in
pihome-shc Pi ...)
- TODO: check
+ NOT-FOR-US: pihome-shc PiHome
CVE-2025-1213 (A vulnerability was found in pihome-shc PiHome 1.77. It has
been rated ...)
- TODO: check
+ NOT-FOR-US: pihome-shc PiHome
CVE-2025-1212 (An information disclosure vulnerability in GitLab CE/EE
affecting all ...)
TODO: check
CVE-2025-1210 (A vulnerability classified as critical was found in
code-projects Wazi ...)
- TODO: check
+ NOT-FOR-US: code-projects Wazifa System
CVE-2025-1209 (A vulnerability classified as problematic has been found in
code-proje ...)
- TODO: check
+ NOT-FOR-US: code-projects Wazifa System
CVE-2025-1208 (A vulnerability was found in code-projects Wazifa System 1.0.
It has b ...)
- TODO: check
+ NOT-FOR-US: code-projects Wazifa System
CVE-2025-1207 (A vulnerability was found in phjounin TFTPD64 4.64. It has been
declar ...)
- TODO: check
+ NOT-FOR-US: phjounin TFTPD64
CVE-2025-1206 (A vulnerability was found in Codezips Gym Management System
1.0. It ha ...)
- TODO: check
+ NOT-FOR-US: Codezips Gym Management System
CVE-2025-1202 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Church Management Software
CVE-2025-1201 (A vulnerability was found in SourceCodester Best Church
Management Sof ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Church Management Software
CVE-2025-1200 (A vulnerability was found in SourceCodester Best Church
Management Sof ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Church Management Software
CVE-2025-1199 (A vulnerability was found in SourceCodester Best Church
Management Sof ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Church Management Software
CVE-2025-1197 (A vulnerability has been found in code-projects Real Estate
Property M ...)
- TODO: check
+ NOT-FOR-US: code-projects Real Estate Property Management System
CVE-2025-1196 (A vulnerability, which was classified as problematic, was found
in cod ...)
- TODO: check
+ NOT-FOR-US: code-projects Real Estate Property Management System
CVE-2025-1195 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: code-projects Real Estate Property Management System
CVE-2025-1192 (A vulnerability was found in SourceCodester Multi Restaurant
Table Res ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Multi Restaurant Table Reservation System
CVE-2025-1191 (A vulnerability was found in SourceCodester Multi Restaurant
Table Res ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Multi Restaurant Table Reservation System
CVE-2025-1190 (A vulnerability has been found in code-projects Job Recruitment
1.0 an ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2025-1189 (A vulnerability, which was classified as critical, was found in
1000 P ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Attendance Tracking Management System
CVE-2025-1188 (A vulnerability, which was classified as critical, has been
found in C ...)
- TODO: check
+ NOT-FOR-US: Codezips Gym Management System
CVE-2025-1187 (A vulnerability classified as critical was found in
code-projects Poli ...)
- TODO: check
+ NOT-FOR-US: code-projects Police FIR Record Management System
CVE-2025-1146 (CrowdStrike uses industry-standard TLS (transport layer
security) to s ...)
TODO: check
CVE-2025-1102 (A CWE-346 "Origin Validation Error" in the CORS configuration
in Q-Fre ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-1101 (A CWE-204 "Observable Response Discrepancy" in the login page
in Q-Fre ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-1100 (A CWE-259 "Use of Hard-coded Password" for the root account in
Q-Free ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-1042 (An insecure direct object reference vulnerability in GitLab EE
affecti ...)
TODO: check
CVE-2025-0937 (Nomad Community and Nomad Enterprise ("Nomad") event stream
configured ...)
@@ -181,79 +181,79 @@ CVE-2025-0925
CVE-2025-0919
REJECTED
CVE-2025-0556 (In Progress\xae Telerik\xae Report Server, versions prior to
2025 Q1 ( ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik Report Server
CVE-2025-0516 (Improper Authorization in GitLab CE/EE affecting all versions
from 17. ...)
TODO: check
CVE-2025-0511 (The Welcart e-Commerce plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0506 (The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin
for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0376 (An XSS vulnerability exists in GitLab CE/EE affecting all
versions fro ...)
TODO: check
CVE-2025-0332 (In Progress\xae Telerik\xae UI for WinForms, versions prior to
2025 Q1 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-9870 (An external service interaction vulnerability in GitLab EE
affecting a ...)
TODO: check
CVE-2024-6097 (In Progress\xae Telerik\xae Reporting versions prior to 2025 Q1
(19.0. ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-54160 (dashboards-reporting (aka Dashboards Reports) before 2.19.0.0,
as ship ...)
TODO: check
CVE-2024-32838 (SQL Injection vulnerability in various API endpoints -
offices, dashbo ...)
- TODO: check
+ NOT-FOR-US: Apache Fineract
CVE-2024-23563 (HCL Connections Docs is vulnerable to a sensitive information
disclosu ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-13814 (The The Global Gallery - WordPress Responsive Gallery plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13532 (The Small Package Quotes \u2013 Purolator Edition plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13531 (The ShipEngine Shipping Quotes plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13528 (The Customer Email Verification for WooCommerce plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13490 (The LTL Freight Quotes \u2013 XPO Edition plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13480 (The LTL Freight Quotes \u2013 For Customers of FedEx Freight
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13477 (The LTL Freight Quotes \u2013 Unishippers Edition plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13475 (The Small Package Quotes \u2013 UPS Edition plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13473 (The LTL Freight Quotes \u2013 Worldwide Express Edition plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13459 (The FuseDesk plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13456 (The Easy Quiz Maker plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13437 (The Book a Room plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13435 (The Ebook Downloader plugin for WordPress is vulnerable to SQL
Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13365 (The Security & Malware scan by CleanTalk plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12629 (In Progress\xae Telerik\xae KendoReact versions v3.5.0 through
v9.4.0, ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-12386 (The WP Abstracts plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12379 (A denial of service vulnerability in GitLab CE/EE affecting
all versio ...)
TODO: check
CVE-2024-12315 (The Export All Posts, Products, Orders, Refunds & Users plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12296 (The Apus Framework plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12251 (In Progress\xae Telerik\xae UI for WinUI versions prior to
2025 Q1 (3. ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-12213 (The WP Job Board Pro plugin for WordPress is vulnerable to
privilege e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11629 (In Progress\xae Telerik\xae Document Processing Libraries,
versions pr ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-11628 (In Progress\xae Telerik\xae Kendo UI for Vue versions v2.4.0
through v ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-11343 (In Progress\xae Telerik\xae Document Processing Libraries,
versions pr ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-10960 (The Brizy \u2013 Page Builder plugin for WordPress is
vulnerable to ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10322 (The Brizy \u2013 Page Builder plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-21699 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.12.12-1
[bookworm] - linux 6.1.128-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ef8ef7e44c8ea59779f990ded646adc3763a82f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ef8ef7e44c8ea59779f990ded646adc3763a82f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
