[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 6 11:08:25 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb39b323 by Moritz Muehlenhoff at 2025-02-06T12:07:37+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-22890 (Execution with unnecessary privileges issue exists in Defense Pl
CVE-2025-20094 (Unprotected Windows messaging channel ('Shatter') issue exists in Defe ...)
NOT-FOR-US: Defense Platform Home Edition
CVE-2025-1066 (OpenPLC_V3 contains an arbitrary file upload vulnerability, which coul ...)
- TODO: check
+ NOT-FOR-US: OpenPLC
CVE-2025-0799 (IBM App Connect enterprise12.0.1.0 through 12.0.12.10 and13.0.1.0 thro ...)
NOT-FOR-US: IBM
CVE-2025-0522 (The LikeBot WordPress plugin through 0.85 does not have CSRF check in ...)
@@ -35,19 +35,19 @@ CVE-2024-57081 (A prototype pollution in the lib.fromQuery function of underscor
CVE-2024-57080 (A prototype pollution in the lib.install function of vxe-table v4.8.10 ...)
NOT-FOR-US: Node vxe-table
CVE-2024-57079 (A prototype pollution in the lib.deepMerge function of @zag-js/core v0 ...)
- TODO: check
+ NOT-FOR-US: Node @zag-js/core
CVE-2024-57078 (A prototype pollution in the lib.merge function of cli-util v1.1.27 al ...)
- TODO: check
+ NOT-FOR-US: Node cli-util
CVE-2024-57077 (The latest version of utils-extend (1.0.8) is vulnerable to Prototype ...)
- TODO: check
+ NOT-FOR-US: Node utils-extend
CVE-2024-57076 (A prototype pollution in the lib.post function of ajax-request v1.2.3 ...)
- TODO: check
+ NOT-FOR-US: Node ajax-request
CVE-2024-57075 (A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 ...)
- TODO: check
+ NOT-FOR-US: Node eazy-logger
CVE-2024-57074 (A prototype pollution in the lib.merge function of xe-utils v3.5.31 al ...)
- TODO: check
+ NOT-FOR-US: Node xe-utils
CVE-2024-57072 (A prototype pollution in the lib.requireFromString function of module- ...)
- TODO: check
+ NOT-FOR-US: Node module-from-string
CVE-2024-57071 (A prototype pollution in the lib.combine function of php-parser v3.2.1 ...)
TODO: check
CVE-2024-57069 (A prototype pollution in the lib function of expand-object v0.4.2 allo ...)
@@ -109,19 +109,19 @@ CVE-2024-38316 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 does not properly rate
CVE-2024-13487 (The The CURCY \u2013 Multi Currency for WooCommerce \u2013 The best fr ...)
NOT-FOR-US: WordPress plugin
CVE-2025-24805 (Mobile Security Framework (MobSF) is an automated, all-in-one mobile a ...)
- TODO: check
+ NOT-FOR-US: Mobile Security Framework (MobSF)
CVE-2025-24804 (Mobile Security Framework (MobSF) is an automated, all-in-one mobile a ...)
- TODO: check
+ NOT-FOR-US: Mobile Security Framework (MobSF)
CVE-2025-24803 (Mobile Security Framework (MobSF) is an automated, all-in-one mobile a ...)
- TODO: check
+ NOT-FOR-US: Mobile Security Framework (MobSF)
CVE-2025-24497 (When URL categorization is configured on a virtual server, undisclosed ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-24372 (CKAN is an open-source DMS (data management system) for powering data ...)
- TODO: check
+ NOT-FOR-US: ckan
CVE-2025-24326 (When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures fea ...)
NOT-FOR-US: F5
CVE-2025-24320 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-24319 (When BIG-IP Next Central Manager is running, undisclosed requests to t ...)
NOT-FOR-US: F5
CVE-2025-24312 (When BIG-IP AFM is provisioned with IPS module enabled and protocol in ...)
@@ -129,9 +129,9 @@ CVE-2025-24312 (When BIG-IP AFM is provisioned with IPS module enabled and proto
CVE-2025-23419 (When multiple server blocks are configured to share the same IP addres ...)
TODO: check
CVE-2025-23415 (An insufficient verification of data authenticity vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-23413 (When users log in through the webUI or API using local authentication, ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-23412 (When BIG-IP APM Access Profile is configured on a virtual server, undi ...)
NOT-FOR-US: F5
CVE-2025-23239 (When running in Appliance mode, an authenticated remote command inject ...)
@@ -147,7 +147,7 @@ CVE-2025-21091 (When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requ
CVE-2025-21087 (When Client or Server SSL profiles are configured on a Virtual Server, ...)
NOT-FOR-US: F5
CVE-2025-20207 (A vulnerability in Simple Network Management Protocol (SNMP) polling f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20205 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2025-20204 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -189,7 +189,7 @@ CVE-2025-20045 (When SIP session Application Level Gateway mode (ALG) profile wi
CVE-2025-20029 (Command injection vulnerability exists in iControl REST and BIG-IP TMO ...)
NOT-FOR-US: F5
CVE-2025-0858 (A vulnerability was discovered in the firmware builds up to 8.2.1.0820 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-9631 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-9097 (ManageEngine Endpoint Central versions before11.3.2440.09 are vulnerab ...)
@@ -197,25 +197,25 @@ CVE-2024-9097 (ManageEngine Endpoint Central versions before11.3.2440.09 are vul
CVE-2024-6356 (An issue was discovered in GitLab EE affecting all versions starting f ...)
TODO: check
CVE-2024-56135 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-56134 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-56133 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-56132 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-56131 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-52365 (IBM Cloud Pak for Business Automation18.0.0, 18.0.1, 18.0.2, 19.0.1, 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-52364 (IBM Cloud Pak for Business Automation18.0.0, 18.0.1, 18.0.2, 19.0.1, 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-49352 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-49348 (IBM Cloud Pak for Business Automation18.0.0, 18.0.1, 18.0.2, 19.0.1, 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-42207 (HCL iAutomate is affected by a session fixation vulnerability. An atta ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-3976 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
TODO: check
CVE-2024-39564 (This is a similar, but different vulnerability than the issue reported ...)
@@ -267,9 +267,9 @@ CVE-2025-24967 (reNgine is an automated reconnaissance framework for web applica
CVE-2025-24966 (reNgine is an automated reconnaissance framework for web applications. ...)
NOT-FOR-US: reNgine
CVE-2025-24964 (Vitest is a testing framework powered by Vite. Affected versions are s ...)
- TODO: check
+ NOT-FOR-US: Vitest
CVE-2025-24963 (Vitest is a testing framework powered by Vite. The `__screenshot-error ...)
- TODO: check
+ NOT-FOR-US: Vitest
CVE-2025-24860 (Incorrect Authorization vulnerability in Apache Cassandra allowing use ...)
- cassandra <itp> (bug #585905)
CVE-2025-24677 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
@@ -341,13 +341,13 @@ CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are vulne
CVE-2025-1022 (Versions of the package spatie/browsershot before 5.0.5 are vulnerable ...)
TODO: check
CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds checks ...)
- TODO: check
+ NOT-FOR-US: AutomationDirect C-more EA9 HMI
CVE-2025-0890 (**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Tel ...)
NOT-FOR-US: Zyxel
CVE-2025-0825 (cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF chara ...)
TODO: check
CVE-2025-0630 (Multiple Western Telematic (WTI) products contain a web interface that ...)
- TODO: check
+ NOT-FOR-US: Western Telematic
CVE-2025-0413 (Parallels Desktop Technical Data Reporter Link Following Local Privile ...)
NOT-FOR-US: Parallels Desktop
CVE-2025-0364 (BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb39b3235a8e4c7ea115bceedcafc337237c87be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb39b3235a8e4c7ea115bceedcafc337237c87be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250206/f22f61c7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list