[Git][security-tracker-team/security-tracker][master] 4 commits: Add CVE-2025-24366/sftpgo
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 8 09:44:51 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9d5107b8 by Salvatore Bonaccorso at 2025-02-08T10:44:29+01:00
Add CVE-2025-24366/sftpgo
- - - - -
94f0a184 by Salvatore Bonaccorso at 2025-02-08T10:44:31+01:00
Add CVE-2025-24028/joplin
- - - - -
24cd3c30 by Salvatore Bonaccorso at 2025-02-08T10:44:33+01:00
Process some NFUs
- - - - -
d3bb24a2 by Salvatore Bonaccorso at 2025-02-08T10:44:35+01:00
Add CVE-2024-55630/joplin
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,209 +1,209 @@
CVE-2025-25187 (Joplin is a free, open source note taking and to-do application, which ...)
- joplin <itp> (bug #931306)
CVE-2025-24366 (SFTPGo is an open source, event-driven file transfer solution. SFTPGo ...)
- TODO: check
+ - sftpgo <itp> (bug #1050829)
CVE-2025-24028 (Joplin is a free, open source note taking and to-do application, which ...)
- TODO: check
+ - joplin <itp> (bug #931306)
CVE-2025-1114 (A vulnerability classified as problematic has been found in newbee-mal ...)
- TODO: check
+ NOT-FOR-US: newbee-mall
CVE-2025-1113 (A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has bee ...)
- TODO: check
+ NOT-FOR-US: tarzan-cms
CVE-2025-1096
REJECTED
CVE-2024-57606 (SQL injection vulnerability in Beijing Guoju Information Technology Co ...)
- TODO: check
+ NOT-FOR-US: Beijing Guoju Information Technology Co., Ltd JeecgBoot
CVE-2024-57357 (An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 ...)
- TODO: check
+ NOT-FOR-US: TPLINK
CVE-2024-57279 (A reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
TODO: check
CVE-2024-57278 (A reflected Cross-Site Scripting (XSS) vulnerability exists in /websca ...)
- TODO: check
+ NOT-FOR-US: QingScan
CVE-2024-55630 (Joplin is a free, open source note taking and to-do application, which ...)
- TODO: check
+ - joplin <itp> (bug #931306)
CVE-2024-55272 (An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain ...)
- TODO: check
+ NOT-FOR-US: Brainasoft Braina
CVE-2024-55215 (An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker t ...)
TODO: check
CVE-2025-25183 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
- TODO: check
+ NOT-FOR-US: vLLM
CVE-2025-25168 (Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigita ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25167 (Missing Authorization vulnerability in blackandwhitedigital BookPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25166 (Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25163 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25160 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25156 (Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25155 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25154 (Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25153 (Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25152 (Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25151 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25149 (Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25148 (Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25147 (Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25146 (Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25145 (Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25144 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25143 (Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25141 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25140 (Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25139 (Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultanc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25138 (Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25135 (Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Cus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25128 (Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25126 (Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25125 (Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quiz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25123 (Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25120 (Missing Authorization vulnerability in Melodic Media Slide Banners all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25116 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25111 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25110 (Missing Authorization vulnerability in Metagauss Event Kikfyre allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25107 (Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25106 (Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Tem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25105 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25104 (Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Previ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25103 (Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25101 (Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25096 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25095 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25093 (Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25088 (Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keywor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25085 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25082 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25081 (Missing Authorization vulnerability in DeannaS Embed RSS allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25079 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25078 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25076 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25075 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show noti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25074 (Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25073 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25072 (Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25071 (Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25069 (A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. ...)
- TODO: check
+ NOT-FOR-US: Apache Kvrocks
CVE-2025-24980 (pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In ...)
- TODO: check
+ NOT-FOR-US: pimcore/admin-ui-classic-bundle
CVE-2025-1108 (Insufficient data authenticity verification vulnerability in Janto, ve ...)
- TODO: check
+ NOT-FOR-US: Janto
CVE-2025-1107 (Unverified password change vulnerability in Janto, versions prior to r ...)
- TODO: check
+ NOT-FOR-US: Janto
CVE-2025-1106 (A vulnerability classified as critical has been found in CmsEasy 7.7.7 ...)
- TODO: check
+ NOT-FOR-US: CmsEasy
CVE-2025-1105 (A vulnerability was found in SiberianCMS 4.20.6. It has been rated as ...)
- TODO: check
+ NOT-FOR-US: SiberianCMS
CVE-2025-1104 (A vulnerability has been found in D-Link DHP-W310AV 1.04 and classifie ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-1103 (A vulnerability, which was classified as problematic, was found in D-L ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-1077 (A security vulnerability has been identified in the IBL Software Engin ...)
- TODO: check
+ NOT-FOR-US: IBL Software Engineering Visual Weather and derived products
CVE-2025-0307
REJECTED
CVE-2025-0304 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2025-0303 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2025-0302 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-9664 (The WP All Import Pro plugin for WordPress is vulnerable to PHP Object ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9661 (The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7425 (The WP ALL Export Pro plugin for WordPress is vulnerable to unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7419 (The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Cod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57707 (An issue in DataEase v1 allows an attacker to execute arbitrary code v ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-57249 (Incorrect Access Control in the Preview Function of Gleamtech FileVist ...)
- TODO: check
+ NOT-FOR-US: Gleamtech FileVista
CVE-2024-57248 (Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allo ...)
- TODO: check
+ NOT-FOR-US: Gleamtech FileVista
CVE-2024-55214 (Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allow ...)
- TODO: check
+ NOT-FOR-US: dhtmlxFileExplorer
CVE-2024-55213 (Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows ...)
- TODO: check
+ NOT-FOR-US: dhtmlxFileExplorer
CVE-2024-52884 (An issue was discovered in AudioCodes Mediant Session Border Controlle ...)
- TODO: check
+ NOT-FOR-US: AudioCodes
CVE-2024-52883 (An issue was discovered in AudioCodes One Voice Operations Center (OVO ...)
- TODO: check
+ NOT-FOR-US: AudioCodes
CVE-2024-52882 (An issue was discovered in AudioCodes One Voice Operations Center (OVO ...)
- TODO: check
+ NOT-FOR-US: AudioCodes
CVE-2024-52881 (An issue was discovered in AudioCodes One Voice Operations Center (OVO ...)
- TODO: check
+ NOT-FOR-US: AudioCodes
CVE-2024-48091 (Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vu ...)
- TODO: check
+ NOT-FOR-US: Tally Prime Edit Log
CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer ove ...)
- TODO: check
+ NOT-FOR-US: NEXTU FLETA AX1500 WIFI6
CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork compone ...)
TODO: check
CVE-2025-24032
@@ -267,7 +267,7 @@ CVE-2024-56889 (Incorrect access control in the endpoint /admin/m_delete.php of
CVE-2024-56467 (IBM EntireX 11.1 could allow a local user to obtain sensitive informat ...)
NOT-FOR-US: IBM
CVE-2024-55241 (An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a r ...)
- TODO: check
+ NOT-FOR-US: deep-diver LLM-As-Chatbot
CVE-2024-54909 (A vulnerability has been identified in GoldPanKit eva-server v4.1.0. I ...)
NOT-FOR-US: GoldPanKit eva-server
CVE-2024-54171 (IBM EntireX 11.1 is vulnerable to an XML external entity injection (XX ...)
@@ -242210,9 +242210,9 @@ CVE-2022-26391
CVE-2022-26390 (The Baxter Spectrum Wireless Battery Module (WBM) stores network crede ...)
NOT-FOR-US: Baxter Spectrum Wireless Battery Module (WBM)
CVE-2022-26389 (An improper access control vulnerability may allow privilege escalatio ...)
- TODO: check
+ NOT-FOR-US: Welch Allyn medical devices
CVE-2022-26388 (A use of hard-coded password vulnerability may allow authentication ab ...)
- TODO: check
+ NOT-FOR-US: Welch Allyn medical devices
CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe buffer ...)
{DSA-5092-1}
- linux 5.16.11-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4239c4f64a46f65dd7d9609b1e143f3f94ee0c4b...d3bb24a27d36e9a8586a47691067e8d1758c65ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4239c4f64a46f65dd7d9609b1e143f3f94ee0c4b...d3bb24a27d36e9a8586a47691067e8d1758c65ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250208/ea3df065/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list