[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 13 06:10:21 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ef8ef7e by Salvatore Bonaccorso at 2025-02-13T07:09:58+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,177 +1,177 @@
CVE-2025-26378 (A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q- ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26377 (A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q- ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26376 (A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q- ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26375 (A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q- ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26374 (A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26373 (A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26372 (A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26371 (A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26370 (A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26369 (A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26368 (A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26367 (A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26366 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26365 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26364 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26363 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26362 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26361 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26360 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26359 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26358 (A CWE-20 "Improper Input Validation" in ldbMT.so in Q-Free MaxTime les ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26357 (A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Fr ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26356 (A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setAct ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26355 (A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Fr ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26354 (A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy e ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26353 (A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26352 (A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26351 (A CWE-35 "Path Traversal" in the template download mechanism in Q-Free ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26350 (A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the tem ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26349 (A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-F ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26348 (A CWE-89 "Improper Neutralization of Special Elements used in an SQL C ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26347 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26346 (A CWE-89 "Improper Neutralization of Special Elements used in an SQL C ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26345 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26344 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26343 (A CWE-1390 "Weak Authentication" in the PIN authentication mechanism i ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26342 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26341 (A CWE-306 "Missing Authentication for Critical Function" in maxprofile ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26340 (A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-26339 (A CWE-306 "Missing Authentication for Critical Function" in maxtime/ha ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-25746 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25744 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25743 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command inject ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25742 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25741 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based bu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-25351 (PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Inje ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Daily Expense Tracker System
CVE-2025-25349 (PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Inje ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Daily Expense Tracker System
CVE-2025-25343 (Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25283 (parse-duraton is software that allows users to convert a human readabl ...)
TODO: check
CVE-2025-25205 (Audiobookshelf is a self-hosted audiobook and podcast server. Starting ...)
TODO: check
CVE-2025-25201 (Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For re ...)
- TODO: check
+ NOT-FOR-US: Nitrokey 3 Firmware
CVE-2025-25200 (Koa is expressive middleware for Node.js using ES2017 async functions. ...)
TODO: check
CVE-2025-25199 (go-crypto-winnative Go crypto backend for Windows using Cryptography A ...)
TODO: check
CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite based on d ...)
- TODO: check
+ NOT-FOR-US: mailcow
CVE-2025-25184 (Rack provides an interface for developing web applications in Ruby. Pr ...)
TODO: check
CVE-2025-25182 (Stroom is a data processing, storage and analysis platform. A vulnerab ...)
- TODO: check
+ NOT-FOR-US: Stroom
CVE-2025-1244 (A flaw was found in the Emacs text editor. Improper handling of custom ...)
TODO: check
CVE-2025-1230 (Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, d ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2025-1225 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2025-1224 (A vulnerability classified as critical was found in ywoa up to 2024.07 ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2025-1216 (A vulnerability, which was classified as critical, has been found in y ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2025-1215 (A vulnerability classified as problematic was found in vim up to 9.1.1 ...)
TODO: check
CVE-2025-1214 (A vulnerability classified as critical has been found in pihome-shc Pi ...)
- TODO: check
+ NOT-FOR-US: pihome-shc PiHome
CVE-2025-1213 (A vulnerability was found in pihome-shc PiHome 1.77. It has been rated ...)
- TODO: check
+ NOT-FOR-US: pihome-shc PiHome
CVE-2025-1212 (An information disclosure vulnerability in GitLab CE/EE affecting all ...)
TODO: check
CVE-2025-1210 (A vulnerability classified as critical was found in code-projects Wazi ...)
- TODO: check
+ NOT-FOR-US: code-projects Wazifa System
CVE-2025-1209 (A vulnerability classified as problematic has been found in code-proje ...)
- TODO: check
+ NOT-FOR-US: code-projects Wazifa System
CVE-2025-1208 (A vulnerability was found in code-projects Wazifa System 1.0. It has b ...)
- TODO: check
+ NOT-FOR-US: code-projects Wazifa System
CVE-2025-1207 (A vulnerability was found in phjounin TFTPD64 4.64. It has been declar ...)
- TODO: check
+ NOT-FOR-US: phjounin TFTPD64
CVE-2025-1206 (A vulnerability was found in Codezips Gym Management System 1.0. It ha ...)
- TODO: check
+ NOT-FOR-US: Codezips Gym Management System
CVE-2025-1202 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Church Management Software
CVE-2025-1201 (A vulnerability was found in SourceCodester Best Church Management Sof ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Church Management Software
CVE-2025-1200 (A vulnerability was found in SourceCodester Best Church Management Sof ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Church Management Software
CVE-2025-1199 (A vulnerability was found in SourceCodester Best Church Management Sof ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Church Management Software
CVE-2025-1197 (A vulnerability has been found in code-projects Real Estate Property M ...)
- TODO: check
+ NOT-FOR-US: code-projects Real Estate Property Management System
CVE-2025-1196 (A vulnerability, which was classified as problematic, was found in cod ...)
- TODO: check
+ NOT-FOR-US: code-projects Real Estate Property Management System
CVE-2025-1195 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: code-projects Real Estate Property Management System
CVE-2025-1192 (A vulnerability was found in SourceCodester Multi Restaurant Table Res ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Multi Restaurant Table Reservation System
CVE-2025-1191 (A vulnerability was found in SourceCodester Multi Restaurant Table Res ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Multi Restaurant Table Reservation System
CVE-2025-1190 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2025-1189 (A vulnerability, which was classified as critical, was found in 1000 P ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Attendance Tracking Management System
CVE-2025-1188 (A vulnerability, which was classified as critical, has been found in C ...)
- TODO: check
+ NOT-FOR-US: Codezips Gym Management System
CVE-2025-1187 (A vulnerability classified as critical was found in code-projects Poli ...)
- TODO: check
+ NOT-FOR-US: code-projects Police FIR Record Management System
CVE-2025-1146 (CrowdStrike uses industry-standard TLS (transport layer security) to s ...)
TODO: check
CVE-2025-1102 (A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Fre ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-1101 (A CWE-204 "Observable Response Discrepancy" in the login page in Q-Fre ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-1100 (A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free ...)
- TODO: check
+ NOT-FOR-US: Q-Free MaxTime
CVE-2025-1042 (An insecure direct object reference vulnerability in GitLab EE affecti ...)
TODO: check
CVE-2025-0937 (Nomad Community and Nomad Enterprise ("Nomad") event stream configured ...)
@@ -181,79 +181,79 @@ CVE-2025-0925
CVE-2025-0919
REJECTED
CVE-2025-0556 (In Progress\xae Telerik\xae Report Server, versions prior to 2025 Q1 ( ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik Report Server
CVE-2025-0516 (Improper Authorization in GitLab CE/EE affecting all versions from 17. ...)
TODO: check
CVE-2025-0511 (The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0506 (The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0376 (An XSS vulnerability exists in GitLab CE/EE affecting all versions fro ...)
TODO: check
CVE-2025-0332 (In Progress\xae Telerik\xae UI for WinForms, versions prior to 2025 Q1 ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-9870 (An external service interaction vulnerability in GitLab EE affecting a ...)
TODO: check
CVE-2024-6097 (In Progress\xae Telerik\xae Reporting versions prior to 2025 Q1 (19.0. ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-54160 (dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as ship ...)
TODO: check
CVE-2024-32838 (SQL Injection vulnerability in various API endpoints - offices, dashbo ...)
- TODO: check
+ NOT-FOR-US: Apache Fineract
CVE-2024-23563 (HCL Connections Docs is vulnerable to a sensitive information disclosu ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-13814 (The The Global Gallery - WordPress Responsive Gallery plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13532 (The Small Package Quotes \u2013 Purolator Edition plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13531 (The ShipEngine Shipping Quotes plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13528 (The Customer Email Verification for WooCommerce plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13490 (The LTL Freight Quotes \u2013 XPO Edition plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13480 (The LTL Freight Quotes \u2013 For Customers of FedEx Freight plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13477 (The LTL Freight Quotes \u2013 Unishippers Edition plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13475 (The Small Package Quotes \u2013 UPS Edition plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13473 (The LTL Freight Quotes \u2013 Worldwide Express Edition plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13459 (The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13456 (The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13437 (The Book a Room plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13435 (The Ebook Downloader plugin for WordPress is vulnerable to SQL Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13365 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12629 (In Progress\xae Telerik\xae KendoReact versions v3.5.0 through v9.4.0, ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-12386 (The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12379 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
TODO: check
CVE-2024-12315 (The Export All Posts, Products, Orders, Refunds & Users plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12296 (The Apus Framework plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12251 (In Progress\xae Telerik\xae UI for WinUI versions prior to 2025 Q1 (3. ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-12213 (The WP Job Board Pro plugin for WordPress is vulnerable to privilege e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11629 (In Progress\xae Telerik\xae Document Processing Libraries, versions pr ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-11628 (In Progress\xae Telerik\xae Kendo UI for Vue versions v2.4.0 through v ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-11343 (In Progress\xae Telerik\xae Document Processing Libraries, versions pr ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik
CVE-2024-10960 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10322 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-21699 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.12.12-1
[bookworm] - linux 6.1.128-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ef8ef7e44c8ea59779f990ded646adc3763a82f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ef8ef7e44c8ea59779f990ded646adc3763a82f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250213/ec29aaff/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list