[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 20 21:18:26 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cd92894 by Salvatore Bonaccorso at 2025-02-20T22:17:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-27096 (WeGIA is a Web Manager for Institutions with a focus on Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264 encoding ...)
TODO: check
CVE-2025-26618 (Erlang is a programming language and runtime system for building massi ...)
@@ -21,17 +21,17 @@ CVE-2025-26305 (A memory leak has been identified in the parseSWF_SOUNDINFO func
CVE-2025-26304 (A memory leak has been identified in the parseSWF_EXPORTASSETS functio ...)
TODO: check
CVE-2025-25973 (A stored Cross Site Scripting vulnerability in the "related recommenda ...)
- TODO: check
+ NOT-FOR-US: Ppress
CVE-2025-25968 (DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper acc ...)
- TODO: check
+ NOT-FOR-US: DDSN Interactive cm3 Acora CMS
CVE-2025-25299 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...)
TODO: check
CVE-2025-24893 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-21106 (Dell Recover Point for Virtual Machines 6.0.X contains a Weak file sys ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-21105 (Dell RecoverPoint for Virtual Machines 6.0.X contains a command execut ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-20059 (Relative Path Traversal vulnerability in Ping Identity PingAM Java Pol ...)
TODO: check
CVE-2025-1483 (The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for WordPress ...)
@@ -39,7 +39,7 @@ CVE-2025-1483 (The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for Word
CVE-2025-1328 (The Typed JS: A typewriter style animation plugin for WordPress is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1265 (An OS command injection vulnerability exists in Vinci Protocol Analyze ...)
- TODO: check
+ NOT-FOR-US: Vinci Protocol Analyzer
CVE-2025-1258
REJECTED
CVE-2025-1064 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPr ...)
@@ -51,31 +51,31 @@ CVE-2025-1039 (The Lenix Elementor Leads addon plugin for WordPress is vulnerabl
CVE-2025-0897 (The Modal Window \u2013 create popup modal window plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0868 (A vulnerability, that could result in Remote Code Execution (RCE), has ...)
- TODO: check
+ NOT-FOR-US: DocsGPT
CVE-2025-0866 (The Legoeso PDF Manager plugin for WordPress is vulnerable to time-bas ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0352 (Rapid Response Monitoring My Security Account App utilizes an API that ...)
- TODO: check
+ NOT-FOR-US: Rapid Response Monitoring My Security Account App
CVE-2025-0161 (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11. ...)
NOT-FOR-US: IBM
CVE-2024-7141 (Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross ...)
- TODO: check
+ NOT-FOR-US: Gliffy Online
CVE-2024-6432 (The Content Blocks (Custom Post Widget) plugin for WordPress is vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2024-57716 (An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker ...)
- TODO: check
+ NOT-FOR-US: AutoQueryable
CVE-2024-57401 (SQL Injection vulnerability in Uniclare Student portal v.2 and before ...)
- TODO: check
+ NOT-FOR-US: Uniclare Student portal
CVE-2024-55457 (MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama ...)
- TODO: check
+ NOT-FOR-US: MasterSAM Star Gate
CVE-2024-54961 (Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, whic ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-54960 (A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-54959 (Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CS ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-54958 (Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting ( ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-49781 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to a ...)
NOT-FOR-US: IBM
CVE-2024-49779 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a re ...)
@@ -85,7 +85,7 @@ CVE-2024-49344 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Wat
CVE-2024-49337 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerabl ...)
NOT-FOR-US: IBM
CVE-2024-46933 (An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C ...)
- TODO: check
+ NOT-FOR-US: Atos Eviden
CVE-2024-13888 (The WPMobile.App plugin for WordPress is vulnerable to Open Redirect i ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13855 (The Prime Addons for Elementor plugin for WordPress is vulnerable to I ...)
@@ -107,65 +107,65 @@ CVE-2024-13520 (The Gift Cards (Gift Vouchers and Packages) (WooCommerce Support
CVE-2024-13476 (The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51339 (A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Ticketing System
CVE-2023-51338 (PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Meeting Room Booking System
CVE-2023-51337 (PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Ticketing System
CVE-2023-51336 (PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injec ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Meeting Room Booking System
CVE-2023-51335 (PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2023-51334 (A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2023-51333 (PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2023-51332 (A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Meeting Room Booking System
CVE-2023-51331 (PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Inject ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cleaning Business Software
CVE-2023-51330 (PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cinema Booking System
CVE-2023-51327 (A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cleaning Business Software
CVE-2023-51326 (A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cleaning Business Software
CVE-2023-51325 (PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Shared Asset Booking System
CVE-2023-51324 (PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injec ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Shared Asset Booking System
CVE-2023-51323 (A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Shared Asset Booking System
CVE-2023-51321 (A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Night Club Booking Software
CVE-2023-51320 (PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injec ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Night Club Booking Software
CVE-2023-51319 (PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Bus Reservation System
CVE-2023-51318 (PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Store ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Bus Reservation System
CVE-2023-51317 (PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HT ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Restaurant Booking System
CVE-2023-51316 (A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Bus Reservation System
CVE-2023-51315 (PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple St ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Restaurant Booking System
CVE-2023-51314 (A lack of rate limiting in the 'Forgot Password', 'Email Settings' fea ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Restaurant Booking System
CVE-2023-51313 (PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injecti ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Restaurant Booking System
CVE-2023-51312 (PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected C ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Restaurant Booking System
CVE-2023-51311 (PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Car Park Booking System
CVE-2023-51310 (A lack of rate limiting in the 'Forgot Password', 'Email Settings' fea ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Car Park Booking System
CVE-2023-51309 (A lack of rate limiting in the 'Email Settings' feature of PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Car Park Booking System
CVE-2023-51308 (PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Car Park Booking System
CVE-2023-51306 (PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Store ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Ticketing System
CVE-2025-27218 (Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 bef ...)
NOT-FOR-US: Sitecore
CVE-2025-27092 (GHOSTS is an open source user simulation framework for cyber experimen ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd928941cbfff1bd4c20144a3458b7b38499b70
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd928941cbfff1bd4c20144a3458b7b38499b70
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250220/c41dbac4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list