[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jan 10 13:00:08 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78a28395 by Moritz Muehlenhoff at 2025-01-10T13:59:47+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to
CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey titles of ...)
TODO: check
CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the built-in mess ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2024-55226 (Vaultwarden v1.32.5 was discovered to contain an authenticated reflect ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2024-55225 (An issue in the component src/api/identity.rs of Vaultwarden prior to ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2024-55224 (An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2024-51229 (Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows ...)
NOT-FOR-US: LinZhaoguan pb-cms
CVE-2024-48806 (Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allo ...)
@@ -23,63 +23,63 @@ CVE-2024-46464 (In PRIMX ZED Enterprise up to 2024.3, technical files stored in
CVE-2024-42898 (A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 all ...)
NOT-FOR-US: Nagios XI
CVE-2024-13312 (Missing Authorization vulnerability in Drupal Open Social allows Force ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13311 (Vulnerability in Drupal Allow All File Extensions for file fields.This ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13310 (Vulnerability in Drupal Git Utilities for Drupal.This issue affects Gi ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13309 (Improper Authentication vulnerability in Drupal Login Disable allows E ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13308 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13304 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS al ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13303 (Missing Authorization vulnerability in Drupal Download All Files allow ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13302 (Incorrect Authorization vulnerability in Drupal Pages Restriction Acce ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13301 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13300 (Vulnerability in Drupal Print Anything.This issue affects Print Anythi ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13299 (Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13298 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13297 (Deserialization of Untrusted Data vulnerability in Drupal Eloqua allow ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13296 (Deserialization of Untrusted Data vulnerability in Drupal Mailjet allo ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13295 (Deserialization of Untrusted Data vulnerability in Drupal Node export ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13294 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13293 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File al ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13291 (Incorrect Authorization vulnerability in Drupal Basic HTTP Authenticat ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13290 (Incorrect Authorization vulnerability in Drupal OhDear Integration all ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13288 (Deserialization of Untrusted Data vulnerability in Drupal Monster Menu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13287 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13285 (Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *. ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13183 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12606 (The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12473 (The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-22826 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -225,101 +225,101 @@ CVE-2024-46505 (Infoblox BloxOne v2.4 was discovered to contain a business logic
CVE-2024-43176 (IBM OpenPages 9.0 could allow an authenticated user to obtain sensitiv ...)
NOT-FOR-US: IBM
CVE-2024-13284 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg al ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13283 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13282 (Incorrect Authorization vulnerability in Drupal Block permissions allo ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13281 (Incorrect Authorization vulnerability in Drupal Monster Menus allows F ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13280 (Insufficient Session Expiration vulnerability in Drupal Persistent Log ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13279 (Session Fixation vulnerability in Drupal Two-factor Authentication (TF ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13278 (Incorrect Authorization vulnerability in Drupal Diff allows Functional ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13277 (Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Fo ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13276 (Insertion of Sensitive Information Into Sent Data vulnerability in Dru ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13275 (Access of Resource Using Incompatible Type ('Type Confusion') vulnerab ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13274 (Improper Control of Interaction Frequency vulnerability in Drupal Open ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13273 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13272 (Insufficient Granularity of Access Control vulnerability in Drupal Par ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13271 (Incorrect Authorization vulnerability in Drupal Content Entity Clone a ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13270 (Incorrect Authorization vulnerability in Drupal Freelinking allows For ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13269 (Insertion of Sensitive Information Into Sent Data vulnerability in Dru ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13268 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13267 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13266 (Incorrect Authorization vulnerability in Drupal Responsive and off-can ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13265 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13264 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13263 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13262 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13261 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM a ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13260 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13259 (Insertion of Sensitive Information Into Sent Data vulnerability in Dru ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13258 (Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13257 (Incorrect Authorization vulnerability in Drupal Commerce View Receipt ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13256 (Insufficient Granularity of Access Control vulnerability in Drupal Ema ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13255 (Exposure of Sensitive Information Through Data Queries vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13254 (Insertion of Sensitive Information Into Sent Data vulnerability in Dru ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13253 (Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13252 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13251 (Incorrect Privilege Assignment vulnerability in Drupal Registration ro ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13250 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfo ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13249 (Improper Ownership Management vulnerability in Drupal Node Access Rebu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13248 (Incorrect Privilege Assignment vulnerability in Drupal Private content ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13246 (Improper Ownership Management vulnerability in Drupal Node Access Rebu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13245 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13244 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tool ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13243 (Missing Authorization vulnerability in Drupal Entity Delete Log allows ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13242 (Exposed Dangerous Method or Function vulnerability in Drupal Swift Mai ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13241 (Improper Authorization vulnerability in Drupal Open Social allows Coll ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13240 (Improper Access Control vulnerability in Drupal Open Social allows Col ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13239 (Weak Authentication vulnerability in Drupal Two-factor Authentication ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13238 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13153 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12848 (The SKT Page Builder plugin for WordPress is vulnerable to arbitrary f ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a28395aea5d380c9da89c98b8e519ac45d9491
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a28395aea5d380c9da89c98b8e519ac45d9491
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250110/908a0ee8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list