[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 11 08:58:48 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
40000c92 by Salvatore Bonaccorso at 2025-01-11T09:58:21+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,193 +19,193 @@ CVE-2025-23022 (FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cf
CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (an ...)
TODO: check
CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injectio ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-22946 (Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-22600 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22599 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22598 (WeGIA is a web manager for charitable institutions. A Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22597 (WeGIA is a web manager for charitable institutions. A Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22596 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-22152 (Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $p ...)
- TODO: check
+ NOT-FOR-US: Atheos
CVE-2025-0390 (A vulnerability classified as critical was found in Guangzhou Huayi In ...)
- TODO: check
+ NOT-FOR-US: Guangzhou Huayi Intelligent Technology Jeewms
CVE-2025-0107 (An OS command injection vulnerability in Palo Alto Networks Expedition ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0106 (A wildcard expansion vulnerability in Palo Alto Networks Expedition al ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0105 (An arbitrary file deletion vulnerability in Palo Alto Networks Expedit ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0104 (A reflected cross-site scripting (XSS) vulnerability in Palo Alto Netw ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-0103 (An SQL injection vulnerability in Palo Alto Networks Expedition enable ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-9188 (Specially constructed queries cause cross platform scripting leaking a ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-9134 (Multiple SQL Injection vulnerabilities exist in the reporting applicat ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-9133 (A user with administrator privileges is able to retrieve authenticatio ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-9132 (The administrator is able to configure an insecure captive portal scri ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-9131 (A user with administrator privileges can perform command injection)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-7142 (On Arista CloudVision Appliance (CVA) affected releases running on app ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-7095 (On affected platforms running Arista EOS with SNMP configured, if \u20 ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-6880 (During MegaBIP installation process, a user is encouraged to change a ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2024-6662 (Websites managed by MegaBIP in versions below 5.15 are vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2024-6437 (On affected platforms running Arista EOS with one of the following fea ...)
TODO: check
CVE-2024-5872 (On affected platforms running Arista EOS, a specially crafted packet w ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2024-57823 (In Raptor RDF Syntax Library through 2.0.16, there is an integer under ...)
TODO: check
CVE-2024-57822 (In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buf ...)
TODO: check
CVE-2024-57687 (An OS Command Injection vulnerability was found in /landrecordsys/admi ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Land Record System
CVE-2024-57686 (A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Land Record System
CVE-2024-57228 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57227 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57226 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57225 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57224 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57223 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57222 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-57214 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-57213 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-57212 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-57211 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-56511 (DataEase is an open source data visualization analysis tool. Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-54998 (MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2024-54997 (MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2024-54996 (MonicaHQ v4.1.2 was discovered to contain multiple authenticated Clien ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2024-54994 (MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injecti ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2024-54910 (Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure P ...)
- TODO: check
+ NOT-FOR-US: Hasleo Backup Suite Free
CVE-2024-54849 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obt ...)
- TODO: check
+ NOT-FOR-US: CP Plus CP-VNR-3104
CVE-2024-54848 (Improper handling and storage of certificates in CP Plus CP-VNR-3104 B ...)
- TODO: check
+ NOT-FOR-US: CP Plus CP-VNR-3104
CVE-2024-54847 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to acc ...)
- TODO: check
+ NOT-FOR-US: CP Plus CP-VNR-3104
CVE-2024-54846 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obt ...)
- TODO: check
+ NOT-FOR-US: CP Plus CP-VNR-3104
CVE-2024-54687 (Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: Vtiger CRM
CVE-2024-50807 (Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scrip ...)
- TODO: check
+ NOT-FOR-US: Trippo Responsive Filemanager
CVE-2024-47520 (A user with advanced report application access rights can perform acti ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-47519 (Backup uploads to ETM subject to man-in-the-middle interception)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-47518 (Specially constructed queries targeting ETM could discover active remo ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-47517 (Expired and unusable administrator authentication tokens can be reveal ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-46210 (An arbitrary file upload vulnerability in the MediaPool module of Reda ...)
- TODO: check
+ NOT-FOR-US: Redaxo CMS
CVE-2024-42175 (HCL MyXalytics is affected by a weak input validation vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42174 (HCL MyXalytics is affected by username enumeration vulnerability. Thi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42173 (HCL MyXalytics is affected by an improper password policy implementati ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42172 (HCL MyXalytics is affected by broken authentication. It allows attack ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42171 (HCL MyXalytics is affected by a session fixation vulnerability. Cyber ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42170 (HCL MyXalytics is affected by a session fixation vulnerability. Cyber ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42169 (HCL MyXalytics is affected by insecure direct object references. It o ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42168 (HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnera ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-41787 (IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 cou ...)
NOT-FOR-US: IBM
CVE-2024-33299 (Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remo ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2024-33298 (Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 al ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2024-33297 (Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remo ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2024-29971 (Scontain SCONE 5.8.0 has an interface vulnerability that leads to stat ...)
- TODO: check
+ NOT-FOR-US: Scontain SCONE
CVE-2024-29970 (Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that l ...)
- TODO: check
+ NOT-FOR-US: Fortanix Enclave OS
CVE-2024-25371 (Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from a ...)
- TODO: check
+ NOT-FOR-US: Gramine
CVE-2024-13318 (The Essential WP Real Estate plugin for WordPress is vulnerable to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12877 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12847 (NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication by ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2024-12627 (The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12587 (The Contact Form Master WordPress plugin through 1.0.7 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12527 (The Perfect Portal Widgets plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12520 (The Dominion \u2013 Domain Checker for WPBakery plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12519 (The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12505 (The Trackserver plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12472 (The Post Duplicator plugin for WordPress is vulnerable to Information ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12412 (The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12407 (The Push Notification for Post and BuddyPress plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12404 (The CF Internal Link Shortcode plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12304 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12204 (The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12116 (The Unlimited Theme Addon For Elementor and WooCommerce plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11915 (The RRAddons for Elementor plugin for WordPress is vulnerable to Infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11892 (The Accordion Slider Lite plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11874 (The Grid Accordion Lite plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11758 (The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11386 (The GatorMail SmartForms plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11327 (The ClickWhale \u2013 Link Manager, Link Shortener and Click Tracker f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purvie ...)
NOT-FOR-US: Microsoft
CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an authorized a ...)
@@ -213,7 +213,7 @@ CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an author
CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
NOT-FOR-US: WordPress plugin
CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey titles of ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the built-in mess ...)
NOT-FOR-US: REDCap
CVE-2024-55226 (Vaultwarden v1.32.5 was discovered to contain an authenticated reflect ...)
@@ -589,7 +589,7 @@ CVE-2024-11328 (The CLUEVO LMS, E-Learning Platform plugin for WordPress is vuln
CVE-2024-10215 (The WPBookit plugin for WordPress is vulnerable to Arbitrary User Pass ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10106 (A buffer overflow vulnerability in the packet handoff plugin allows an ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permission ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-22445 (Mattermost versions 10.x <= 10.2 fail to accurately reflect missing se ...)
@@ -148029,7 +148029,7 @@ CVE-2023-28356 (A vulnerability has been identified where a maliciously crafted
CVE-2023-28355
RESERVED
CVE-2023-28354 (An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Opsview Monitor Agent
CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. An ...)
NOT-FOR-US: Faronics Insight
CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. By ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40000c92538bea59381e933347ba07a7ef82c678
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40000c92538bea59381e933347ba07a7ef82c678
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250111/ae68c7ea/attachment.htm>
More information about the debian-security-tracker-commits
mailing list