[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 21 20:41:36 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dac300bf by Salvatore Bonaccorso at 2025-01-21T21:39:55+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,149 +53,149 @@ CVE-2025-23184 (A potential denial of service vulnerability is present in versio
CVE-2025-23086 (On most desktop platforms, Brave Browser versions 1.70.x-1.73.x includ ...)
- brave-browser <itp> (bug #864795)
CVE-2025-22825 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22763 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22735 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22733 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22732 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22727 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22723 (Unrestricted Upload of File with Dangerous Type vulnerability in UkrSo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22722 (Missing Authorization vulnerability in Widget Options Team Widget Opti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22721 (Missing Authorization vulnerability in Farhan Noor ApplyOnline \u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22719 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22718 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22717 (Missing Authorization vulnerability in Joe Dolson My Tickets allows Ac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22711 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22710 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22709 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22706 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22661 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22553 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22318 (Missing Authorization vulnerability in Eniture Technology Standard Box ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22311 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22276 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22267 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22262 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22150 (Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to v ...)
TODO: check
CVE-2025-0623
REJECTED
CVE-2025-0615 (Input validation vulnerability in Qualifio's Wheel of Fortune. This vu ...)
- TODO: check
+ NOT-FOR-US: Qualifio's Wheel of Fortune
CVE-2025-0614 (Input validation vulnerability in Qualifio's Wheel of Fortune. This vu ...)
- TODO: check
+ NOT-FOR-US: Qualifio's Wheel of Fortune
CVE-2025-0450 (The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0377 (HashiCorp\u2019s go-slug library is vulnerable to a zip-slip style att ...)
TODO: check
CVE-2025-0371 (The JetElements plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6466 (NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an att ...)
- TODO: check
+ NOT-FOR-US: NEC Corporation's WebSAM DeploymentManager
CVE-2024-57036 (TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-56998 (PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2024-56997 (PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2024-56990 (PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2024-56277 (Improper Encoding or Escaping of Output vulnerability in Poll Maker Te ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55504 (An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows loc ...)
TODO: check
CVE-2024-54795 (SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vul ...)
- TODO: check
+ NOT-FOR-US: SpagoBI
CVE-2024-54794 (The script input feature of SpagoBI 3.5.1 allows arbitrary code execut ...)
- TODO: check
+ NOT-FOR-US: SpagoBI
CVE-2024-54792 (A Cross-Site Request Forgery (CSRF) vulnerability has been found in Sp ...)
- TODO: check
+ NOT-FOR-US: SpagoBI
CVE-2024-53829 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
TODO: check
CVE-2024-52973 (An allocation of resources without limits or throttling in Kibana can ...)
TODO: check
CVE-2024-51919 (Unrestricted Upload of File with Dangerous Type vulnerability in NotFo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51888 (Incorrect Privilege Assignment vulnerability in NotFound Homey Login R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51818 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51417 (An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows rem ...)
TODO: check
CVE-2024-49700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49699 (Deserialization of Untrusted Data vulnerability in NotFound ARPrice al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49688 (Deserialization of Untrusted Data vulnerability in NotFound ARPrice al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49666 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49655 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49333 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49303 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49300 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45687 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Reque ...)
- TODO: check
+ NOT-FOR-US: Payara
CVE-2024-45091 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-43709 (An allocation of resources without limits or throttling in Elasticsear ...)
TODO: check
CVE-2024-42936 (The mqlink.elf is service component in Ruijie RG-EW300N with firmware ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-37284 (Improper handling of alternate encoding occurs when Elastic Defend on ...)
TODO: check
CVE-2024-32555 (Incorrect Privilege Assignment vulnerability in NotFound Easy Real Est ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13536 (The 1003 Mortgage Application plugin for WordPress is vulnerable to Fu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13454 (Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allo ...)
TODO: check
CVE-2024-13444 (The wp-greet plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13404 (The Link Library plugin for WordPress is vulnerable to Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13230 (The Social Share, Social Login and Social Comments Plugin \u2013 Super ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12104 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12005 (The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11226 (The FireCask Like & Share Button plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10936 (The String locator plugin for WordPress is vulnerable to PHP Object In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45908 (Homarr before v0.14.0 was discovered to contain a stored cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Homarr
CVE-2024-45479
NOT-FOR-US: Apache Ranger
CVE-2024-45478
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac300bf49e0b05a382785284c21358d2b31da49
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac300bf49e0b05a382785284c21358d2b31da49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250121/ef786e65/attachment.htm>
More information about the debian-security-tracker-commits
mailing list