[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 23 20:40:57 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ecaa5c6 by Salvatore Bonaccorso at 2025-01-23T21:40:34+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,135 +1,135 @@
CVE-2025-24353 (Directus is a real-time API and App dashboard for managing SQL databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2025-24034 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
- TODO: check
+ NOT-FOR-US: Himmelblau
CVE-2025-24033 (@fastify/multipart is a Fastify plugin for parsing the multipart conte ...)
- TODO: check
+ NOT-FOR-US: fastify/multipart
CVE-2025-23960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23894 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23733 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23730 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23729 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23727 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23725 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23724 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23723 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23722 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23636 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23634 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23628 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23626 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23624 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23227 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...)
NOT-FOR-US: IBM
CVE-2025-23006 (Pre-authentication deserialization of untrusted data vulnerability has ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-22768 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Med ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22264 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22153 (RestrictedPython is a tool that helps to define a subset of the Python ...)
TODO: check
CVE-2025-0648 (Unexpected server crash in database driver in M-Files Server before 25 ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-0637 (It has been found that the Beta10 software does not provide for proper ...)
- TODO: check
+ NOT-FOR-US: Beta10
CVE-2025-0635 (Denial of service condition in M-Files Server in versions before 25. ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-0619 (Unsafe password recovery from configuration in M-Files Server before 2 ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2024-55971 (SQL Injection vulnerability in the default configuration of the Logiti ...)
- TODO: check
+ NOT-FOR-US: Logitime WebClock application
CVE-2024-55930 (Weak default folder permissions)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55929 (Mail spoofing)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55928 (Clear text secrets returned & Remote system secrets in clear text)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55927 (Flawed token generation implementation & Hard-coded key implementation)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55926 (Arbitrary file upload, deletion and read through header manipulation)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55925 (API Security bypass through header manipulation)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-52331 (ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
CVE-2024-52330 (ECOVACS lawnmowers and vacuums do not properly validate TLS certificat ...)
- TODO: check
+ NOT-FOR-US: ECOVACS lawnmowers and vacuums
CVE-2024-52329 (ECOVACS HOME mobile app plugins for specific robots do not properly va ...)
- TODO: check
+ NOT-FOR-US: ECOVACS HOME mobile app plugins
CVE-2024-52328 (ECOVACS robot lawnmowers and vacuums insecurely store audio files used ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
CVE-2024-52327 (The cloud service used by ECOVACS robot lawnmowers and vacuums allows ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
CVE-2024-52325 (ECOVACS robot lawnmowers and vacuums are vulnerable to command injecti ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
CVE-2024-45672 (IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local pr ...)
NOT-FOR-US: IBM
CVE-2024-43708 (An allocation of resources without limits or throttling in Kibana can ...)
TODO: check
CVE-2024-13593 (The BMLT Meeting Map plugin for WordPress is vulnerable to Local File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13511 (The Variation Swatches for WooCommerce plugin, in all versions startin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13422 (The SEO Blogger to WordPress Migration using 301 Redirection plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13389 (The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13340 (The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13236 (The Tainacan plugin for WordPress is vulnerable to SQL Injection via t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13234 (The Product Table by WBW plugin for WordPress is vulnerable to SQL Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12957 (A file handling command vulnerability in certain versions of Armoury C ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2024-12504 (The Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12118 (The The Events Calendar plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12079 (ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the ...)
- TODO: check
+ NOT-FOR-US: ECOVACS
CVE-2024-12078 (ECOVACS robot lawn mowers and vacuums use a shared, static secret key ...)
- TODO: check
+ NOT-FOR-US: ECOVACS
CVE-2024-12043 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11147 (ECOVACS robot lawnmowers and vacuums use a deterministic root password ...)
- TODO: check
+ NOT-FOR-US: ECOVACS
CVE-2024-10846 (The compose-go library component in versions v2.10-v2.4.0 allows an au ...)
TODO: check
CVE-2024-10539 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Uyumsoft Informatin Systems Uyumsoft ERP
CVE-2024-57947 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
[bookworm] - linux 6.1.106-1
@@ -248094,7 +248094,7 @@ CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] in
CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] in the r ...)
NOT-FOR-US: Fortinet
CVE-2022-23439 (A externally controlled reference to a resource in another sphere in F ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-23438 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Fortinet
CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ecaa5c6acf1a27edb533df5e7521ff028eac4a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ecaa5c6acf1a27edb533df5e7521ff028eac4a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/ccc0e9a3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list