[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 5 20:27:54 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c83f0787 by Salvatore Bonaccorso at 2025-03-05T21:27:22+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-2003 (Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-27517 (Volt is an elegantly crafted functional API for Livewire. Malicious, u ...)
- TODO: check
+ NOT-FOR-US: Volt API for Livewire
CVE-2025-27515 (Laravel is a web application framework. When using wildcard validation ...)
TODO: check
CVE-2025-27513 (OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry dotnet
CVE-2025-27497 (OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 ...)
TODO: check
CVE-2025-27412 (REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the re ...)
- TODO: check
+ NOT-FOR-US: REDAXO
CVE-2025-27411 (REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/medi ...)
- TODO: check
+ NOT-FOR-US: REDAXO
CVE-2025-25015 (Prototype pollution in Kibana leads to arbitrary code execution via a ...)
TODO: check
CVE-2025-24521 (External XML entity injection allows arbitrary download of files. The ...)
@@ -23,13 +23,13 @@ CVE-2025-23416 (Path traversal may lead to arbitrary file deletion. The score wi
CVE-2025-22493 (Secure flag not set and SameSIte was set to Lax in the Foreseer Report ...)
TODO: check
CVE-2025-22212 (A SQL injection vulnerability in the ConvertForms component versions 1 ...)
- TODO: check
+ NOT-FOR-US: ConvertForms component for Joomla
CVE-2025-21095 (Path traversal may lead to arbitrary file download. The score without ...)
TODO: check
CVE-2025-20208 (A vulnerability in the web-based management interface of Cisco TelePre ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20206 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-1714 (Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to ...)
TODO: check
CVE-2025-1702 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
@@ -55,13 +55,13 @@ CVE-2024-8682 (The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for
CVE-2024-5667 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-53458 (Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) con ...)
- TODO: check
+ NOT-FOR-US: Sysax Multi Server
CVE-2024-51144 (Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.p ...)
TODO: check
CVE-2024-48246 (Vehicle Management System 1.0 contains a Stored Cross-Site Scripting ( ...)
- TODO: check
+ NOT-FOR-US: Vehicle Management System
CVE-2024-31525 (Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access C ...)
- TODO: check
+ NOT-FOR-US: Peppermint Ticket Management
CVE-2024-13866 (The Simple Notification plugin for WordPress is vulnerable to Stored C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13839 (The Staff Directory Plugin: Company Directory plugin for WordPress is ...)
@@ -99,23 +99,23 @@ CVE-2024-13350 (The SearchIQ \u2013 The Search Solution plugin for WordPress is
CVE-2024-13232 (The WordPress Awesome Import & Export Plugin - Import & Export WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13147 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Merkur Software B2B Login Panel
CVE-2024-12815 (The Point Maker plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12799 (Insufficiently Protected Credentials vulnerability in OpenText Identit ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-12650 (An attacker with low privileges can manipulate the requested memory si ...)
TODO: check
CVE-2024-12281 (The Homey theme for WordPress is vulnerable to privilege escalation in ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12097 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Boceksoft Informatics E-Travel
CVE-2024-11951 (The Homey Login Register plugin for WordPress is vulnerable to privile ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11731 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11216 (Authorization Bypass Through User-Controlled Key, Exposure of Private ...)
- TODO: check
+ NOT-FOR-US: PozitifIK Pik Online
CVE-2024-11153 (The Content Control \u2013 The Ultimate Content Restriction Plugin! Re ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11035 (Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c83f07875f35f848154685fd12dcdfeda5ebfde8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c83f07875f35f848154685fd12dcdfeda5ebfde8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250305/51fca147/attachment.htm>
More information about the debian-security-tracker-commits
mailing list