[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 17 20:15:53 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d15fb247 by Salvatore Bonaccorso at 2025-03-17T21:14:57+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,53 +3,53 @@ CVE-2025-30143 (Rule 3000216 (before version 2) in Akamai App & API Protector (w
CVE-2025-2401 (Buffer overflow vulnerability in Immunity Debugger affecting version 1 ...)
TODO: check
CVE-2025-2392 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2391 (A vulnerability classified as critical was found in code-projects Bloo ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2390 (A vulnerability classified as critical has been found in code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2389 (A vulnerability was found in code-projects Blood Bank Management Syste ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2388 (A vulnerability was found in Keytop \u8def\u5185\u505c\u8f66\u6536\u8d ...)
TODO: check
CVE-2025-2387 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-2386 (A vulnerability was found in PHPGurukul Local Services Search Engine M ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2385 (A vulnerability has been found in code-projects Modern Bag 1.0 and cla ...)
TODO: check
CVE-2025-2384 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-2383 (A vulnerability, which was classified as critical, has been found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2382 (A vulnerability classified as critical was found in PHPGurukul Online ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2381 (A vulnerability classified as critical has been found in PHPGurukul Cu ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2380 (A vulnerability was found in PHPGurukul Apartment Visitors Management ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2379 (A vulnerability was found in PHPGurukul Apartment Visitors Management ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2378 (A vulnerability was found in PHPGurukul Medical Card Generation System ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2377 (A vulnerability was found in SourceCodester Vehicle Management System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-2376 (A vulnerability has been found in viames Pair Framework up to 1.9.11 a ...)
TODO: check
CVE-2025-2375 (A vulnerability, which was classified as problematic, was found in PHP ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2374 (A vulnerability, which was classified as critical, has been found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2373 (A vulnerability classified as critical was found in PHPGurukul Human M ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2372 (A vulnerability classified as critical has been found in PHPGurukul Hu ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2371 (A vulnerability was found in PHPGurukul Human Metapneumovirus Testing ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-2370 (A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B2022 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-2369 (A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B2022 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-2241 (A flaw was found in Hive, a component of Multicluster Engine (MCE) and ...)
TODO: check
CVE-2025-2202 (Broken access control vulnerability in the Innovaci\xf3n y Cualificaci ...)
@@ -67,15 +67,15 @@ CVE-2025-29787 (`zip` is a zip library for rust which supports reading and writi
CVE-2025-29786 (Expr is an expression language and expression evaluation for Go. Prior ...)
TODO: check
CVE-2025-29431 (Code-projects Online Class and Exam Scheduling System V1.0 is vulnerab ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-29430 (Code-projects Online Class and Exam Scheduling System V1.0 is vulnerab ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-29429 (Code-projects Online Class and Exam Scheduling System V1.0 is vulnerab ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-29427 (Code-projects Online Class and Exam Scheduling System V1.0 is vulnerab ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-29425 (Code-projects Online Class and Exam Scheduling System 1.0 is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-27512 (Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships ...)
TODO: check
CVE-2025-27102 (Agate is central authentication server software for OBiBa epidemiology ...)
@@ -103,13 +103,13 @@ CVE-2025-25618 (Incorrect Access Control in Unifiedtransform 2.0 leads to Privil
CVE-2025-25612 (FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnera ...)
TODO: check
CVE-2025-24185 (An out-of-bounds write issue was addressed with improved input validat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-22474 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-22473 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-22472 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-1774 (Incorrect string encodingvulnerability in NASK - PIB BotSense allows i ...)
TODO: check
CVE-2025-1398 (Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessa ...)
@@ -143,37 +143,37 @@ CVE-2025-0595 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDas
CVE-2025-0495 (Buildx is a Docker CLI plugin that extends build capabilities using Bu ...)
TODO: check
CVE-2024-9055 (The DPA countermeasures on Silicon Labs' Series 2 devices are not rese ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2024-8510 (N-central is vulnerable to a path traversal that allows unintended acc ...)
TODO: check
CVE-2024-54565 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-54559 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-54525 (A logic issue was addressed with improved file handling. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-54027 (A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-49561 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-49559 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-48831 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-48830 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-48828 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-48017 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-48015 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-48013 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6. ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-44866 (A buffer overflow in the GuitarPro1::read function of MuseScore Studio ...)
TODO: check
CVE-2024-44276 (This issue was addressed by using HTTPS when sending information over ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-12992 (Improper Neutralization of Special Elements used in a Command vulnerab ...)
TODO: check
CVE-2024-12971 (Improper Neutralization of Special Elements used in a Command vulnerab ...)
@@ -309938,7 +309938,7 @@ CVE-2021-32586 (An improper input validation vulnerability in the web server CGI
CVE-2021-32585 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiWAN
CVE-2021-32584 (An improper access control (CWE-284) vulnerability in FortiWLC version ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-32583
RESERVED
CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...)
@@ -326956,7 +326956,7 @@ CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and b
CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...)
NOT-FOR-US: Fortinet
CVE-2021-26087 (An improper neutralization of input during web page generation in Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-26086 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
CVE-2021-26085 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
@@ -336409,7 +336409,7 @@ CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN p
CVE-2021-22127 (An improper input validation vulnerability in FortiClient for Linux 6. ...)
NOT-FOR-US: FortiClient
CVE-2021-22126 (A use of hard-coded password vulnerability in FortiWLC version 8.5.2 a ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...)
NOT-FOR-US: FortiSandbox
CVE-2021-22124 (An uncontrolled resource consumption (denial of service) vulnerability ...)
@@ -348018,7 +348018,7 @@ CVE-2020-29012 (An insufficient session expiration vulnerability in FortiSandbox
CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum search and ...)
NOT-FOR-US: FortiSandbox
CVE-2020-29010 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2020-29009
RESERVED
CVE-2020-29008
@@ -400713,7 +400713,7 @@ CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses
CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...)
NOT-FOR-US: Netflix Conductor
CVE-2020-9295 (FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 r ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...)
NOT-FOR-US: FortiMail Fortiguard
CVE-2020-9293
@@ -429330,7 +429330,7 @@ CVE-2019-17661 (A CSV injection in the codepress-admin-columns (aka Admin Column
CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/translat ...)
- limesurvey <itp> (bug #472802)
CVE-2019-17659 (A use of hard-coded cryptographic key vulnerability in FortiSIEM versi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiTray co ...)
NOT-FOR-US: Fortiguard
CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...)
@@ -435070,7 +435070,7 @@ CVE-2019-15708 (A system command injection vulnerability in the FortiAP-S/W2 6.2
CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
NOT-FOR-US: FortiMail admin webUI
CVE-2019-15706 (An improper neutralization of input during web page generation in the ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN portal of Fo ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2019-15704 (A clear text storage of sensitive information vulnerability in FortiCl ...)
@@ -463219,7 +463219,7 @@ CVE-2019-6699 (An improper neutralization of input vulnerability in Fortinet For
CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...)
NOT-FOR-US: Fortinet
CVE-2019-6697 (An Improper Neutralization of Input vulnerability affecting FortiGate ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-6696 (An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6. ...)
NOT-FOR-US: Fortiguard
CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiManager V ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d15fb247f9e2038cb08724ac1d4e02591b257092
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d15fb247f9e2038cb08724ac1d4e02591b257092
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250317/d855a48e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list