Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
78a28395 by Moritz Muehlenhoff at 2025-01-10T13:59:47+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for
WordPress is vulnerable to
CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey
titles of ...)
TODO: check
CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the
built-in mess ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2024-55226 (Vaultwarden v1.32.5 was discovered to contain an authenticated
reflect ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2024-55225 (An issue in the component src/api/identity.rs of Vaultwarden
prior to ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2024-55224 (An HTML injection vulnerability in Vaultwarden prior to
v1.32.5 allows ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2024-51229 (Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0
allows ...)
NOT-FOR-US: LinZhaoguan pb-cms
CVE-2024-48806 (Buffer Overflow vulnerability in Neat Board NFC
v.1.20240620.0015 allo ...)
@@ -23,63 +23,63 @@ CVE-2024-46464 (In PRIMX ZED Enterprise up to 2024.3,
technical files stored in
CVE-2024-42898 (A cross-site scripting (XSS) vulnerability in Nagios XI
2024R1.1.4 all ...)
NOT-FOR-US: Nagios XI
CVE-2024-13312 (Missing Authorization vulnerability in Drupal Open Social
allows Force ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13311 (Vulnerability in Drupal Allow All File Extensions for file
fields.This ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13310 (Vulnerability in Drupal Git Utilities for Drupal.This issue
affects Gi ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13309 (Improper Authentication vulnerability in Drupal Login Disable
allows E ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13308 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13304 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Minify JS al ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13303 (Missing Authorization vulnerability in Drupal Download All
Files allow ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13302 (Incorrect Authorization vulnerability in Drupal Pages
Restriction Acce ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13301 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13300 (Vulnerability in Drupal Print Anything.This issue affects
Print Anythi ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13299 (Vulnerability in Drupal Megamenu Framework.This issue affects
Megamenu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13298 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13297 (Deserialization of Untrusted Data vulnerability in Drupal
Eloqua allow ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13296 (Deserialization of Untrusted Data vulnerability in Drupal
Mailjet allo ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13295 (Deserialization of Untrusted Data vulnerability in Drupal Node
export ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13294 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13293 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST
File al ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13292 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13291 (Incorrect Authorization vulnerability in Drupal Basic HTTP
Authenticat ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13290 (Incorrect Authorization vulnerability in Drupal OhDear
Integration all ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13288 (Deserialization of Untrusted Data vulnerability in Drupal
Monster Menu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13287 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13286 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13285 (Vulnerability in Drupal wkhtmltopdf.This issue affects
wkhtmltopdf: *. ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13183 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12606 (The AI Scribe \u2013 SEO AI Writer, Content Generator,
Humanizer, Blog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12473 (The AI Scribe \u2013 SEO AI Writer, Content Generator,
Humanizer, Blog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22827 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-22826 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -225,101 +225,101 @@ CVE-2024-46505 (Infoblox BloxOne v2.4 was discovered to
contain a business logic
CVE-2024-43176 (IBM OpenPages 9.0 could allow an authenticated user to obtain
sensitiv ...)
NOT-FOR-US: IBM
CVE-2024-13284 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Gutenberg al ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13283 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13282 (Incorrect Authorization vulnerability in Drupal Block
permissions allo ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13281 (Incorrect Authorization vulnerability in Drupal Monster Menus
allows F ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13280 (Insufficient Session Expiration vulnerability in Drupal
Persistent Log ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13279 (Session Fixation vulnerability in Drupal Two-factor
Authentication (TF ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13278 (Incorrect Authorization vulnerability in Drupal Diff allows
Functional ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13277 (Incorrect Authorization vulnerability in Drupal Smart IP Ban
allows Fo ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13276 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dru ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13275 (Access of Resource Using Incompatible Type ('Type Confusion')
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13274 (Improper Control of Interaction Frequency vulnerability in
Drupal Open ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13273 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13272 (Insufficient Granularity of Access Control vulnerability in
Drupal Par ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13271 (Incorrect Authorization vulnerability in Drupal Content Entity
Clone a ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13270 (Incorrect Authorization vulnerability in Drupal Freelinking
allows For ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13269 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dru ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13268 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13267 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13266 (Incorrect Authorization vulnerability in Drupal Responsive and
off-can ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13265 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13264 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13263 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13262 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13261 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Acquia DAM a ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13260 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Migrate queu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13259 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dru ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13258 (Incorrect Authorization vulnerability in Drupal Drupal REST &
JSON API ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13257 (Incorrect Authorization vulnerability in Drupal Commerce View
Receipt ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13256 (Insufficient Granularity of Access Control vulnerability in
Drupal Ema ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13255 (Exposure of Sensitive Information Through Data Queries
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13254 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dru ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13253 (Incorrect Authorization vulnerability in Drupal Advanced PWA
inc Push ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13252 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13251 (Incorrect Privilege Assignment vulnerability in Drupal
Registration ro ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13250 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Drupal Symfo ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13249 (Improper Ownership Management vulnerability in Drupal Node
Access Rebu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13248 (Incorrect Privilege Assignment vulnerability in Drupal Private
content ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13247 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13246 (Improper Ownership Management vulnerability in Drupal Node
Access Rebu ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13245 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13244 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Migrate Tool ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13243 (Missing Authorization vulnerability in Drupal Entity Delete
Log allows ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13242 (Exposed Dangerous Method or Function vulnerability in Drupal
Swift Mai ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13241 (Improper Authorization vulnerability in Drupal Open Social
allows Coll ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13240 (Improper Access Control vulnerability in Drupal Open Social
allows Col ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13239 (Weak Authentication vulnerability in Drupal Two-factor
Authentication ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13238 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal plugin
CVE-2024-13153 (The Unlimited Elements For Elementor plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12848 (The SKT Page Builder plugin for WordPress is vulnerable to
arbitrary f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a28395aea5d380c9da89c98b8e519ac45d9491
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a28395aea5d380c9da89c98b8e519ac45d9491
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
