Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c5d37ec by Moritz Muehlenhoff at 2025-01-15T10:38:27+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58,11 +58,11 @@ CVE-2024-55577 (Stack-based buffer overflow vulnerability
exists in Linux Ratfor
[bookworm] - ratfor <no-dsa> (Minor issue)
NOTE: http://www.dgate.org/ratfor/#changehistory
CVE-2024-54730 (Flatnotes <v5.3.1 is vulnerable to denial of service through
the uploa ...)
- TODO: check
+ NOT-FOR-US: Flatnotes
CVE-2024-54142 (Discourse AI is a Discourse plugin which provides a number of
AI featu ...)
NOT-FOR-US: Discourse plugin
CVE-2024-53277 (Silverstripe Framework is a PHP framework which powers the
Silverstrip ...)
- TODO: check
+ NOT-FOR-US: Silverstripe framework
CVE-2024-50861 (The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is
vulnerable t ...)
NOT-FOR-US: GestioIP
CVE-2024-50859 (The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable
to Refl ...)
@@ -78,19 +78,19 @@ CVE-2024-48760 (An issue in GestioIP v3.5.7 allows a remote
attacker to execute
CVE-2024-47605 (silverstripe-asset-admin is a silverstripe assets gallery for
asset ma ...)
NOT-FOR-US: silverstripe-asset-admin
CVE-2024-45102 (A privilege escalation vulnerability was discovered that could
allow a ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-42911 (ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0
was disco ...)
- TODO: check
+ NOT-FOR-US: ECOVACS
CVE-2024-13394 (The ViewMedica 9 plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13334 (The Car Demon plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11870 (The Event Registration Calendar By vcita plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10254 (A potential buffer overflow vulnerability was reported in PC
Manager, ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-10253 (A potential TOCTOU vulnerability was reported in PC Manager,
Lenovo Br ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-0448
- chromium 132.0.6834.83-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -133,15 +133,15 @@ CVE-2025-0434
CVE-2025-23366 (A flaw was found in the HAL Console in the Wildfly component,
which do ...)
TODO: check
CVE-2025-23081 (Cross-Site Request Forgery (CSRF), Improper Neutralization of
Input Du ...)
- TODO: check
+ NOT-FOR-US: Mediawiki extension DataTransfer
CVE-2025-23080 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Mediawiki extension OpenBadges
CVE-2025-23074 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Mediawiki extension SocialProfile
CVE-2025-23073 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Mediawiki extension GlobalBlocking
CVE-2025-23072 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Mediawiki extension RefreshSpecial
CVE-2025-23052 (Authenticated command injection vulnerability in the
commandline inter ...)
NOT-FOR-US: HPE
CVE-2025-23051 (An authenticated parameter injection vulnerability existsin
the web-ba ...)
@@ -149,7 +149,7 @@ CVE-2025-23051 (An authenticated parameter injection
vulnerability existsin the
CVE-2025-23042 (Gradio is an open-source Python package that allows quick
building of ...)
NOT-FOR-US: Gradio
CVE-2025-23041 (Umbraco.Forms is a web form framework written for the nuget
ecosystem. ...)
- TODO: check
+ NOT-FOR-US: Umbraco.Forms
CVE-2025-23025 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2025-23019 (IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof
and rout ...)
@@ -525,7 +525,7 @@ CVE-2025-0461 (A vulnerability has been found in Shanghai
Lingdang Information T
CVE-2025-0460 (A vulnerability, which was classified as critical, was found in
Blog B ...)
NOT-FOR-US: Blog Botz for Journal Theme on OpenCart
CVE-2025-0459 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ - retroarch <not-affected> (Windows-specific)
CVE-2025-0458 (A vulnerability classified as problematic was found in Virtual
Compute ...)
NOT-FOR-US: Virtual Computer Vysual RH Solution
CVE-2025-0394 (The WordPress CRM, Email & Marketing Automation for WordPress |
Award ...)
@@ -597,7 +597,7 @@ CVE-2024-50566 (A improper neutralization of special
elements used in an os comm
CVE-2024-50564 (A use of hard-coded cryptographic key in Fortinet
FortiClientWindows v ...)
NOT-FOR-US: FortiGuard
CVE-2024-50338 (Git Credential Manager (GCM) is a secure Git credential helper
built o ...)
- TODO: check
+ NOT-FOR-US: Git Credential Manager (GCM)
CVE-2024-49375 (Open source machine learning framework. A vulnerability has
been ident ...)
NOT-FOR-US: Rasa
CVE-2024-48893 (An improper neutralization of input during web page generation
vulnera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c5d37ec726b17fc31f2052490f9d34f9cbc2ca7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c5d37ec726b17fc31f2052490f9d34f9cbc2ca7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
