Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9c992dd by Moritz Muehlenhoff at 2025-01-15T16:18:41+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -154,9 +154,9 @@ CVE-2025-23041 (Umbraco.Forms is a web form framework
written for the nuget ecos
CVE-2025-23025 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2025-23019 (IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof
and rout ...)
- TODO: check
+ NOT-FOR-US: IP tunnel protocol issue
CVE-2025-23018 (IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not
require the ...)
- TODO: check
+ NOT-FOR-US: IP tunnel protocol issue
CVE-2025-22984 (An access control issue in the component
/api/squareComment/DelectSqua ...)
NOT-FOR-US: iceCMS
CVE-2025-22983 (An access control issue in the component
/square/getAllSquare/circle o ...)
@@ -794,91 +794,91 @@ CVE-2024-34166 (An os command injection vulnerability
exists in the touchlist_sy
CVE-2024-33503 (A improper privilege management in Fortinet FortiManager
version 7.4.0 ...)
NOT-FOR-US: Fortinet
CVE-2024-33502 (An improper limitation of a pathname to a restricted directory
('path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-32115 (A relative path traversal vulnerability [CWE-23] in Fortinet
FortiMana ...)
NOT-FOR-US: Fortinet
CVE-2024-29980 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2024-29979 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2024-27778 (An improper neutralization of special elements used in an OS
Command v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-26012 (A improper neutralization of special elements used in an os
command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-23106 (An improper restriction of excessive authentication attempts
[CWE-307] ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-21797 (A command execution vulnerability exists in the adm.cgi
set_TR069() fu ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-21758 (A stack-based buffer overflow in Fortinet FortiWeb versions
7.2.0 thro ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-13181 (Path Traversal in Ivanti Avalanche before version 6.4.7 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13180 (Path Traversal in Ivanti Avalanche before version 6.4.7 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13179 (Path Traversal in Ivanti Avalanche before version 6.4.7 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13172 (Improper signature verification in Ivanti EPM before the 2024
January- ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13171 (Insufficient filename validation in Ivanti EPM before the 2024
January ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13170 (An out-of-bounds write in Ivanti EPM before the 2024
January-2025 Secu ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13169 (An out-of-bounds read in Ivanti EPM before the 2024
January-2025 Secur ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13168 (An out-of-bounds write in Ivanti EPM before the 2024
January-2025 Secu ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13167 (An out-of-bounds write in Ivanti EPM before the 2024
January-2025 Secu ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13166 (An out-of-bounds write in Ivanti EPM before the 2024
January-2025 Secu ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13165 (An out-of-bounds write in Ivanti EPM before the 2024
January-2025 Secu ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13164 (An uninitialized resource in Ivanti EPM before the 2024
January-2025 S ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13163 (Deserialization of untrusted data in Ivanti EPM before the
2024 Januar ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13162 (SQL injection in Ivanti EPM before the 2024 January-2025
Security Upda ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13161 (Absolute path traversal in Ivanti EPM before the 2024
January-2025 Sec ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13160 (Absolute path traversal in Ivanti EPM before the 2024
January-2025 Sec ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13159 (Absolute path traversal in Ivanti EPM before the 2024
January-2025 Sec ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13158 (An unbounded resource search path in Ivanti EPM before the
2024 Januar ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13156 (The HTML5 Video Player \u2013 mp4 Video Player Plugin and
Block plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12919 (The Paid Membership Subscriptions \u2013 Effortless
Memberships, Recur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12240 (The Page Builder by SiteOrigin plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11864 (Specifically crafted SCMI messages sent to an SCP running
SCP-Firmware ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-11863 (Specifically crafted SCMI messages sent to an SCP running
SCP-Firmware ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-11736 (A vulnerability was found in Keycloak. Admin users may have to
access ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2024-11734 (A denial of service vulnerability was found in Keycloak that
could all ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2024-11497 (An authenticated attacker can use this vulnerability to
perform a priv ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2024-10811 (Absolute path traversal in Ivanti EPM before the 2024
January-2025 Sec ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-10630 (A race condition in Ivanti Application Control Engine before
version 1 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-46715 (An origin validation error [CWE-346] vulnerability in Fortinet
FortiOS ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-42786 (A null pointer dereference in FortiOS versions 7.4.0 through
7.4.1, 7. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-42785 (A null pointer dereference in FortiOS versions 7.4.0 through
7.4.1, 7. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-37937 (An improper neutralization of special elements used in an os
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-37936 (A use of hard-coded cryptographic key in Fortinet FortiSwitch
version ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-37931 (An improper neutralization of special elements used in an sql
command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-52006 (Git is a fast, scalable, distributed revision control system
with an u ...)
- git <unfixed> (bug #1093042)
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9c992dd2a4b766421601e6f10f23be6f764594b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9c992dd2a4b766421601e6f10f23be6f764594b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
