Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d3c3d00 by Moritz Muehlenhoff at 2025-01-16T12:27:50+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a
local attac ...)
NOT-FOR-US: dingfanzuCMS
CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN
Interactive) DDS ...)
- TODO: check
+ NOT-FOR-US: Acora CMS
CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the
pppUser ...)
NOT-FOR-US: RE11S
CVE-2025-22913 (RE11S v1.11 was discovered to contain a stack overflow via the
rootAPm ...)
@@ -49,29 +49,29 @@ CVE-2024-57727 (SimpleHelp remote support software v5.5.7
and before is vulnerab
CVE-2024-57726 (SimpleHelp remote support software v5.5.7 and before has a
vulnerabili ...)
NOT-FOR-US: SimpleHelp
CVE-2024-55503 (An issue in termius before v.9.9.0 allows a local attacker to
execute ...)
- TODO: check
+ NOT-FOR-US: termius
CVE-2024-53407 (In Phiewer 4.1.0, a dylib injection leads to Command Execution
which a ...)
- TODO: check
+ NOT-FOR-US: Phiewer
CVE-2024-48126 (HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain
hardcoded cr ...)
- TODO: check
+ NOT-FOR-US: HI-SCAN
CVE-2024-48125 (An issue in the AsDB service of HI-SCAN 6040i Hitrax
HX-03-19-I allows ...)
- TODO: check
+ NOT-FOR-US: HI-SCAN
CVE-2024-48123 (An issue in the USB Autorun function of HI-SCAN 6040i Hitrax
HX-03-19- ...)
- TODO: check
+ NOT-FOR-US: HI-SCAN
CVE-2024-48122 (Insecure default configurations in HI-SCAN 6040i Hitrax
HX-03-19-I all ...)
- TODO: check
+ NOT-FOR-US: HI-SCAN
CVE-2024-48121 (The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit
user cr ...)
- TODO: check
+ NOT-FOR-US: HI-SCAN
CVE-2024-41454 (An arbitrary file upload vulnerability in the UI login page
logo uploa ...)
- TODO: check
+ NOT-FOR-US: Process Maker
CVE-2024-41453 (A cross-site scripting (XSS) vulnerability in Process Maker
pm4core-do ...)
- TODO: check
+ NOT-FOR-US: Process Maker
CVE-2024-39967 (Insecure permissions in Aginode GigaSwitch v5 allows attackers
to acce ...)
- TODO: check
+ NOT-FOR-US: Aginode GigaSwitch
CVE-2024-36751 (An issue in parse-uri v1.0.9 allows attackers to cause a
Regular expre ...)
TODO: check
CVE-2024-12226 (In affected versions of the Octopus Kubernetes worker or
agent, sensit ...)
- TODO: check
+ NOT-FOR-US: Octopus Kubernetes worker
CVE-2024-11452 (The Chamber Dashboard Business Directory plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10970 (The The Motors \u2013 Car Dealer, Classifieds & Listing plugin
for Wor ...)
@@ -81,7 +81,7 @@ CVE-2024-10789 (The WP User Profile Avatar plugin for
WordPress is vulnerable to
CVE-2024-10401
REJECTED
CVE-2025-23040 (GitHub Desktop is an open-source Electron-based GitHub app
designed fo ...)
- TODO: check
+ NOT-FOR-US: GitHub Desktop
CVE-2025-22968 (An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker
to execu ...)
NOT-FOR-US: D-Link
CVE-2025-22799 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -210,9 +210,9 @@ CVE-2025-20036 (Mattermost Mobile Apps versions <=2.22.0
fail to properly valida
CVE-2025-0502 (Transmission of Private Resources into a New Sphere ('Resource
Leak') ...)
NOT-FOR-US: CrafterCMS
CVE-2025-0501 (An issue in the native clients for Amazon WorkSpaces Clients
when runn ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-0500 (An issue in the native clients for Amazon WorkSpaces, Amazon
AppStream ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-0485 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It
has been ...)
NOT-FOR-US: Fanli2012 native-php-cms
CVE-2025-0484 (A vulnerability was found in Fanli2012 native-php-cms 1.0 and
classifi ...)
@@ -447,7 +447,7 @@ CVE-2024-11851 (The NitroPack plugin for WordPress is
vulnerable to unauthorized
CVE-2024-11848 (The NitroPack plugin for WordPress is vulnerable to
unauthorized modif ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11322 (A denial-of-service vulnerability exists in CyberPower
PowerPanel Busi ...)
- TODO: check
+ NOT-FOR-US: CyberPower PowerPanel Business
CVE-2024-11029 (A flaw was found in the FreeIPA API audit, where it sends the
whole Fr ...)
- freeipa <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2325557
@@ -602,7 +602,7 @@ CVE-2025-0434 (Out of bounds memory access in V8 in Google
Chrome prior to 132.0
- chromium 132.0.6834.83-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-23366 (A flaw was found in the HAL Console in the Wildfly component,
which do ...)
- TODO: check
+ - wildfly <itp> (bug #752018)
CVE-2025-23081 (Cross-Site Request Forgery (CSRF), Improper Neutralization of
Input Du ...)
NOT-FOR-US: Mediawiki extension DataTransfer
CVE-2025-23080 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d3c3d00fc38d188d298d8b28e1e022e89df34a6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d3c3d00fc38d188d298d8b28e1e022e89df34a6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
