Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18adcc3b by Salvatore Bonaccorso at 2025-01-17T21:48:02+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,95 +1,95 @@
CVE-2025-21399 (Microsoft Edge (Chromium-based) Update Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21185 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-0537 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: code-projects Car Rental Management System
CVE-2025-0536 (A vulnerability classified as critical was found in 1000
Projects Atte ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Attendance Tracking Management System
CVE-2025-0535 (A vulnerability classified as critical has been found in
Codezips Gym ...)
- TODO: check
+ NOT-FOR-US: Codezips Gym Management System
CVE-2025-0534 (A vulnerability was found in 1000 Projects Campaign Management
System ...)
- TODO: check
+ NOT-FOR-US: 000 Projects Campaign Management System Platform for Women
CVE-2025-0533 (A vulnerability was found in 1000 Projects Campaign Management
System ...)
- TODO: check
+ NOT-FOR-US: 000 Projects Campaign Management System Platform for Women
CVE-2025-0532 (A vulnerability was found in Codezips Gym Management System
1.0. It ha ...)
- TODO: check
+ NOT-FOR-US: Codezips Gym Management System
CVE-2025-0531 (A vulnerability was found in code-projects Chat System 1.0 and
classif ...)
- TODO: check
+ NOT-FOR-US: code-projects Chat System
CVE-2025-0530 (A vulnerability has been found in code-projects Job Recruitment
1.0 an ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2025-0529 (A vulnerability, which was classified as critical, was found in
code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-0528 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-0527 (A vulnerability classified as critical was found in
code-projects Admi ...)
- TODO: check
+ NOT-FOR-US: code-projects Admission Management System
CVE-2025-0430 (Belledonne Communications Linphone-Desktop is vulnerable to a
NULL D ...)
- TODO: check
+ NOT-FOR-US: Belledonne Communications Linphone-Desktop
CVE-2024-57372 (Cross Site Scripting vulnerability in InformationPush master
version a ...)
- TODO: check
+ NOT-FOR-US: InformationPush
CVE-2024-57370 (Cross Site Scripting vulnerability in sunnygkp10 Online Exam
System ma ...)
- TODO: check
+ NOT-FOR-US: sunnygkp10 Online Exam System
CVE-2024-57369 (Clickjacking vulnerability in typecho v1.2.1.)
- TODO: check
+ NOT-FOR-US: typecho
CVE-2024-57034 (WeGIA < 3.2.0 is vulnerable to SQL Injection in
query_geracao_auto.php ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-57032 (WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in
controle/co ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-57031 (WeGIA < 3.2.0 is vulnerable to SQL Injection in
/funcionario/remunerac ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-57030 (Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in
/geral/do ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-54681 (Multiple bash files were present in the application's private
director ...)
- TODO: check
+ NOT-FOR-US: Ossur
CVE-2024-53683 (A valid set of credentials in a .js file and a static token
for commu ...)
- TODO: check
+ NOT-FOR-US: Ossur
CVE-2024-52870 (Teradata Vantage Editor 1.0.1 is mostly intended for SQL
database acce ...)
- TODO: check
+ NOT-FOR-US: Teradata Vantage Editor
CVE-2024-50967 (The /rest/rights/ REST API endpoint in Becon DATAGerry through
2.2.0 c ...)
- TODO: check
+ NOT-FOR-US: Becon DATAGerry
CVE-2024-45832 (Hard-coded credentials were included as part of the
application binary ...)
- TODO: check
+ NOT-FOR-US: Ossur
CVE-2024-26157 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.5.0 ...)
- TODO: check
+ NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
CVE-2024-26156 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.5.0 ...)
- TODO: check
+ NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
CVE-2024-26155 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.5.0 ...)
- TODO: check
+ NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
CVE-2024-26154 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.5.0 ...)
- TODO: check
+ NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
CVE-2024-26153 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.9.1 ...)
- TODO: check
+ NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
CVE-2024-13503 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: Newtec
CVE-2024-13502 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Newtec
CVE-2024-13378 (The Gravity Forms plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13377 (The Gravity Forms plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13026 (A vulnerability exists in Algo Edge up to 2.1.1 - a previously
used (l ...)
TODO: check
CVE-2024-12757 (Nedap Librix Ecoreader is missing authentication for
critical functi ...)
- TODO: check
+ NOT-FOR-US: Nedap Librix Ecoreader
CVE-2024-12703 (CWE-502: Deserialization of untrusted data vulnerability
exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-12476 (CWE-611: Improper Restriction of XML External Entity Reference
vulnera ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-12399 (CWE-924: Improper Enforcement of Message Integrity During
Transmission ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-12370 (The WP Hotel Booking plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12142 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor vu ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-11425 (CWE-131: Incorrect Calculation of Buffer Size vulnerability
exists tha ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-11139 (CWE-119: Improper Restriction of Operations within the Bounds
of a Mem ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-10498 (CWE-119: Improper Restriction of Operations within the Bounds
of a Mem ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-10497 (CWE-639: Authorization Bypass Through User-Controlled Key
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-7596 [networkmanager: UDP encapsulation protocol excessive trust]
NOT-FOR-US: IP tunnel protocol issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317264
@@ -640,85 +640,85 @@ CVE-2025-0518 (Unchecked Return Value, Out-of-bounds Read
vulnerability in FFmpe
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
CVE-2025-0473 (Vulnerability in the PMB platform that allows an attacker to
persist t ...)
- TODO: check
+ NOT-FOR-US: PMB platform
CVE-2025-0472 (Information exposure in the PMB platform affecting versions
4.2.13 and ...)
- TODO: check
+ NOT-FOR-US: PMB platform
CVE-2025-0471 (Unrestricted file upload vulnerability in the PMB platform,
affecting ...)
- TODO: check
+ NOT-FOR-US: PMB platform
CVE-2024-57776 (A cross-site scripting (XSS) vulnerability in the
/apply/getEditPage?v ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57775 (JFinalOA before v2025.01.01 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57774 (A cross-site scripting (XSS) vulnerability in the
getBusinessUploadLis ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57773 (A cross-site scripting (XSS) vulnerability in the
openSelectManyUserPa ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57772 (A cross-site scripting (XSS) vulnerability in the
/bumph/getDraftListP ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57771 (A cross-site scripting (XSS) vulnerability in the
common/getEditPage?v ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57770 (JFinalOA before v2025.01.01 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57769 (JFinalOA before v2025.01.01 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57768 (JFinalOA before v2025.01.01 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: JFinalOA
CVE-2024-57684 (An access control issue in the component formDMZ.cgi of D-Link
816A2_F ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57683 (An access control issue in the component websURLFilterAddDel
of D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57682 (An information disclosure vulnerability in the component
d_status.asp ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57681 (An access control issue in the component form2alg.cgi of
D-Link 816A2_ ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57680 (An access control issue in the component
form2PortriggerRule.cgi of D- ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57679 (An access control issue in the component
form2RepeaterSetup.cgi of D-L ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57678 (An access control issue in the component form2WlAc.cgi of
D-Link 816A2 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57677 (An access control issue in the component form2Wan.cgi of
D-Link 816A2_ ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57676 (An access control issue in the component
form2WlanBasicSetup.cgi of D- ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-57611 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-57162 (Campcodes Cybercafe Management System v1.0 is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: Campcodes Cybercafe Management System
CVE-2024-57161 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-57160 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-57159 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-56515 (Matrix Media Repo (MMR) is a highly configurable
multi-homeserver medi ...)
- TODO: check
+ NOT-FOR-US: Matrix Media Repo (MMR)
CVE-2024-56136 (Zulip server provides an open-source team chat that helps
teams stay p ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2024-55954 (OpenObserve is a cloud-native observability platform. A
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenObserve
CVE-2024-52791 (Matrix Media Repo (MMR) is a highly configurable
multi-homeserver medi ...)
- TODO: check
+ NOT-FOR-US: Matrix Media Repo (MMR)
CVE-2024-52602 (Matrix Media Repo (MMR) is a highly configurable
multi-homeserver medi ...)
- TODO: check
+ NOT-FOR-US: Matrix Media Repo (MMR)
CVE-2024-52594 (Gomatrixserverlib is a Go library for matrix federation.
Gomatrixserve ...)
- TODO: check
+ NOT-FOR-US: Gomatrixserverlib
CVE-2024-50633 (A Broken Object Level Authorization (BOLA) vulnerability in
Indico v3. ...)
- TODO: check
+ NOT-FOR-US: Indico
CVE-2024-50563 (A weak authentication in Fortinet FortiManager Cloud,
FortiAnalyzer ve ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-48885 (A improper limitation of a pathname to a restricted directory
('path t ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-45331 (A incorrect privilege assignment in Fortinet FortiAnalyzer
versions 7. ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-41746 (IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is
vulnerable to st ...)
NOT-FOR-US: IBM
CVE-2024-37181 (Time-of-check time-of-use race condition in some Intel(R)
Neural Compr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-36403 (Matrix Media Repo (MMR) is a highly configurable
multi-homeserver medi ...)
- TODO: check
+ NOT-FOR-US: Matrix Media Repo (MMR)
CVE-2024-36402 (Matrix Media Repo (MMR) is a highly configurable
multi-homeserver medi ...)
- TODO: check
+ NOT-FOR-US: Matrix Media Repo (MMR)
CVE-2024-13387 (The WP Responsive Tabs plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13355 (The Admin and Customer Messages After Order for WooCommerce:
OrderConv ...)
@@ -734,7 +734,7 @@ CVE-2024-12427 (The Multi Step Form plugin for WordPress is
vulnerable to unauth
CVE-2023-4319
REJECTED
CVE-2018-25108 (An unauthenticated remote attacker can cause a DoS in the
controller d ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a
local attac ...)
NOT-FOR-US: dingfanzuCMS
CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN
Interactive) DDS ...)
@@ -806,7 +806,7 @@ CVE-2024-41453 (A cross-site scripting (XSS) vulnerability
in Process Maker pm4c
CVE-2024-39967 (Insecure permissions in Aginode GigaSwitch v5 allows attackers
to acce ...)
NOT-FOR-US: Aginode GigaSwitch
CVE-2024-36751 (An issue in parse-uri v1.0.9 allows attackers to cause a
Regular expre ...)
- TODO: check
+ NOT-FOR-US: parse-uri
CVE-2024-12226 (In affected versions of the Octopus Kubernetes worker or
agent, sensit ...)
NOT-FOR-US: Octopus Kubernetes worker
CVE-2024-11452 (The Chamber Dashboard Business Directory plugin for WordPress
is vulne ...)
@@ -2448,9 +2448,9 @@ CVE-2024-12398 (An improper privilege management
vulnerability in the web manage
CVE-2024-12365 (The W3 Total Cache plugin for WordPress is vulnerable to
unauthorized ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12298 (We found a vulnerability Improper Restriction of XML External
Entity R ...)
- TODO: check
+ NOT-FOR-US: NB-series NX-Designer
CVE-2024-12083 (Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series
Machine ...)
- TODO: check
+ NOT-FOR-US: NJ/NX-series Machine Automation Controllers
CVE-2024-12008 (The W3 Total Cache plugin for WordPress is vulnerable to
Information E ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12006 (The W3 Total Cache plugin for WordPress is vulnerable to
unauthorized ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18adcc3b674d3584afd18b2b51a6ae9af7da96bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18adcc3b674d3584afd18b2b51a6ae9af7da96bc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
