Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ecaa5c6 by Salvatore Bonaccorso at 2025-01-23T21:40:34+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,135 +1,135 @@
CVE-2025-24353 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2025-24034 (Himmelblau is an interoperability suite for Microsoft Azure
Entra ID a ...)
- TODO: check
+ NOT-FOR-US: Himmelblau
CVE-2025-24033 (@fastify/multipart is a Fastify plugin for parsing the
multipart conte ...)
- TODO: check
+ NOT-FOR-US: fastify/multipart
CVE-2025-23960 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23894 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23836 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23834 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23733 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23730 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23729 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23727 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23725 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23724 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23723 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23722 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23636 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23634 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23629 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23628 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23624 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23545 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23544 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23541 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23540 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23227 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0
through 7. ...)
NOT-FOR-US: IBM
CVE-2025-23006 (Pre-authentication deserialization of untrusted data
vulnerability has ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-22768 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23
Rocket Med ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22264 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22153 (RestrictedPython is a tool that helps to define a subset of
the Python ...)
TODO: check
CVE-2025-0648 (Unexpected server crash in database driver in M-Files Server
before 25 ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-0637 (It has been found that the Beta10 software does not provide for
proper ...)
- TODO: check
+ NOT-FOR-US: Beta10
CVE-2025-0635 (Denial of service condition in M-Files Server in versions
before 25. ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-0619 (Unsafe password recovery from configuration in M-Files Server
before 2 ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2024-55971 (SQL Injection vulnerability in the default configuration of
the Logiti ...)
- TODO: check
+ NOT-FOR-US: Logitime WebClock application
CVE-2024-55930 (Weak default folder permissions)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55929 (Mail spoofing)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55928 (Clear text secrets returned & Remote system secrets in clear
text)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55927 (Flawed token generation implementation & Hard-coded key
implementation)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55926 (Arbitrary file upload, deletion and read through header
manipulation)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-55925 (API Security bypass through header manipulation)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-52331 (ECOVACS robot lawnmowers and vacuums use a deterministic
symmetric key ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
CVE-2024-52330 (ECOVACS lawnmowers and vacuums do not properly validate TLS
certificat ...)
- TODO: check
+ NOT-FOR-US: ECOVACS lawnmowers and vacuums
CVE-2024-52329 (ECOVACS HOME mobile app plugins for specific robots do not
properly va ...)
- TODO: check
+ NOT-FOR-US: ECOVACS HOME mobile app plugins
CVE-2024-52328 (ECOVACS robot lawnmowers and vacuums insecurely store audio
files used ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
CVE-2024-52327 (The cloud service used by ECOVACS robot lawnmowers and vacuums
allows ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
CVE-2024-52325 (ECOVACS robot lawnmowers and vacuums are vulnerable to command
injecti ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
CVE-2024-45672 (IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a
local pr ...)
NOT-FOR-US: IBM
CVE-2024-43708 (An allocation of resources without limits or throttling in
Kibana can ...)
TODO: check
CVE-2024-13593 (The BMLT Meeting Map plugin for WordPress is vulnerable to
Local File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13511 (The Variation Swatches for WooCommerce plugin, in all versions
startin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13422 (The SEO Blogger to WordPress Migration using 301 Redirection
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13389 (The Cliptakes plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13340 (The MDTF \u2013 Meta Data and Taxonomies Filter plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13236 (The Tainacan plugin for WordPress is vulnerable to SQL
Injection via t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13234 (The Product Table by WBW plugin for WordPress is vulnerable to
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12957 (A file handling command vulnerability in certain versions of
Armoury C ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2024-12504 (The Broadcast Live Video \u2013 Live Streaming : HTML5,
WebRTC, HLS, R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12118 (The The Events Calendar plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12079 (ECOVACS robot lawnmowers store the anti-theft PIN in cleartext
on the ...)
- TODO: check
+ NOT-FOR-US: ECOVACS
CVE-2024-12078 (ECOVACS robot lawn mowers and vacuums use a shared, static
secret key ...)
- TODO: check
+ NOT-FOR-US: ECOVACS
CVE-2024-12043 (The Prime Slider \u2013 Addons For Elementor (Revolution of a
slider, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11147 (ECOVACS robot lawnmowers and vacuums use a deterministic root
password ...)
- TODO: check
+ NOT-FOR-US: ECOVACS
CVE-2024-10846 (The compose-go library component in versions v2.10-v2.4.0
allows an au ...)
TODO: check
CVE-2024-10539 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Uyumsoft Informatin Systems Uyumsoft ERP
CVE-2024-57947 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.10.3-1
[bookworm] - linux 6.1.106-1
@@ -248094,7 +248094,7 @@ CVE-2022-23441 (A use of hard-coded cryptographic key
vulnerability [CWE-321] in
CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321]
in the r ...)
NOT-FOR-US: Fortinet
CVE-2022-23439 (A externally controlled reference to a resource in another
sphere in F ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-23438 (An improper neutralization of input during web page generation
('Cross ...)
NOT-FOR-US: Fortinet
CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java
(XercesJ) XML pa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ecaa5c6acf1a27edb533df5e7521ff028eac4a3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ecaa5c6acf1a27edb533df5e7521ff028eac4a3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
