Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f00fa3d8 by Salvatore Bonaccorso at 2025-01-30T14:38:54+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation
requests to th ...)
- TODO: check
+ NOT-FOR-US: kube-audit-rest
CVE-2025-24795 (The Snowflake Connector for Python provides an interface for
developin ...)
NOT-FOR-US: Snowflake Connector for Python
CVE-2025-24794 (The Snowflake Connector for Python provides an interface for
developin ...)
@@ -11,11 +11,11 @@ CVE-2025-24788 (snowflake-connector-net is the Snowflake
Connector for .NET. Sno
CVE-2025-23374 (Dell Networking Switches running Enterprise SONiC OS,
version(s) prior ...)
NOT-FOR-US: Dell
CVE-2025-21415 (Authentication bypass by spoofing in Azure AI Face Service
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21396 (Missing authorization in Microsoft Account allows an
unauthorized atta ...)
NOT-FOR-US: Microsoft
CVE-2025-0851 (A path traversal issue in ZipUtils.unzip and TarUtils.untar in
Deep Ja ...)
- TODO: check
+ NOT-FOR-US: Deep Java Library (DJL)
CVE-2025-0849 (A vulnerability classified as critical has been found in
CampCodes Sch ...)
NOT-FOR-US: CampCodes School Management Software
CVE-2025-0848 (A vulnerability was found in Tenda A18 up to 15.13.07.09. It
has been ...)
@@ -33,11 +33,11 @@ CVE-2025-0842 (A vulnerability was found in needyamin
Library Card System 1.0 an
CVE-2025-0841 (A vulnerability has been found in Aridius XYZ up to 20240927 on
OpenCa ...)
NOT-FOR-US: Aridius XYZ
CVE-2025-0662 (In some cases, the ktrace facility will log the contents of
kernel str ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2025-0374 (When etcupdate encounters conflicts while merging files, it
saves a ve ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2025-0373 (On 64-bit systems, the implementation of VOP_VPTOFH() in the
cd9660, t ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-57665 (JFinalCMS 1.0 is vulnerable to SQL Injection in
rc/main/java/com/cms/e ...)
NOT-FOR-US: JFinalCMS
CVE-2024-57513 (A floating-point exception (FPE) vulnerability exists in the
AP4_TfraA ...)
@@ -49,35 +49,35 @@ CVE-2024-57509 (Buffer Overflow vulnerability in Bento4
mp42avc v.3bdc891602d197
CVE-2024-57395 (Password Vulnerability in Safety production process management
system ...)
NOT-FOR-US: Password Vulnerability in Safety production process
management system
CVE-2024-54852 (When LDAP connection is activated in Teedy versions between
1.9 to 1.1 ...)
- TODO: check
+ NOT-FOR-US: Teedy
CVE-2024-54851 (Teedy <= 1.12 is vulnerable to Cross Site Request Forgery
(CSRF), due ...)
- TODO: check
+ NOT-FOR-US: Teedy
CVE-2024-51182 (HTML Injection vulnerability in Celk Sistemas Celk Saude
v.3.1.252.1 a ...)
NOT-FOR-US: Celk Sistemas Celk Saude
CVE-2024-48761 (The specific component in Celk Saude 3.1.252.1 that processes
user inp ...)
NOT-FOR-US: Celk Saude
CVE-2024-23733 (The /WmAdmin/,/invoke/vm.server/login login page in the
Integration Se ...)
- TODO: check
+ NOT-FOR-US: Software AG webMethods
CVE-2024-13642 (The Stratum \u2013 Elementor Widgets plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13470 (The Ninja Forms \u2013 The Contact Form Builder That Grows
With You pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13457 (The Event Tickets and Registration plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12921 (The EthereumICO plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12709 (The Bulk Me Now! WordPress plugin through 2.0 does not have
CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12708 (The Bulk Me Now! WordPress plugin through 2.0 does not
validate and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12638 (The Bulk Me Now! WordPress plugin through 2.0 does not
sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12400 (The tourmaster WordPress plugin before 5.3.5 does not escape
generated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12163 (The goodlayers-core WordPress plugin before 2.1.3 allows users
with a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10309 (The Tracking Code Manager WordPress plugin before 2.4.0 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24528 [Prevent overflow when calculating ulog block size]
- krb5 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
@@ -126,9 +126,9 @@ CVE-2024-57437 (RuoYi v4.8.0 was discovered to contain a
SQL injection vulnerabi
CVE-2024-57436 (RuoYi v4.8.0 was discovered to allow unauthorized attackers to
view th ...)
NOT-FOR-US: RuoYi
CVE-2024-54462 (The file names constructed within image_picker are missing
sanitizatio ...)
- TODO: check
+ NOT-FOR-US: flutter/image_picker_android
CVE-2024-54461 (The file names constructed within file_selector are missing
sanitizati ...)
- TODO: check
+ NOT-FOR-US: flutter/file_selector_android
CVE-2024-48852 (Insertion of Sensitive Information into Log File vulnerability
observe ...)
NOT-FOR-US: FLEXON
CVE-2024-48849 (Missing Origin Validation in WebSockets vulnerability
inFLXEON. Sessio ...)
@@ -138,7 +138,7 @@ CVE-2024-41140 (Zohocorp ManageEngine Applications Manager
versions174000 and pr
CVE-2024-13561 (The Target Video Easy Publish plugin for WordPress is
vulnerable to St ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10001 (A Code Injection vulnerability was identified in GitHub
Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2023-37413 (IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose
sensitive userna ...)
NOT-FOR-US: IBM
CVE-2023-37412 (IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a
privileged user t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00fa3d83fbc4f01902ec83082d81e9c70a125f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00fa3d83fbc4f01902ec83082d81e9c70a125f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
