Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25bd04cc by Salvatore Bonaccorso at 2025-01-30T22:59:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-24883 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
- golang-github-go-ethereum <itp> (bug #890541)
CVE-2025-24802 (Plonky2 is a SNARK implementation based on techniques from
PLONK and F ...)
- TODO: check
+ NOT-FOR-US: Plonky2
CVE-2025-24784 (kubewarden-controller is a Kubernetes controller that allows
you to dy ...)
- TODO: check
+ NOT-FOR-US: kubewarden-controller
CVE-2025-24507 (This vulnerability allows appliance compromise at boot time.)
TODO: check
CVE-2025-24506 (A specific authentication strategy allows to learn ids of PAM
users as ...)
@@ -21,197 +21,197 @@ CVE-2025-24501 (An improper input validation allows an
unauthenticated attacker
CVE-2025-24500 (The vulnerability allows an unauthenticated attacker to access
informa ...)
TODO: check
CVE-2025-24376 (kubewarden-controller is a Kubernetes controller that allows
you to dy ...)
- TODO: check
+ NOT-FOR-US: kubewarden-controller
CVE-2025-24099 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-23367 (A flaw was found in the Wildfly Server Role Based Access
Control (RBAC ...)
TODO: check
CVE-2025-23216 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2025-23007 (A vulnerability in the NetExtender Windows client log export
function ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-22222 (VMware Aria Operations contains an information disclosure
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22221 (VMware Aria Operation for Logs contains a stored cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22220 (VMware Aria Operations for Logs contains a privilege
escalationvulnera ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22219 (VMware Aria Operations for Logs contains a stored cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22218 (VMware Aria Operations for Logs contains an information
disclosure vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-21107 (Dell NetWorker, version(s) prior to 19.11.0.3, all versions of
19.10 & ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-0874 (A vulnerability, which was classified as critical, has been
found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Simple Plugins Car Rental Management
CVE-2025-0873 (A vulnerability classified as critical was found in
itsourcecode Tailo ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2025-0872 (A vulnerability classified as critical has been found in
itsourcecode ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2025-0871 (A vulnerability classified as problematic has been found in
Maybecms 1 ...)
- TODO: check
+ NOT-FOR-US: Maybecms
CVE-2025-0870 (A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641.
It has ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2025-0869 (A vulnerability was found in Cianet ONU GW24AC up to 20250127.
It has ...)
- TODO: check
+ NOT-FOR-US: Cianet ONU GW24AC
CVE-2025-0861 (The VR-Frases (collect & share quotes) plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0860 (The VR-Frases (collect & share quotes) plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0834 (Privilege escalation vulnerability has been found in
Wondershare Dr.Fo ...)
- TODO: check
+ NOT-FOR-US: Wondershare Dr.Fone
CVE-2025-0747 (A Stored Cross-Site Scripting vulnerability has been found in
EmbedAI. ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0746 (A Reflected Cross-Site Scripting vulnerability has been found
in Embed ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0745 (An Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0744 (an Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0743 (An Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0742 (An Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0741 (An Improper Access Control vulnerability has been found in
EmbedAI 2 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0740 (An Improper Access Control vulnerability has been found in
EmbedAI 2 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0739 (An Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
- TODO: check
+ NOT-FOR-US: EmbedAI
CVE-2025-0683 (In its default configuration, the affected product transmits
plain-tex ...)
- TODO: check
+ NOT-FOR-US: Contec Health
CVE-2025-0681 (The Cloud MQTT service of the affected products supports
wildcard topi ...)
- TODO: check
+ NOT-FOR-US: New Rock Technologies
CVE-2025-0680 (Affected products contain a vulnerability in the device cloud
rpc comm ...)
- TODO: check
+ NOT-FOR-US: New Rock Technologies
CVE-2025-0626 (The affected product sends out remote access requests to a
hard-coded ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2025-0498 (A data exposure vulnerability exists in all versions prior to
V15.00.0 ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-0497 (A data exposure vulnerability exists in all versions prior to
V15.00.0 ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-0477 (An encryption vulnerability exists in all versions prior to
V15.00.001 ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-0367 (In versions 3.1.0 and lower of the Splunk Supporting Add-on for
Active ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2025-0147 (Type confusion in the Zoom Workplace App for Linux before
6.2.10 may a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0146 (Symlink following in the installer for Zoom Workplace App for
macOS be ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0145 (Untrusted search path in the installer for some Zoom Workplace
Apps fo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0144 (Out-of-bounds write in some Zoom Workplace Apps may allow an
authorize ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0143 (Out-of-bounds write in the Zoom Workplace App for Linux before
version ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-0142 (Cleartext storage of sensitive information in the Zoom Jenkins
Marketp ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-8494 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55417 (DevDojo Voyager through version 1.8.0 is vulnerable to
bypassing the f ...)
- TODO: check
+ NOT-FOR-US: DevDojo Voyager
CVE-2024-55416 (DevDojo Voyager through version 1.8.0 is vulnerable to
reflected XSS v ...)
- TODO: check
+ NOT-FOR-US: DevDojo Voyager
CVE-2024-55415 (DevDojo Voyager through 1.8.0 is vulnerable to path traversal
at the / ...)
- TODO: check
+ NOT-FOR-US: DevDojo Voyager
CVE-2024-53615 (A command injection vulnerability in the video thumbnail
rendering com ...)
- TODO: check
+ NOT-FOR-US: Karl Ward's files.gallery
CVE-2024-44142 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-2658 (A misconfiguration in lmadmin.exe of FlexNet Publisher versions
prior ...)
- TODO: check
+ NOT-FOR-US: FlexNet Publisher
CVE-2024-13758 (The CP Contact Form with PayPal plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13742 (The iControlWP \u2013 Multiple WordPress Site Manager plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13732 (The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13720 (The WP Image Uploader plugin for WordPress is vulnerable to
arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13715 (The zStore Manager Basic plugin for WordPress is vulnerable to
unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13707 (The WP Image Uploader plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13706 (The WP Image Uploader plugin for WordPress is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13705 (The StageShow plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13700 (The Embed Swagger UI plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13694 (The WooCommerce Wishlist (High customization, fast setup,Free
Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13671 (The Music Sheet Viewer plugin for WordPress is vulnerable to
Arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13670 (The Music Sheet Viewer plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13664 (The WP Post List Table plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13661 (The Table Editor plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13652 (The ECPay Ecommerce for WooCommerce plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13646 (The Single-user-chat plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13596 (The WordPress Survey & Poll \u2013 Quiz, Survey and Poll
Plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13549 (The All Bootstrap Blocks plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13512 (The Wonder FontAwesome plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13466 (The Automatically Hierarchic Categories in Menu plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13460 (The WE \u2013 Testimonial Slider plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13453 (The The Contact Form & SMTP Plugin for WordPress by
PirateForms plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13400 (The Kona Gallery Block plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13380 (The Alex Reservations: Smart Restaurant Booking plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13349 (The Stockdio Historical Chart plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12861 (The W2S \u2013 Migrate WooCommerce to Shopify plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12822 (The Media Manager for UserPro plugin for WordPress is
vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12821 (The Media Manager for UserPro plugin for WordPress is
vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12524 (The Clinked Client Portal plugin for WordPress is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12451 (The HTML5 chat plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12444 (The WP Dispensary plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12409 (The Simple:Press Forum plugin for WordPress is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12320 (The Team Rosters plugin for WordPress is vulnerable to
Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12299 (The System Dashboard plugin for WordPress is vulnerable to
Reflected C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12269 (The Safe Ai Malware Protection for WP plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12248 (The affected product is vulnerable to an out-of-bounds write,
which co ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2024-12177 (The Ai Image Alt Text Generator for WP plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12129 (The Royal Core plugin for WordPress is vulnerable to
unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12102 (The Typer Core plugin for WordPress is vulnerable to
Information Expos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11600 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit
for Ele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11583 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit
for Ele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10847 (The Storely theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10604 (Vulnerabilities in the algorithms used by Fuchsia to populate
network ...)
- TODO: check
+ NOT-FOR-US: Fuchsia
CVE-2024-10603 (Weaknesses in the generation of TCP/UDP source ports and some
other he ...)
- TODO: check
+ NOT-FOR-US: gVisor
CVE-2024-10591 (The MWB HubSpot for WooCommerce \u2013 CRM, Abandoned Cart,
Email Mark ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10026 (A weak hashing algorithm and small sizes of seeds/secrets in
Google's ...)
- TODO: check
+ NOT-FOR-US: gVisor
CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation
requests to th ...)
NOT-FOR-US: kube-audit-rest
CVE-2025-24795 (The Snowflake Connector for Python provides an interface for
developin ...)
@@ -151997,7 +151997,7 @@ CVE-2023-29082
CVE-2023-29081 (A vulnerability has been reported in Suite Setups built with
versions ...)
NOT-FOR-US: InstallShield
CVE-2023-29080 (Potential privilege escalation vulnerability in Revenera
InstallShield ...)
- TODO: check
+ NOT-FOR-US: Revenera
CVE-2023-29079
REJECTED
CVE-2023-29078
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25bd04cc8bdb5caf3a0e7910de3c6e14c557343f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25bd04cc8bdb5caf3a0e7910de3c6e14c557343f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
