Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38f01825 by Salvatore Bonaccorso at 2025-02-19T23:04:38+01:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
CVE-2025-27089 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2025-24965 (crun is an open source OCI Container Runtime fully written in
C. In af ...)
TODO: check
CVE-2025-24806 (Authelia is an open-source authentication and authorization
server pro ...)
- TODO: check
+ NOT-FOR-US: Authelia
CVE-2025-20211 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20158 (A vulnerability in the debug shell of Cisco Video Phone 8875
and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20153 (A vulnerability in the email filtering mechanism of Cisco
Secure Email ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-1465 (A vulnerability, which was classified as problematic, was found
in lmx ...)
- TODO: check
+ NOT-FOR-US: lmxcms
CVE-2025-1464 (A vulnerability, which was classified as critical, has been
found in B ...)
- TODO: check
+ NOT-FOR-US: Baiyi Cloud Asset Management System
CVE-2025-1426 (Heap buffer overflow in GPU in Google Chrome on Android prior
to 133.0 ...)
TODO: check
CVE-2025-1135 (A vulnerability exists in ChurchCRM5.13.0. and prior that
allows an at ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-1134 (A vulnerability exists in ChurchCRM5.13.0 and prior that allows
an att ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-1133 (A vulnerability exists in ChurchCRM 5.13.0 and priorthat allows
an att ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-1132 (A time-based blind SQL Injectionvulnerability exists in the
ChurchCRM ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-1075 (Insertion of Sensitive Information into Log File in Checkmk
GmbH's Che ...)
TODO: check
CVE-2025-1024 (A vulnerability exists in ChurchCRM 5.13.0that allows an
attacker to e ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-1007 (In OpenVSX version v0.9.0 to v0.20.0, the
/user/namespace/{namespace} ...)
TODO: check
CVE-2025-1006 (Use after free in Network in Google Chrome prior to
133.0.6943.126 all ...)
@@ -39,13 +39,13 @@ CVE-2025-0968 (The ElementsKit Elementor addons plugin for
WordPress is vulnerab
CVE-2025-0916 (The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook,
Mailgun, Br ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0893 (Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be
susceptibl ...)
- TODO: check
+ NOT-FOR-US: Symantec Diagnostic Tool (SymDiag)
CVE-2024-53974 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-52902 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
NOT-FOR-US: IBM
CVE-2024-52541 (Dell Client Platform BIOS contains a Weak Authentication
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-45084 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
NOT-FOR-US: IBM
CVE-2024-45081 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
@@ -85,21 +85,21 @@ CVE-2024-13336 (The Disable Auto Updates plugin for
WordPress is vulnerable to C
CVE-2024-13231 (The WordPress Portfolio Builder \u2013 Portfolio Gallery
plugin for Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51299 (PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML
Injection i ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Hotel Booking System
CVE-2023-51298 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV
Injection ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2023-51297 (A lack of rate limiting in the 'Email Settings' feature of
PHPJabbers ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Hotel Booking System
CVE-2023-51296 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2023-51293 (A lack of rate limiting in the 'Forgot Password', 'Email
Settings' fea ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2023-47160 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
NOT-FOR-US: IBM
CVE-2023-46272 (Buffer Overflow vulnerability in Extreme Networks IQ Engine
before 10. ...)
- TODO: check
+ NOT-FOR-US: Extreme Networks IQ Engine
CVE-2023-46271 (Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4
before 1 ...)
- TODO: check
+ NOT-FOR-US: Extreme Networks IQ Engine
CVE-2025-26624 (Rufus is a utility that helps format and create bootable USB
flash dri ...)
NOT-FOR-US: Rufus
CVE-2025-26617 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
@@ -333165,7 +333165,7 @@ CVE-2021-20066 (JSDom improperly allows the loading
of local resources, which al
CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab
before 9.2 ...)
NOT-FOR-US: Mitel
CVE-2020-35546 (Lexmark MX6500 LW75.JD.P296 and previous devices have
Incorrect Access ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query
string.)
- spotweb <removed> (bug #977719)
[buster] - spotweb <no-dsa> (Minor issue)
@@ -378261,7 +378261,7 @@ CVE-2020-13483 (The Web Application Firewall in
Bitrix24 through 20.0.0 allows X
CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an
insecure way ...)
NOT-FOR-US: EM-HTTP-Request
CVE-2020-13481 (Certain Lexmark products through 2020-05-25 allow XSS which
allows an ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection
via the ...)
NOT-FOR-US: Verint Workforce Optimization (WFO)
CVE-2020-13479
@@ -388640,7 +388640,7 @@ CVE-2020-10097 (An issue was discovered in Zammad 3.0
through 3.2. It may respon
CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not
prevent ...)
- zammad <itp> (bug #841355)
CVE-2020-10095 (Various Lexmark devices have CSRF that allows an attacker to
modify th ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x
before LW7 ...)
NOT-FOR-US: Lexmark
CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910
series in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f01825a22687ffbd03427b213447e5079b90c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f01825a22687ffbd03427b213447e5079b90c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
