Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d7549a3 by Salvatore Bonaccorso at 2025-02-25T11:21:22+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-25513 (Seacms <=13.3 is vulnerable to SQL Injection
in admin_members.ph
CVE-2025-22974 (SQL Injection vulnerability in SeaCMS v.13.2 and before allows
a remot ...)
NOT-FOR-US: SeaCMS
CVE-2025-22210 (A SQL injection vulnerability in the Hikashop component
versions 3.3.0 ...)
- TODO: check
+ NOT-FOR-US: Hikashop
CVE-2025-1675 (The function dns_copy_qname in dns_pack.c performs performs a
memcpy o ...)
TODO: check
CVE-2025-1674 (A lack of input validation allows for out of bounds reads
caused by ma ...)
@@ -25,41 +25,41 @@ CVE-2025-1674 (A lack of input validation allows for out of
bounds reads caused
CVE-2025-1673 (A malicious or malformed DNS packet without a payload can cause
an out ...)
TODO: check
CVE-2025-1648 (The Yawave plugin for WordPress is vulnerable to SQL Injection
via the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1646 (A vulnerability, which was classified as critical, has been
found in L ...)
- TODO: check
+ NOT-FOR-US: Lumsoft ERP
CVE-2025-1645 (A vulnerability classified as critical was found in Benner
Connecta 1. ...)
- TODO: check
+ NOT-FOR-US: Benner Connecta
CVE-2025-1644 (A vulnerability classified as problematic has been found in
Benner Mod ...)
- TODO: check
+ NOT-FOR-US: Benner ModernaNet
CVE-2025-1643 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It
has bee ...)
- TODO: check
+ NOT-FOR-US: Benner ModernaNet
CVE-2025-1642 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It
has bee ...)
- TODO: check
+ NOT-FOR-US: Benner ModernaNet
CVE-2025-1641 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It
has bee ...)
- TODO: check
+ NOT-FOR-US: Benner ModernaNet
CVE-2025-1640 (A vulnerability was found in Benner ModernaNet up to 1.1.0 and
classif ...)
- TODO: check
+ NOT-FOR-US: Benner ModernaNet
CVE-2025-1128 (The Everest Forms \u2013 Contact Forms, Quiz, Survey,
Newsletter & Pay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1063 (The Classified Listing \u2013 Classified ads & Business
Directory Plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-57685 (An issue in sparkshop v.1.1.7 and before allows a remote
attacker to e ...)
- TODO: check
+ NOT-FOR-US: sparkshop
CVE-2024-57608 (An issue in Via Browser 6.1.0 allows a a remote attacker to
execute ar ...)
- TODO: check
+ NOT-FOR-US: Via Browser
CVE-2024-56525 (In Public Knowledge Project (PKP) OJS, OMP, and OPS before
3.3.0.21 an ...)
- TODO: check
+ NOT-FOR-US: Public Knowledge Project (PKP) OJS, OMP, and OPS
CVE-2024-53544 (NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to
v8.6 was d ...)
- TODO: check
+ NOT-FOR-US: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus
CVE-2024-53543 (NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to
v8.6 was d ...)
- TODO: check
+ NOT-FOR-US: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus
CVE-2024-53542 (Incorrect access control in the component
/iclock/Settings?restartNCS= ...)
- TODO: check
+ NOT-FOR-US: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus
CVE-2024-13494 (The WordPress File Upload plugin for WordPress is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10545 (The Photo Gallery, Sliders, Proofing and WordPress plugin
before 3.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27364 (In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a
Remote Code ...)
NOT-FOR-US: MITRE Caldera
CVE-2025-27357 (Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI
\xd6nceki ...)
@@ -200,7 +200,7 @@ CVE-2025-25460 (A stored Cross-Site Scripting (XSS)
vulnerability was identified
CVE-2025-23017 (WorkOS Hosted AuthKit before 2025-01-07 allows a password
authenticati ...)
NOT-FOR-US: WorkOS Hosted AuthKit
CVE-2025-22495 (An improper input validation vulnerability was discovered in
the NTP s ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2025-1632 (A vulnerability was found in libarchive up to 3.7.7. It has
been class ...)
- libarchive <unfixed> (unimportant)
NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
@@ -218,9 +218,9 @@ CVE-2024-56897 (Improper access control in the HTTP server
in YI Car Dashcam v3.
CVE-2024-54820 (XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was
discovered to c ...)
NOT-FOR-US: XOne Web Monitor
CVE-2024-12918 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Agito Computer Health4All
CVE-2024-12917 (Files or Directories Accessible to External Parties
vulnerability in A ...)
- TODO: check
+ NOT-FOR-US: Agito Computer Health4All
CVE-2024-12916 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Agito Computer Life4All
CVE-2023-52926 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7549a3224b4a529e6710ba3fb026fd3b51ea61
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7549a3224b4a529e6710ba3fb026fd3b51ea61
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
