Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08ad3fb2 by Salvatore Bonaccorso at 2025-03-01T09:43:59+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
CVE-2025-27554 (ToDesktop before 2024-10-03, as used by Cursor before
2024-10-03 and o ...)
- TODO: check
+ NOT-FOR-US: ToDesktop
CVE-2025-27416 (Scratch-Coding-Hut.github.io is the website for Coding Hut.
The websit ...)
- TODO: check
+ NOT-FOR-US: Scratch-Coding-Hut.github.io flaw
CVE-2025-27414 (MinIO is a high performance object storage. Starting in
RELEASE.2024-0 ...)
TODO: check
CVE-2025-27413 (PwnDoc is a penetration test reporting application. Prior to
version 1 ...)
- TODO: check
+ NOT-FOR-US: PwnDoc
CVE-2025-27410 (PwnDoc is a penetration test reporting application. Prior to
version 1 ...)
- TODO: check
+ NOT-FOR-US: PwnDoc
CVE-2025-25723 (Buffer Overflow vulnerability in GPAC version 2.5 allows a
local attac ...)
TODO: check
CVE-2025-25478 (The account file upload functionality in Syspass 3.2.x fails
to proper ...)
- TODO: check
+ NOT-FOR-US: Syspass
CVE-2025-25476 (A stored cross-site scripting (XSS) vulnerability in SysPass
3.2.x all ...)
- TODO: check
+ NOT-FOR-US: Syspass
CVE-2025-25379 (Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9
allows a ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2025-23119 (An Improper Neutralization of Escape Sequences vulnerability
could all ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-23118 (An Improper Certificate Validation vulnerability could allow
an authen ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-23117 (An Insufficient Firmware Update Validation vulnerability could
allow a ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-23116 (An Authentication Bypass vulnerability on UniFi Protect
Application wi ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-23115 (A Use After Free vulnerability on UniFi Protect Cameras could
allow a ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-1803
REJECTED
CVE-2025-1780 (The BuddyPress WooCommerce My Account Integration. Create
WooCommerce ...)
@@ -49,7 +49,7 @@ CVE-2024-9217 (The Currency Switcher for WooCommerce plugin
for WordPress is vul
CVE-2024-9212 (The SKU Generator for WooCommerce plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1509 (Brocade ASCG before 3.2.0 Web Interface is not enforcing
HSTS, as de ...)
- TODO: check
+ NOT-FOR-US: Brocade ASCG
CVE-2024-13911 (The Database Backup and check Tables Automated With Scheduler
2024 plu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13901 (The Counter Box: Add Engaging Countdowns, Timers & Counters to
Your Wo ...)
@@ -103,15 +103,15 @@ CVE-2025-25429 (Trendnet TEW-929DRU 1.0.0.10 contains a
Stored Cross-site Script
CVE-2025-25428 (TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a
hardcoded pas ...)
NOT-FOR-US: Trendnet
CVE-2025-24849 (Lack of encryption in transit for cloud infrastructure
facilitating po ...)
- TODO: check
+ NOT-FOR-US: Dario Health
CVE-2025-24843 (Insecure file retrieval process that facilitates potential for
file ma ...)
- TODO: check
+ NOT-FOR-US: Dario Health
CVE-2025-24318 (Cookie policy is observable via built-in browser tools. In the
presenc ...)
- TODO: check
+ NOT-FOR-US: Dario Health
CVE-2025-24316 (The Dario Health Internet-based server infrastructure is
vulnerable du ...)
- TODO: check
+ NOT-FOR-US: Dario Health
CVE-2025-23405 (Unauthenticated log effects metrics gathering incident
response effort ...)
- TODO: check
+ NOT-FOR-US: Dario Health
CVE-2025-22492 (The connection string visible to users with access to FRSCore
database ...)
NOT-FOR-US: Eaton
CVE-2025-22491 (The user input was not sanitized on Reporting Hierarchy
Management pag ...)
@@ -127,9 +127,9 @@ CVE-2025-22271 (The application or its infrastructure
allows for IP address spoo
CVE-2025-22270 (An attacker with access to the Administration panel,
specifically the ...)
NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
CVE-2025-20060 (An attacker could expose cross-user personal identifiable
information ...)
- TODO: check
+ NOT-FOR-US: Dario Health
CVE-2025-20049 (The Dario Health portal service application is vulnerable to
XSS, whic ...)
- TODO: check
+ NOT-FOR-US: Dario Health
CVE-2025-1795 (During an address list folding when a separating comma ends up
on a fo ...)
- python3.13 3.13.0~b1-1
- python3.12 3.12.9-1
@@ -183,7 +183,7 @@ CVE-2024-8420 (The DHVC Form plugin for WordPress is
vulnerable to privilege esc
CVE-2024-54175 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a
local user ...)
NOT-FOR-US: IBM
CVE-2024-44754 (Cryptographic key extraction from internal flash in Minut M2
with firm ...)
- TODO: check
+ NOT-FOR-US: Minut
CVE-2024-13851 (The Modal Portfolio plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13832 (The Ultra Addons Lite for Elementor plugin for WordPress is
vulnerable ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ad3fb223a2c13302edeb021f9e50c436832b1f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ad3fb223a2c13302edeb021f9e50c436832b1f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
