Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76ae218e by Salvatore Bonaccorso at 2025-03-14T21:18:56+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-2304 (A Privilege Escalation through a Mass
Assignment exists in Camale
CVE-2025-2268 (The HP LaserJet MFP M232-M237 Printer Series may be vulnerable
to a de ...)
TODO: check
CVE-2025-2232 (The Realteo - Real Estate Plugin by Purethemes plugin for
WordPress, u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2000 (A maliciously crafted QPY file can potential execute
arbitrary-code em ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-29782 (WeGIA is Web manager for charitable institutions A Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-29780 (Post-Quantum Secure Feldman's Verifiable Secret Sharing
provides a Pyt ...)
TODO: check
CVE-2025-29779 (Post-Quantum Secure Feldman's Verifiable Secret Sharing
provides a Pyt ...)
@@ -21,21 +21,21 @@ CVE-2025-29774 (xml-crypto is an XML digital signature and
encryption library fo
CVE-2025-29771 (HtmlSanitizer is a client-side HTML Sanitizer. Versions prior
to 2.0.3 ...)
TODO: check
CVE-2025-29387 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter
of /gofor ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29386 (In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of
/goform/Adv ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29385 (In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter
of /gofo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29384 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of
/goform/ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29032 (Tenda AC9 v15.03.05.19(6318) was discovered to contain a
buffer overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29031 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29030 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29029 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-27606 (Element Android is an Android Matrix Client provided by
Element. Eleme ...)
TODO: check
CVE-2025-27595 (The device uses a weak hashing alghorithm to create the
password hash. ...)
@@ -61,9 +61,9 @@ CVE-2025-25871 (An issue in Open Panel v.0.3.4 allows a
remote attacker to escal
CVE-2025-1888 (The Leica Web Viewer within the Aperio Eslide Manager
Application is v ...)
TODO: check
CVE-2025-1507 (The ShareThis Dashboard for Google Analytics plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55594 (An improper handling of syntactically invalid structure in
Fortinet Fo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-54449 (The API used to interact with documents in the application
contains tw ...)
TODO: check
CVE-2024-54448 (The Automation Scripting functionality can be exploited by
attackers t ...)
@@ -75,29 +75,29 @@ CVE-2024-54446 (Document history functionality contains a
blind SQL injection th
CVE-2024-54445 (Login functionality contains a blind SQL injection that can be
exploit ...)
TODO: check
CVE-2024-47573 (An improper validation of integrity check value vulnerability
[CWE-354 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46662 (A improper neutralization of special elements used in a
command ('comm ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-45643 (IBM Security QRadar 3.12 EDR uses weaker than expected
cryptographic a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-45638 (IBM Security QRadar 3.12 EDR stores user credentials in plain
text whi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-40590 (Animproper certificate validation vulnerability [CWE-295] in
FortiPort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-40585 (An insertion of sensitive information into log file
vulnerabilities [C ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-29409 (File Upload vulnerability in nestjs nest v.10.3.2 allows a
remote atta ...)
TODO: check
CVE-2024-26006 (An improper neutralization of input during web page Generation
vulnera ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-13773 (The Civi - Job Board & Freelance Marketplace WordPress Theme
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13772 (The Civi - Job Board & Freelance Marketplace WordPress Theme
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13771 (The Civi - Job Board & Freelance Marketplace WordPress Theme
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12810 (The JobCareer | Job Board Responsive WordPress Theme theme for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12245 (Logout functionality contains a blind SQL injection that can
be exploi ...)
TODO: check
CVE-2024-12020 (There is a reflected cross-site scripting (XSS) within JSP
files used ...)
@@ -105,11 +105,11 @@ CVE-2024-12020 (There is a reflected cross-site scripting
(XSS) within JSP files
CVE-2024-12019 (The API used to interact with documents in the application
contains a ...)
TODO: check
CVE-2023-48785 (An improper certificate validation vulnerability [CWE-295] in
FortiNAC ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-45588 (An external control of file name or path vulnerability
[CWE-73] in Fo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-33300 (A improper neutralization of special elements used in a
command ('comm ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-52927 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/4914109a8e1e494c6aa9852f9e84ec77a5fc643f (6.6-rc1)
@@ -82505,7 +82505,7 @@ CVE-2024-2119 (The LuckyWP Table of Contents plugin for
WordPress is vulnerable
CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
NOT-FOR-US: WordPress plugin
CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1446 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
@@ -247279,7 +247279,7 @@ CVE-2022-29061 (An improper neutralization of special
elements used in an OS com
CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321]
in Forti ...)
NOT-FOR-US: Fortinet
CVE-2022-29059 (An improper neutralization of special elements used in an SQL
command( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-29058 (An improper neutralization of special elements [CWE-89] used
in an OS ...)
NOT-FOR-US: FortiGuard
CVE-2022-29057 (A improper neutralization of input during web page generation
('cross- ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ae218e6c8ecbafbba01d7c1cbb32d115fe7eff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ae218e6c8ecbafbba01d7c1cbb32d115fe7eff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
