Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c83f0787 by Salvatore Bonaccorso at 2025-03-05T21:27:22+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-2003 (Incorrect authorization in PAM vaults in Devolutions Server
2024.3.12 ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-27517 (Volt is an elegantly crafted functional API for Livewire.
Malicious, u ...)
- TODO: check
+ NOT-FOR-US: Volt API for Livewire
CVE-2025-27515 (Laravel is a web application framework. When using wildcard
validation ...)
TODO: check
CVE-2025-27513 (OpenTelemetry dotnet is a dotnet telemetry framework. A
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry dotnet
CVE-2025-27497 (OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior
to 4.9.3 ...)
TODO: check
CVE-2025-27412 (REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through
5.18.2, the re ...)
- TODO: check
+ NOT-FOR-US: REDAXO
CVE-2025-27411 (REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the
mediapool/medi ...)
- TODO: check
+ NOT-FOR-US: REDAXO
CVE-2025-25015 (Prototype pollution in Kibana leads to arbitrary code
execution via a ...)
TODO: check
CVE-2025-24521 (External XML entity injection allows arbitrary download of
files. The ...)
@@ -23,13 +23,13 @@ CVE-2025-23416 (Path traversal may lead to arbitrary file
deletion. The score wi
CVE-2025-22493 (Secure flag not set and SameSIte was set to Lax in the
Foreseer Report ...)
TODO: check
CVE-2025-22212 (A SQL injection vulnerability in the ConvertForms component
versions 1 ...)
- TODO: check
+ NOT-FOR-US: ConvertForms component for Joomla
CVE-2025-21095 (Path traversal may lead to arbitrary file download. The score
without ...)
TODO: check
CVE-2025-20208 (A vulnerability in the web-based management interface of Cisco
TelePre ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20206 (A vulnerability in the interprocess communication (IPC)
channel of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-1714 (Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy
prior to ...)
TODO: check
CVE-2025-1702 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
@@ -55,13 +55,13 @@ CVE-2024-8682 (The JNews - WordPress Newspaper Magazine
Blog AMP Theme theme for
CVE-2024-5667 (Multiple plugins for WordPress are vulnerable to Stored
Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-53458 (Sysax Multi Server 6.99 is vulnerable to a denial of service
(DoS) con ...)
- TODO: check
+ NOT-FOR-US: Sysax Multi Server
CVE-2024-51144 (Cross Site Request Forgery (CSRF) vulnerability exists in the
'pvmsg.p ...)
TODO: check
CVE-2024-48246 (Vehicle Management System 1.0 contains a Stored Cross-Site
Scripting ( ...)
- TODO: check
+ NOT-FOR-US: Vehicle Management System
CVE-2024-31525 (Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect
Access C ...)
- TODO: check
+ NOT-FOR-US: Peppermint Ticket Management
CVE-2024-13866 (The Simple Notification plugin for WordPress is vulnerable to
Stored C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13839 (The Staff Directory Plugin: Company Directory plugin for
WordPress is ...)
@@ -99,23 +99,23 @@ CVE-2024-13350 (The SearchIQ \u2013 The Search Solution
plugin for WordPress is
CVE-2024-13232 (The WordPress Awesome Import & Export Plugin - Import & Export
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13147 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Merkur Software B2B Login Panel
CVE-2024-12815 (The Point Maker plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12799 (Insufficiently Protected Credentials vulnerability in OpenText
Identit ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-12650 (An attacker with low privileges can manipulate the requested
memory si ...)
TODO: check
CVE-2024-12281 (The Homey theme for WordPress is vulnerable to privilege
escalation in ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12097 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Boceksoft Informatics E-Travel
CVE-2024-11951 (The Homey Login Register plugin for WordPress is vulnerable to
privile ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11731 (The Master Slider \u2013 Responsive Touch Slider plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11216 (Authorization Bypass Through User-Controlled Key, Exposure of
Private ...)
- TODO: check
+ NOT-FOR-US: PozitifIK Pik Online
CVE-2024-11153 (The Content Control \u2013 The Ultimate Content Restriction
Plugin! Re ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11035 (Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be
susceptible ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c83f07875f35f848154685fd12dcdfeda5ebfde8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c83f07875f35f848154685fd12dcdfeda5ebfde8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
