Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e865949 by Salvatore Bonaccorso at 2025-02-21T21:33:57+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
CVE-2025-26014 (A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0
allows a ...)
- TODO: check
+ NOT-FOR-US: Loggrove
CVE-2025-26013 (An issue in Loggrove v.1.0 allows a remote attacker to obtain
sensitiv ...)
- TODO: check
+ NOT-FOR-US: Loggrove
CVE-2025-25878 (A vulnerability was found in ITSourcecode Simple ChatBox up to
1.0. Th ...)
- TODO: check
+ NOT-FOR-US: ITSourcecode Simple ChatBox
CVE-2025-25877 (A vulnerability was found in ITSourcecode Simple ChatBox up to
1.0. Th ...)
- TODO: check
+ NOT-FOR-US: ITSourcecode Simple ChatBox
CVE-2025-25876 (A vulnerability was found in ITSourcecode Simple ChatBox up to
1.0. Th ...)
- TODO: check
+ NOT-FOR-US: ITSourcecode Simple ChatBox
CVE-2025-25875 (A vulnerability was found in ITSourcecode Simple ChatBox up to
1.0. Th ...)
- TODO: check
+ NOT-FOR-US: ITSourcecode Simple ChatBox
CVE-2025-25772 (A Cross-Site Request Forgery (CSRF) in the component
/back/UserControl ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2025-25770 (Wangmarket v4.10 to v5.0 was discovered to contain a
Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: Wangmarket
CVE-2025-25769 (Wangmarket v4.10 to v5.0 was discovered to contain a
Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: Wangmarket
CVE-2025-25768 (MRCMS v3.1.2 was discovered to contain a server-side template
injectio ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-25767 (A vertical privilege escalation vulnerability in the component
/contro ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-25766 (An arbitrary file upload vulnerability in the component
/file/savefile ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-25765 (MRCMS v3.1.2 was discovered to contain an arbitrary file write
vulnera ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-25605 (Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to
command inject ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2025-25604 (Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to
command inject ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2025-25510 (Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the
get_par ...)
NOT-FOR-US: Tenda
CVE-2025-25507 (There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi.
In the fo ...)
@@ -35,23 +35,23 @@ CVE-2025-25507 (There is a RCE vulnerability in Tenda AC6
15.03.05.16_multi. In
CVE-2025-25505 (Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow
in the su ...)
NOT-FOR-US: Tenda
CVE-2025-1548 (A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It
has been ...)
- TODO: check
+ NOT-FOR-US: iteachyou Dreamer CMS
CVE-2025-1546 (A vulnerability has been found in BDCOM Behavior Management and
Auditi ...)
- TODO: check
+ NOT-FOR-US: BDCOM Behavior Management and Auditing System
CVE-2025-1544 (A vulnerability, which was classified as critical, was found in
dingfa ...)
- TODO: check
+ NOT-FOR-US: dingfanzu CMS
CVE-2025-1543 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: iteachyou Dreamer CMS
CVE-2025-1539 (A vulnerability, which was classified as critical, has been
found in D ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-1538 (A vulnerability classified as critical was found in D-Link
DAP-1320 1. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-1537 (A vulnerability was found in Harpia DiagSystem 12. It has been
rated a ...)
- TODO: check
+ NOT-FOR-US: Harpia DiagSystem
CVE-2025-1536 (A vulnerability was found in Raisecom Multi-Service Intelligent
Gatewa ...)
- TODO: check
+ NOT-FOR-US: Raisecom Multi-Service Intelligent Gateway
CVE-2025-1535 (A vulnerability was found in Baiyi Cloud Asset Management
System 8.142 ...)
- TODO: check
+ NOT-FOR-US: Baiyi Cloud Asset Management System
CVE-2025-1489 (The WP-Appbox plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1471 (In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe
print fu ...)
@@ -61,25 +61,25 @@ CVE-2025-1470 (In Eclipse OMR, from the initial
contribution to version 0.4.0, s
CVE-2025-1410 (The Events Calendar Made Simple \u2013 Pie Calendar plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1403 (Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker
to cause ...)
- TODO: check
+ NOT-FOR-US: Qiskit SDK
CVE-2025-1402 (The Event Tickets and Registration plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0838 (There exists a heap buffer overflow vulnerable in Abseil-cpp.
The size ...)
TODO: check
CVE-2025-0728 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo
before ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX NetX Duo
CVE-2025-0727 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo
before ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX NetX Duo
CVE-2025-0726 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo
before ...)
- TODO: check
+ NOT-FOR-US: Eclipse ThreadX NetX Duo
CVE-2024-9150 (Report generation functionality in Wyn Enterprise allows for
code incl ...)
- TODO: check
+ NOT-FOR-US: Wyn Enterprise
CVE-2024-57176 (An issue in the shiroFilter function of White-Jotter project
v0.2.2 al ...)
- TODO: check
+ NOT-FOR-US: White-Jotter project
CVE-2024-55159 (GFast between v2 to v3.2 was discovered to contain a SQL
injection vul ...)
- TODO: check
+ NOT-FOR-US: GFast
CVE-2024-55156 (An XML External Entity (XXE) vulnerability in the
deserializeArgs() me ...)
- TODO: check
+ NOT-FOR-US: Java SDK for CloudEvents
CVE-2024-45673 (IBM Security Verify Bridge Directory Sync 1.0.1 through
1.0.12, IBM Se ...)
NOT-FOR-US: IBM
CVE-2024-13900 (The Head, Footer and Post Injections plugin for WordPress is
vulnerabl ...)
@@ -150,7 +150,7 @@ CVE-2025-1407 (The AMO Team Showcase plugin for WordPress
is vulnerable to Store
CVE-2025-1406 (The Newpost Catch plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1001 (Medixant RadiAnt DICOM Viewer is vulnerable due to failure of
the upda ...)
- TODO: check
+ NOT-FOR-US: Medixant RadiAnt DICOM Viewer
CVE-2024-7131
REJECTED
CVE-2024-54756 (A remote code execution (RCE) vulnerability in the ZScript
function of ...)
@@ -364534,7 +364534,7 @@ CVE-2020-19250
CVE-2020-19249
RESERVED
CVE-2020-19248 (SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if
statements ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2020-19247
RESERVED
CVE-2020-19246
@@ -399212,7 +399212,7 @@ CVE-2020-6160
CVE-2020-6159 (URLs using \u201cjavascript:\u201d have the protocol removed
when past ...)
NOT-FOR-US: Opera
CVE-2020-6158 (Opera Mini for Android before version 52.2 is vulnerable to an
address ...)
- TODO: check
+ NOT-FOR-US: Opera Mini for Android
CVE-2020-6157 (Opera Touch for iOS before version 2.4.5 is vulnerable to an
address b ...)
NOT-FOR-US: Opera Touch for iOS
CVE-2020-6156 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05
when the s ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e865949c5c5d22e398937f4467e92f393d42252
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e865949c5c5d22e398937f4467e92f393d42252
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
