Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fba4aa42 by Salvatore Bonaccorso at 2025-02-23T17:04:06+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2025-1576 (A vulnerability classified as critical was found
in code-projects
CVE-2025-1575 (A vulnerability classified as problematic has been found in
Harpia Dia ...)
NOT-FOR-US: Harpia DiagSystem
CVE-2024-13728 (The Accept Donations with PayPal & Stripe plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27012 (Cross-Site Request Forgery (CSRF) vulnerability in a1post
A1POST.BG Sh ...)
NOT-FOR-US: a1post A1POST.BG
CVE-2025-26973 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -43,26 +43,26 @@ CVE-2025-0953 (The SMTP for Sendinblue \u2013 YaySMTP
plugin for WordPress is vu
CVE-2025-0918 (The SMTP for SendGrid \u2013 YaySMTP plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-52939 (Kernel software installed and running inside a Guest VM may
post impro ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-47896 (Kernel software installed and running inside a Guest VM may
exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-46975 (Kernel software installed and running inside a Guest VM may
exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-13869 (The Migration, Backup, Staging \u2013 WPvivid Backup &
Migration plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13564 (The Rife Elementor Extensions & Templates plugin for WordPress
is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12577 (Kernel software installed and running inside a Guest VM may
exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-21704 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.12.16-1
NOTE:
https://git.kernel.org/linus/e563b01208f4d1f609bcab13333b6c0e24ce6a01 (6.14-rc3)
CVE-2025-27109 (solid-js is a declarative, efficient, and flexible JavaScript
library ...)
- TODO: check
+ NOT-FOR-US: solid-js
CVE-2025-27108 (dom-expressions is a Fine-Grained Runtime for Performant DOM
Rendering ...)
- TODO: check
+ NOT-FOR-US: dom-expressions
CVE-2025-27106 (binance-trading-bot is an automated Binance trading bot with
trailing ...)
- TODO: check
+ NOT-FOR-US: binance-trading-bot
CVE-2025-27105 (vyper is a Pythonic Smart Contract Language for the EVM. Vyper
handles ...)
NOT-FOR-US: Vyper
CVE-2025-27104 (vyper is a Pythonic Smart Contract Language for the EVM.
Multiple eval ...)
@@ -150,9 +150,9 @@ CVE-2025-1535 (A vulnerability was found in Baiyi Cloud
Asset Management System
CVE-2025-1489 (The WP-Appbox plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1471 (In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe
print fu ...)
- TODO: check
+ NOT-FOR-US: Eclipse OMR
CVE-2025-1470 (In Eclipse OMR, from the initial contribution to version 0.4.0,
some O ...)
- TODO: check
+ NOT-FOR-US: Eclipse OMR
CVE-2025-1410 (The Events Calendar Made Simple \u2013 Pie Calendar plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1403 (Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker
to cause ...)
@@ -487,7 +487,7 @@ CVE-2025-1492 (Bundle Protocol and CBOR dissector crashes
in Wireshark 4.4.0 to
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20373
NOTE: CBOR Object Signing and Encryption (COSE) dissector introduced in
3.6.0rc0
CVE-2025-1293 (Hermes versions up to 0.4.0 improperly validated the JWT
provided when ...)
- TODO: check
+ NOT-FOR-US: Hashicorp Hermes
CVE-2025-1223 (An attacker can gain application privileges in order to perform
limite ...)
NOT-FOR-US: Citrix
CVE-2025-1222 (An attacker can gain application privileges in order to perform
limite ...)
@@ -728,7 +728,7 @@ CVE-2025-22919 (A reachable assertion in FFmpeg git-master
commit N-113007-g8d24
CVE-2025-22888 (Movable Type contains a stored cross-site scripting
vulnerability in t ...)
- movabletype-opensource <removed>
CVE-2025-22622 (Age Verification for your checkout page. Verify your
customer's identi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1448 (A vulnerability was found in Synway SMG Gateway Management
Software up ...)
NOT-FOR-US: Synway SMG Gateway Management Software
CVE-2025-1447 (A vulnerability was found in kasuganosoras Pigeon 1.0.177. It
has been ...)
@@ -831,7 +831,7 @@ CVE-2025-26058 (Webkul QloApps v1.6.1 exposes
authentication tokens in URLs duri
CVE-2025-25305 (Home Assistant Core is an open source home automation that
puts local ...)
NOT-FOR-US: Home Assistant Core
CVE-2025-25300 (smartbanner.js is a customizable smart app banner for iOS and
Android. ...)
- TODO: check
+ NOT-FOR-US: smartbanner.js
CVE-2025-25284 (The ZOO-Project is an open source processing platform,
released under ...)
NOT-FOR-US: ZOO-Project
CVE-2025-24895 (CIE.AspNetCore.Authentication is an AspNetCore Remote
Authenticator fo ...)
@@ -240154,7 +240154,7 @@ CVE-2022-28341
CVE-2022-28340
RESERVED
CVE-2022-28339 (Trend Micro HouseCall for Home Networks version 5.3.1302 and
below con ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-28338
RESERVED
CVE-2022-28337
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fba4aa427e55cb67741158d77c1ec77e41a0395c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fba4aa427e55cb67741158d77c1ec77e41a0395c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
