Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee6212fe by Salvatore Bonaccorso at 2025-03-27T22:09:32+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -273,9 +273,9 @@ CVE-2025-30362 (WeGIA is a Web manager for charitable
institutions. A stored Cro
CVE-2025-30361 (WeGIA is a Web manager for charitable institutions. A security
vulnera ...)
NOT-FOR-US: WeGIA
CVE-2025-30358 (Mesop is a Python-based UI framework that allows users to
build web ap ...)
- TODO: check
+ NOT-FOR-US: Mesop
CVE-2025-30221 (Pitchfork is a preforking HTTP server for Rack applications.
Versions ...)
- TODO: check
+ NOT-FOR-US: Pitchfork
CVE-2025-30093 (HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22,
24.0.x before ...)
TODO: check
CVE-2025-2867 (An issue has been discovered in the GitLab Duo with Amazon Q
affecting ...)
@@ -283,7 +283,7 @@ CVE-2025-2867 (An issue has been discovered in the GitLab
Duo with Amazon Q affe
CVE-2025-2857 (Following the recent Chrome sandbox escape (CVE-2025-2783),
various Fi ...)
TODO: check
CVE-2025-2855 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: elunez eladmin
CVE-2025-2854 (A vulnerability classified as critical was found in
code-projects Payr ...)
NOT-FOR-US: code-projects
CVE-2025-2852 (A vulnerability has been found in SourceCodester Food Ordering
Managem ...)
@@ -295,7 +295,7 @@ CVE-2025-2847 (A vulnerability, which was classified as
critical, has been found
CVE-2025-2846 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
NOT-FOR-US: SourceCodester
CVE-2025-2516 (The use of a weak cryptographic key pair in the signature
verification ...)
- TODO: check
+ NOT-FOR-US: WPS Office (Kingsoft)
CVE-2025-29993 (The affected versions of PowerCMS allow HTTP header injection.
This vu ...)
NOT-FOR-US: PowerCMS
CVE-2025-29497 (libming v0.4.8 was discovered to contain a memory leak via the
parseSW ...)
@@ -343,13 +343,13 @@ CVE-2025-29483 (libming v0.4.8 was discovered to contain
a memory leak via the p
CVE-2025-29306 (An issue in FoxCMS v.1.2.5 allows a remote attacker to execute
arbitra ...)
NOT-FOR-US: FoxCMS
CVE-2025-29072 (An integer overflow in Nethermind Juno before v.12.05 within
the Sierr ...)
- TODO: check
+ NOT-FOR-US: Nethermind Juno
CVE-2025-28138 (TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote
command execu ...)
NOT-FOR-US: TOTOLINK
CVE-2025-28135 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a
buffer o ...)
NOT-FOR-US: TOTOLINK
CVE-2025-27793 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2025-26909 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26762 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -367,11 +367,11 @@ CVE-2025-26732 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-26731 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26619 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2025-26265 (A segmentation fault in openairinterface5g v2.1.0 allows
attackers to ...)
TODO: check
CVE-2025-25686 (semcms <=5.0 is vulnerable to SQL Injection in
SEMCMS_Fuction.php.)
- TODO: check
+ NOT-FOR-US: semcms
CVE-2025-25100 (Cross-Site Request Forgery (CSRF) vulnerability in victoracano
Cazamba ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-25086 (Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper
Secret ...)
@@ -383,7 +383,7 @@ CVE-2025-22783 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-22770 (Missing Authorization vulnerability in EnvoThemes Envo
Multipurpose al ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22673 (Missing Authorization vulnerability in WPFactory EAN for
WooCommerce a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22672 (Server-Side Request Forgery (SSRF) vulnerability in
SuitePlugins Video ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22671 (Missing Authorization vulnerability in Leap13 Disable
Elementor Editor ...)
@@ -441,11 +441,11 @@ CVE-2025-1997 (IBM UrbanCode Deploy (UCD) 7.0 through
7.0.5.25, 7.1 through 7.1.
CVE-2024-56469 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through
7.2.3.15, ...)
NOT-FOR-US: IBM
CVE-2024-55073 (A Broken Object Level Authorization vulnerability in the
component /ap ...)
- TODO: check
+ NOT-FOR-US: hay-kot mealie
CVE-2024-55072 (A Broken Object Level Authorization vulnerability in the
component /ap ...)
- TODO: check
+ NOT-FOR-US: hay-kot mealie
CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the
component /ho ...)
- TODO: check
+ NOT-FOR-US: hay-kot mealie
CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link
Following") and ...)
TODO: check
CVE-2023-38272 (IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4,
2.3.3.5 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee6212fe186d506b7da9059b0a1805c16c3d18d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee6212fe186d506b7da9059b0a1805c16c3d18d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
