Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1609789a by Moritz Muehlenhoff at 2025-03-20T13:34:31+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2025-27774 (Applio is a voice conversion tool. Versions
3.2.7 and prior are
CVE-2025-26816 (A vulnerability in Intrexx Portal Server 12.0.2 and earlier
which was ...)
NOT-FOR-US: Intrexx Portal Server
CVE-2025-22228 (BCryptPasswordEncoder.matches(CharSequence,String)will
incorrectly ret ...)
- TODO: check
+ - libspring-security-2.0-java <removed>
CVE-2025-1770 (The Event Manager, Events Calendar, Tickets, Registrations
\u2013 Even ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1766 (The Event Manager, Events Calendar, Tickets, Registrations
\u2013 Even ...)
@@ -49,7 +49,7 @@ CVE-2025-1385 (When the library bridge feature is enabled,
the clickhouse-librar
CVE-2025-1314 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed
Widget plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55009 (A reflected cross-site scripting (XSS) vulnerability in
AutoBib - Bibl ...)
- TODO: check
+ NOT-FOR-US: AutoBib
CVE-2024-13881 (The Link My Posts WordPress plugin through 1.0 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13880 (The My Quota WordPress plugin through 1.0.8 does not sanitise
and esca ...)
@@ -63,7 +63,7 @@ CVE-2024-13876 (The mEintopf WordPress plugin through 0.2.1
does not sanitise an
CVE-2024-13875 (The WP-PManager WordPress plugin through 1.2 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12016 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: CM Informatics CM News
CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a
certificate with ...)
- gnupg2 <unfixed>
NOTE:
https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
@@ -81,7 +81,7 @@ CVE-2025-30153 (kin-openapi is a Go project for handling
OpenAPI files. Prior to
CVE-2025-30152 (The Syliud PayPal Plugin is the Sylius Core Team\u2019s plugin
for the ...)
NOT-FOR-US: Syliud PayPal plugin
CVE-2025-30144 (fast-jwt provides fast JSON Web Token (JWT) implementation.
Prior to 5 ...)
- TODO: check
+ NOT-FOR-US: Node fast-jwt
CVE-2025-2536 (Cross-site scripting (XSS) vulnerability on Liferay Portal
7.4.3.82 th ...)
NOT-FOR-US: Liferay
CVE-2025-2512 (The File Away plugin for WordPress is vulnerable to arbitrary
file upl ...)
@@ -136,7 +136,7 @@ CVE-2024-7631 (A flaw was found in the OpenShift Console,
an endpoint for plugin
CVE-2024-57061 (An issue in Termius Version 9.9.0 through v.9.16.0 allows a
physically ...)
NOT-FOR-US: Termius
CVE-2024-55551 (An issue was discovered in Exasol jdbc driver 24.2.0.
Attackers can in ...)
- TODO: check
+ NOT-FOR-US: Exasol JDBC driver
CVE-2024-53970 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
NOT-FOR-US: Adobe
CVE-2024-53969 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1609789afe47ccb9ac9c4bf2e4e45965e4fa5b60
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1609789afe47ccb9ac9c4bf2e4e45965e4fa5b60
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
