Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b696f84e by Moritz Muehlenhoff at 2025-03-28T09:32:34+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,17 +5,17 @@ CVE-2025-31092 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-31031 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-2894 (The Go1also known as "The World's First Intelligence Bionic
Quadruped ...)
- TODO: check
+ NOT-FOR-US: Unitree Go1
CVE-2025-2888 (During a snapshot rollback, the client incorrectly caches the
timestam ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-2887 (During a target rollback, the client fails to detect the
rollback for ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-2886 (Missing validation of terminating delegation causes the client
to cont ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-2885 (Missing validation of the root metatdata version number could
allow an ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-2878 (A vulnerability was found in Kentico CMS up to 13.0.178. It has
been d ...)
- TODO: check
+ NOT-FOR-US: Kentico CMS
CVE-2025-2804 (The tagDiv Composer plugin for WordPress, used by the Newspaper
theme, ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2578 (The Booking for Appointments and Events Calendar – Amelia
plugin ...)
@@ -29,9 +29,9 @@ CVE-2025-2294 (The Kubio AI Page Builder plugin for WordPress
is vulnerable to L
CVE-2025-2074 (The Advanced Google reCAPTCHA plugin for WordPress is
vulnerable to ge ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2027 (A double free vulnerability has been identified in the ASUS
System Ana ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-28253 (Cross-Site Scripting (XSS) vulnerability in MainWP MainWP
Dashboard v5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26956 (Missing Authorization vulnerability in Shinetheme
Traveler.This issue ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26898 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -372,7 +372,7 @@ CVE-2025-30093 (HTCondor 23.0.x before 23.0.22, 23.10.x
before 23.10.22, 24.0.x
- condor <unfixed>
NOTE:
https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html
CVE-2025-2867 (An issue has been discovered in the GitLab Duo with Amazon Q
affecting ...)
- TODO: check
+ NOT-FOR-US: GitLab Duo with Amazon Q
CVE-2025-2857 (Following the recent Chrome sandbox escape (CVE-2025-2783),
various Fi ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
@@ -466,7 +466,7 @@ CVE-2025-26731 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-26619 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
NOT-FOR-US: Vega
CVE-2025-26265 (A segmentation fault in openairinterface5g v2.1.0 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: openairinterface5g
CVE-2025-25686 (semcms <=5.0 is vulnerable to SQL Injection in
SEMCMS_Fuction.php.)
NOT-FOR-US: semcms
CVE-2025-25100 (Cross-Site Request Forgery (CSRF) vulnerability in victoracano
Cazamba ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b696f84e1a8481caee22249d2ed26af3cc2ad73e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b696f84e1a8481caee22249d2ed26af3cc2ad73e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
