Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ad47f74 by Salvatore Bonaccorso at 2025-03-28T21:28:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,9 +97,9 @@ CVE-2025-31073 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-31010 (Cross-Site Request Forgery (CSRF) vulnerability in
ReichertBrothers Si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro
versions pr ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2025-30371 (Metabase is a business intelligence and embedded analytics
tool. Versi ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming
language. ...)
TODO: check
CVE-2025-2926 (A vulnerability was found in HDF5 up to 1.14.6 and classified
as probl ...)
@@ -111,13 +111,13 @@ CVE-2025-2924 (A vulnerability, which was classified as
problematic, was found i
CVE-2025-2923 (A vulnerability, which was classified as problematic, has been
found i ...)
TODO: check
CVE-2025-2922 (A vulnerability classified as problematic was found in Netis
WF-2404 1 ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2025-2921 (A vulnerability classified as critical has been found in Netis
WF-2404 ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2025-2920 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has
been rate ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2025-2919 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has
been decl ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2025-2917 (A vulnerability, which was classified as problematic, was found
in Che ...)
NOT-FOR-US: ChestnutCMS
CVE-2025-2916 (A vulnerability, which was classified as critical, has been
found in A ...)
@@ -161,33 +161,33 @@ CVE-2025-2861 (SaTECH BCU in its firmware version 2.1.3
uses the HTTP protocol.
CVE-2025-2860 (SaTECH BCU in its firmware version 2.1.3, allows an
authenticated atta ...)
NOT-FOR-US: SaTECH BCU
CVE-2025-2859 (An attacker with access to the network where the vulnerable
device is ...)
- TODO: check
+ NOT-FOR-US: saTECH BCU
CVE-2025-2858 (Privilege escalation vulnerability in the saTECH BCU firmware
version ...)
- TODO: check
+ NOT-FOR-US: saTECH BCU
CVE-2025-2815 (The Administrator Z plugin for WordPress is vulnerable to
unauthorized ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2713 (Google gVisor's runsc component exhibited a local privilege
escalation ...)
TODO: check
CVE-2025-29928 (authentik is an open-source identity provider. Prior to
versions 2024. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2025-28221 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in
the set ...)
NOT-FOR-US: Tenda
CVE-2025-28220 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in
the set ...)
NOT-FOR-US: Tenda
CVE-2025-28219 (Netgear DC112A V1.0.0.64 has an OS command injection
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-27932 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27726 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27718 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27716 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27574 (Cross-site scripting vulnerability exists in the USB storage
file-shar ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27567 (Cross-site scripting vulnerability exists in the NickName
registration ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27001 (Insertion of Sensitive Information Into Sent Data
vulnerability in Shi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22767 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -213,7 +213,7 @@ CVE-2025-1705 (The tagDiv Composer plugin for WordPress is
vulnerable to Cross-S
CVE-2025-0986 (IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and
FW1060.00 throu ...)
NOT-FOR-US: IBM
CVE-2024-7407 (Use of a custom password encoding algorithmin Streamsoft
Presti\u017c ...)
- TODO: check
+ NOT-FOR-US: Streamsoft
CVE-2024-54362 (Path Traversal vulnerability in NotFound GetShop ecommerce
allows Path ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-54291 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -223,9 +223,9 @@ CVE-2024-51624 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2024-48615 (Null Pointer Dereference vulnerability in libarchive 3.7.6 and
earlier ...)
TODO: check
CVE-2024-39311 (Publify is a self hosted Web publishing platform on Rails.
Prior to ve ...)
- TODO: check
+ NOT-FOR-US: Publify
CVE-2024-11504 (Input from multiple fields inStreamsoft Presti\u017c is not
sanitized ...)
- TODO: check
+ NOT-FOR-US: Streamsoft
CVE-2025-31101 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31092 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ad47f74d86716dcb6d750a453096e1594bf587f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ad47f74d86716dcb6d750a453096e1594bf587f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
