Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e4c9af4 by Moritz Muehlenhoff at 2025-04-03T22:17:34+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2025-3170 (A vulnerability classified as critical has
been found in Project
CVE-2025-3169 (A vulnerability was found in Projeqtor up to 12.0.2. It has
been rated ...)
TODO: check
CVE-2025-3168 (A vulnerability was found in PHPGurukul Time Table Generator
System 1. ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-3167 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-3166 (A vulnerability classified as critical was found in
code-projects Prod ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3165 (A vulnerability classified as critical has been found in
thu-pacman ch ...)
TODO: check
CVE-2025-3164 (A vulnerability was found in Tencent Music Entertainment
SuperSonic up ...)
@@ -33,7 +33,7 @@ CVE-2025-3163 (A vulnerability was found in InternLM LMDeploy
up to 0.7.1. It ha
CVE-2025-3162 (A vulnerability was found in InternLM LMDeploy up to 0.7.1. It
has bee ...)
TODO: check
CVE-2025-3161 (A vulnerability was found in Tenda AC10 16.03.10.13 and
classified as ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-3160 (A vulnerability has been found in Open Asset Import Library
Assimp 5.4 ...)
TODO: check
CVE-2025-3159 (A vulnerability, which was classified as critical, was found in
Open A ...)
@@ -55,77 +55,77 @@ CVE-2025-32050 (A flaw was found in libsoup. The libsoup
append_param_quoted() f
CVE-2025-32049 (A flaw was found in libsoup. The SoupWebsocketConnection may
accept a ...)
TODO: check
CVE-2025-31911 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31909 (Missing Authorization vulnerability in NotFound Apptivo
Business Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31907 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31905 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31903 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31902 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31901 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31900 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31899 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31898 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31896 (Missing Authorization vulnerability in istmoplugins
GetBookingsWP allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31893 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31876 (Missing Authorization vulnerability in gunnarpayday Payday
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31858 (Missing Authorization vulnerability in matthewrubin Local
Magic allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31841 (Missing Authorization vulnerability in Frank P. Walentynowicz
FPW Cate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31827 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31825 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31800 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31795 (Missing Authorization vulnerability in Plugin Devs Shopify to
WooComme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31794 (Missing Authorization vulnerability in Web Ready Now WR Price
List Man ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31789 (Missing Authorization vulnerability in Matat Technologies
TextMe SMS a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31768 (Missing Authorization vulnerability in OTWthemes Widget
Manager Light ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31758 (Missing Authorization vulnerability in BinaryCarpenter Free
Woocommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31746 (Missing Authorization vulnerability in Think201 Clients allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31739 (Missing Authorization vulnerability in Manuel Schmalstieg
Minimalistic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31736 (Missing Authorization vulnerability in richtexteditor Rich
Text Editor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31729 (Missing Authorization vulnerability in jeffikus WooTumblog
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31622 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31582 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31581 (Missing Authorization vulnerability in Sandeep Kumar WP Video
Playlist ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31558 (Insertion of Sensitive Information into Externally-Accessible
File or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31554 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31541 (Missing Authorization vulnerability in turitop TuriTop Booking
System ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31489 (MinIO is a High Performance Object Storage released under GNU
Affero G ...)
TODO: check
CVE-2025-31487 (The XWiki JIRA extension provides various integration points
between X ...)
@@ -139,13 +139,13 @@ CVE-2025-31483 (Miniflux is a feed reader. Due to a weak
Content Security Policy
CVE-2025-31481 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
TODO: check
CVE-2025-31468 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31467 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31442 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31436 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31161 (CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows
authentication b ...)
TODO: check
CVE-2025-31127 (Element X Android is a Matrix Android Client provided by
element.io. I ...)
@@ -159,19 +159,19 @@ CVE-2025-31098 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-31091 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-30916 (Missing Authorization vulnerability in enituretechnology
Residential A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30915 (Missing Authorization vulnerability in enituretechnology Small
Package ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30908 (Cross-Site Request Forgery (CSRF) vulnerability in Shamalli
Web Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30889 (Deserialization of Untrusted Data vulnerability in PickPlugins
Testimo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30858 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30616 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30611 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30596 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-30406 (Gladinet CentreStack through 16.1.10296.56315 (fixed in
16.4.10315.563 ...)
@@ -181,9 +181,9 @@ CVE-2025-2946 (pgAdmin <= 9.1 is affected by a security
vulnerability with Cross
CVE-2025-2945 (Remote Code Execution security vulnerability in pgAdmin 4
(Query Tool ...)
TODO: check
CVE-2025-2299 (The LuckyWP Table of Contents plugin for WordPress is
vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29987 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-29647 (SeaCMS v13.3 has a SQL injection vulnerability in the
component admin_ ...)
TODO: check
CVE-2025-29570 (An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
v3.2 al ...)
@@ -191,11 +191,11 @@ CVE-2025-29570 (An issue in Shenzhen Libituo Technology
Co., Ltd LBT-T300-T400 v
CVE-2025-29504 (Insecure Permission vulnerability in student-manage 1 allows a
local a ...)
TODO: check
CVE-2025-29462 (A buffer overflow vulnerability has been discovered in Tenda
Ac15 V15. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29369 (Code-Projects Matrimonial Site V1.0 is vulnerable to SQL
Injection in ...)
TODO: check
CVE-2025-29064 (An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a
remote atta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-26818 (Netwrix Password Secure through 9.2 allows command injection.)
TODO: check
CVE-2025-26817 (Netwrix Password Secure 9.2.0.32454 allows OS command
injection.)
@@ -213,15 +213,15 @@ CVE-2025-22927 (An issue in OS4ED openSIS v8.0 through
v9.1 allows attackers to
CVE-2025-22926 (An issue in OS4ED openSIS v8.0 through v9.1 allows attackers
to execut ...)
TODO: check
CVE-2025-22457 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-0272 (HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection.
This v ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-9416 (The Modula Image Gallery plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45198 (insightsoftware Spark JDBC 2.6.21 has a remote code execution
vulnerab ...)
TODO: check
CVE-2024-22611 (OpenEMR 7.0.2 is vulnerable to SQL Injection via
\openemr\library\clas ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2023-47639 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
TODO: check
CVE-2025-31115 (XZ Utils provide a general-purpose data-compression library
plus comma ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e4c9af419584a7a33dee30d637f7da914329f57
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e4c9af419584a7a33dee30d637f7da914329f57
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
