Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
33e50c12 by Salvatore Bonaccorso at 2025-04-08T20:54:09+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1004,7 +1004,7 @@ CVE-2025-32113 (Cross-Site Request Forgery (CSRF)
vulnerability in Renzo Tejada
CVE-2025-32112 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes
Sidebar M ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31480 (aiven-extras is a PostgreSQL extension. This is a privilege
escalation ...)
- TODO: check
+ NOT-FOR-US: aiven-extras PostgreSQL extension
CVE-2025-31421 (Insertion of Sensitive Information into Externally-Accessible
File or ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31420 (Incorrect Privilege Assignment vulnerability in Tomdever
wpForo Forum ...)
@@ -1056,7 +1056,7 @@ CVE-2025-22282 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-22281 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-1865 (The kernel driver, accessible to low-privileged users, exposes
a funct ...)
- TODO: check
+ NOT-FOR-US: Virtual CloneDrive
CVE-2025-0468 (Software installed and run as a non-privileged user may conduct
improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2024-51800 (Incorrect Privilege Assignment vulnerability in Favethemes
Homey allow ...)
@@ -1103,7 +1103,7 @@ CVE-2025-3198 (A vulnerability has been found in GNU
Binutils 2.43/2.44 and clas
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d
NOTE: binutils not covered by security support
CVE-2025-3197 (Versions of the package expand-object from 0.0.0 are vulnerable
to Pro ...)
- TODO: check
+ NOT-FOR-US: expand-object Nodejs module
CVE-2025-3196 (A vulnerability, which was classified as critical, was found in
Open A ...)
- assimp <unfixed> (bug #1102207)
[bookworm] - assimp <no-dsa> (Minor issue)
@@ -1112,11 +1112,11 @@ CVE-2025-3196 (A vulnerability, which was classified as
critical, was found in O
CVE-2025-3195 (A vulnerability, which was classified as critical, has been
found in i ...)
NOT-FOR-US: itsourcecode System
CVE-2025-3194 (Versions of the package bigint-buffer from 0.0.0 are vulnerable
to Buf ...)
- TODO: check
+ NOT-FOR-US: bigint-buffer Node.js module
CVE-2025-3192 (Versions of the package spatie/browsershot from 0.0.0 are
vulnerable t ...)
NOT-FOR-US: spatie/browsershot
CVE-2025-3191 (All versions of the package react-draft-wysiwyg are vulnerable
to Cros ...)
- TODO: check
+ NOT-FOR-US: react-draft-wysiwyg
CVE-2025-3188 (A vulnerability classified as critical has been found in
PHPGurukul e- ...)
NOT-FOR-US: PHPGurukul
CVE-2025-3187 (A vulnerability was found in PHPGurukul e-Diary Management
System 1.0. ...)
@@ -1198,7 +1198,7 @@ CVE-2024-47213 (An issue was discovered affecting Enrich
5.1.0 and below. It inv
CVE-2024-47212 (An issue was discovered in Iglu Server 0.13.0 and below. It
involves s ...)
NOT-FOR-US: Iglu Server
CVE-2024-45199 (insightsoftware Hive JDBC through 2.6.13 has a remote code
execution v ...)
- TODO: check
+ NOT-FOR-US: insightsoftware Hive JDBC
CVE-2024-42208 (HCL Connections is vulnerable to an information disclosure
vulnerabili ...)
NOT-FOR-US: HCL
CVE-2024-13898 (The Simple Banner \u2013 Easily add multiple
Banners/Bars/Notification ...)
@@ -185355,7 +185355,7 @@ CVE-2023-22329 (Improper input validation in the BIOS
firmware for some Intel(R)
CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
NOT-FOR-US: Kron Tech Single Connect
CVE-2023-0881 (Running DDoS on tcp port 22 will trigger a kernel crash. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Ubuntu linux-bluefield specific backporting issue
CVE-2023-0880 (Misinterpretation of Input in GitHub repository
thorsten/phpmyfaq prio ...)
NOT-FOR-US: phpmyfaq
CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33e50c12ab29e66d445329cff2e4657672fc4170
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33e50c12ab29e66d445329cff2e4657672fc4170
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
