Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b071d1c6 by Salvatore Bonaccorso at 2025-04-14T22:24:09+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
CVE-2025-3587 (A vulnerability classified as critical was found in
ZeroWdd/code-proje ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3585 (A vulnerability classified as critical has been found in
westboy Cicad ...)
- TODO: check
+ NOT-FOR-US: CicadasCMS
CVE-2025-3571 (A vulnerability was found in Fannuo Enterprise Content
Management Syst ...)
- TODO: check
+ NOT-FOR-US: Fannuo Enterprise Content Management System
CVE-2025-3570 (A vulnerability was found in JamesZBL/code-projects
db-hospital-drug 1 ...)
NOT-FOR-US: code-projects
CVE-2025-3569 (A vulnerability was found in JamesZBL/code-projects
db-hospital-drug 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3568 (A vulnerability has been found in Webkul Krayin CRM up to 2.1.0
and cl ...)
- TODO: check
+ NOT-FOR-US: Webkul Krayin CRM
CVE-2025-3567 (A vulnerability, which was classified as problematic, was found
in vea ...)
- TODO: check
+ NOT-FOR-US: veal98
CVE-2025-3566 (A vulnerability, which was classified as critical, has been
found in v ...)
- TODO: check
+ NOT-FOR-US: veal98
CVE-2025-3565 (A vulnerability classified as critical was found in
huanfenz/code-proj ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3564 (A vulnerability classified as problematic has been found in
huanfenz/c ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3563 (A vulnerability was found in WuzhiCMS 4.1. It has been rated as
critic ...)
- TODO: check
+ NOT-FOR-US: WuzhiCMS
CVE-2025-3562 (A vulnerability was found in Yonyou YonBIP MA2.7. It has been
declared ...)
- TODO: check
+ NOT-FOR-US: Yonyou YonBIP
CVE-2025-3561 (A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It
has been ...)
- TODO: check
+ NOT-FOR-US: ghostxbh uzy-ssm-mall
CVE-2025-3560 (A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and
classifie ...)
- TODO: check
+ NOT-FOR-US: ghostxbh uzy-ssm-mall
CVE-2025-3559 (A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0
and clas ...)
- TODO: check
+ NOT-FOR-US: ghostxbh uzy-ssm-mall
CVE-2025-3558 (A vulnerability, which was classified as critical, was found in
ghostx ...)
- TODO: check
+ NOT-FOR-US: ghostxbh uzy-ssm-mall
CVE-2025-3557 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: ScriptAndTools eCommerce-website-in-PHP
CVE-2025-3277 (An integer overflow can be triggered in SQLite\u2019s
`concat_ws()` fu ...)
TODO: check
CVE-2025-32931 (DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later
is used, ...)
- TODO: check
+ NOT-FOR-US: DevDojo Voyager
CVE-2025-32930
REJECTED
CVE-2025-32914 (A flaw was found in libsoup, where the
soup_multipart_new_from_message ...)
@@ -61,45 +61,45 @@ CVE-2025-2475 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x
<= 10.4.3, 9.11.x <=
CVE-2025-2424 (Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to
check i ...)
TODO: check
CVE-2025-2161 (Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by
an XSS ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-2160 (Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by
an XSS ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-29720 (Dify v1.0 was discovered to contain a Server-Side Request
Forgery (SSR ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-27009 (Cross-Site Request Forgery (CSRF) vulnerability in wphocus My
auctions ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22373 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: SicommNet BASEC
CVE-2025-22372 (Insufficiently Protected Credentials vulnerability in
SicommNet BASEC ...)
- TODO: check
+ NOT-FOR-US: SicommNet BASEC
CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: SicommNet BASEC
CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language
form el ...)
TODO: check
CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation
for Clou ...)
NOT-FOR-US: IBM
CVE-2024-49709 (Internet Starter, one of SoftCOM iKSORIS system modules,allows
for set ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-49708 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-49707 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-49706 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-49705 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-13598 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-13597 (Internet Starter, one of SoftCOMiKSORIS system modules,is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-10090 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-10089 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-10088 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-10087 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2025-3572 (SmartRobot from INTUMIT has a Server-Side Request Forgery
vulnerabilit ...)
NOT-FOR-US: INTUMIT
CVE-2025-3556 (A vulnerability classified as problematic was found in
ScriptAndTools ...)
@@ -149,7 +149,7 @@ CVE-2025-3445 (A Path Traversal "Zip Slip" vulnerability
has been identified in
CVE-2025-32093 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x
<= 9.11 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-30516 (Mattermost Mobile Apps versions <=2.25.0 fail to terminate
sessions du ...)
- TODO: check
+ NOT-FOR-US: Mattermost Mobile Apps
CVE-2025-2563 (The User Registration & Membership WordPress plugin before
4.1.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9230 (The PowerPress Podcasting plugin by Blubrry WordPress plugin
before 11 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b071d1c688b0c0f797da17ba4c4e98b8ab3dd30e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b071d1c688b0c0f797da17ba4c4e98b8ab3dd30e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
