Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
641c9063 by Salvatore Bonaccorso at 2025-04-15T22:14:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-3618 (A denial-of-service vulnerability exists in the Rockwell
Automation Th ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3617 (A privilege escalation vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-3608 (A race condition existed in nsHttpTransaction that could have
been exp ...)
TODO: check
CVE-2025-3579 (In versions prior to Aidex 1.7, an authenticated malicious
user, takin ...)
@@ -33,7 +33,7 @@ CVE-2025-32944 (The vulnerability allows any authenticated
user to cause the Pee
CVE-2025-32943 (The vulnerability allows any authenticated user to leak the
contents o ...)
TODO: check
CVE-2025-32929 (Missing Authorization vulnerability in Dmitry V. (CEO of "UKR
Solution ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32780 (BleachBit cleans files to free disk space and to maintain
privacy. Ble ...)
TODO: check
CVE-2025-32779 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to
connect ...)
@@ -55,21 +55,21 @@ CVE-2025-32012 (Jellyfin is an open source self hosted
media server. In versions
CVE-2025-31497 (TEIGarage is a webservice and RESTful service to transform,
convert an ...)
TODO: check
CVE-2025-31011 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30985 (Deserialization of Untrusted Data vulnerability in NotFound
GNUCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30965 (Cross-Site Request Forgery (CSRF) vulnerability in NotFound
WPJobBoard ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30964 (Server-Side Request Forgery (SSRF) vulnerability in EPC
Photography. T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30962 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30206 (Dpanel is a Docker visualization panel system which provides
complete ...)
TODO: check
CVE-2025-2567 (An attacker could modify or disable settings, disrupt fuel
monitoring ...)
TODO: check
CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29817 (Uncontrolled search path element in Power Automate allows an
authorize ...)
TODO: check
CVE-2025-29705 (code-gen <=2.0.6 is vulnerable to Incorrect Access Control.
The projec ...)
@@ -103,37 +103,37 @@ CVE-2025-27980 (cashbook v4.0.3 has an arbitrary file
read vulnerability in /api
CVE-2025-27791 (Collabora Online is a collaborative online office suite based
on Libre ...)
TODO: check
CVE-2025-26992 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26990 (Server-Side Request Forgery (SSRF) vulnerability in WP Royal
Royal Ele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26982 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26959 (Missing Authorization vulnerability in Qu\xfd L\xea 91
Administrator Z ...)
TODO: check
CVE-2025-26958 (Missing Authorization vulnerability in NotFound JetBlog allows
Accessi ...)
TODO: check
CVE-2025-26955 (Missing Authorization vulnerability in VW Themes Industrial
Lite allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26954 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26944 (Missing Authorization vulnerability in NotFound JetPopup
allows Access ...)
TODO: check
CVE-2025-26942 (Missing Authorization vulnerability in NotFound JetTricks
allows Acces ...)
TODO: check
CVE-2025-26894 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26889 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26745 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26744 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26743 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26741 (Missing Authorization vulnerability in AWEOS GmbH Email
Notifications ...)
TODO: check
CVE-2025-25456 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer
Overflow in Adv ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-24949 (In JotUrl 2.0, is possible to bypass security requirements
during the ...)
TODO: check
CVE-2025-24948 (In JotUrl 2.0, passwords are sent via HTTP GET-type requests,
potentia ...)
@@ -147,19 +147,19 @@ CVE-2025-22900 (Totolink N600R v4.3.0cu.7647_B20210106
was discovered to contain
CVE-2025-1688 (Milestone Systems has discovered a security vulnerability in
Milestone ...)
TODO: check
CVE-2025-1292 (Out-Of-Bounds Write in TPM2 Reference Library in Google
ChromeOS 122.0 ...)
- TODO: check
+ NOT-FOR-US: ChromeOS
CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google
ChromeOS 122.0 ...)
- TODO: check
+ NOT-FOR-US: ChromeOS
CVE-2024-50960 (A command injection vulnerability in the Nmap diagnostic tool
in the a ...)
TODO: check
CVE-2024-45712 (SolarWinds Serv-U is vulnerable to a client-side cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-42200 (HCL BigFix Web Reports might be subject to a Stored Cross-Site
Scripti ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42193 (HCL BigFix Web Reports' service communicates over HTTPS but
exhibits a ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-42189 (HCL BigFix Web Reports might be subject to a Denial of Service
(DoS) a ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-36842 (An issue in Oncord+ Android Infotainment Systems OS Android
12, Model ...)
TODO: check
CVE-2024-13177 (Netskope Client on Mac OS is impacted by a vulnerability in
which the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/641c906314e551cd25f96f4fbea04ca53695cc90
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/641c906314e551cd25f96f4fbea04ca53695cc90
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
