Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
899e4a92 by Moritz Muehlenhoff at 2025-04-16T15:04:14+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,39 +27,39 @@ CVE-2025-3077 (The Betheme theme for WordPress is
vulnerable to Stored Cross-Sit
CVE-2025-32923 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32784 (conda-forge-webservices is the web app deployed to run
conda-forge adm ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-32782 (Ash Authentication provides authentication for the Ash
framework. The ...)
- TODO: check
+ NOT-FOR-US: Ash Authentication
CVE-2025-32778 (Web-Check is an all-in-one OSINT tool for analyzing any
website. A com ...)
- TODO: check
+ NOT-FOR-US: Web-Check
CVE-2025-32435 (Hydra is a Continuous Integration service for Nix based
projects. Eval ...)
- TODO: check
+ NOT-FOR-US: Hydra
CVE-2025-32388 (SvelteKit is a framework for rapidly developing robust,
performant web ...)
- TODO: check
+ NOT-FOR-US: SvelteKit
CVE-2025-32385 (EspoCRM is an Open Source Customer Relationship Management
software. P ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2025-32021 (Weblate is a web based localization tool. Prior to version
5.11, when ...)
- TODO: check
+ - weblate <itp> (bug #745661)
CVE-2025-31950 (An unauthenticated attacker can obtain EV charger energy
consumption i ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-31949 (An authenticated attacker can obtain any plant name by knowing
the pla ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-31945 (An unauthenticated attacker can obtain other users' charger
informatio ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-31941 (An unauthenticated attacker can obtain a list of smart devices
by know ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-31933 (An unauthenticated attacker can check the existence of
usernames in th ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-31654 (An attacker can get information about the groups of the smart
home dev ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-31499 (Jellyfin is an open source self hosted media server. Versions
before 1 ...)
- TODO: check
+ - jellyfin <itp> (bug #994189)
CVE-2025-31360 (Unauthenticated attackers can trigger device actions
associated with s ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-31357 (An unauthenticated attacker can obtain a user's plant list by
knowing ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-31147 (Unauthenticated attackers can query information about total
energy con ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-30984 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30982 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -185,17 +185,17 @@ CVE-2025-30682 (Vulnerability in the MySQL Server product
of Oracle MySQL (compo
CVE-2025-30681 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2025-30514 (Unauthenticated attackers can obtain restricted information
about a us ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-30512 (Unauthenticated attackers can send configuration settings to
device an ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-30511 (An authenticated attacker can achieve stored XSS by exploiting
imprope ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-30510 (An attacker can upload an arbitrary file instead of a plant
image.)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-30257 (Unauthenticated attackers can retrieve serial number of smart
meters a ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-30254 (An unauthenticated attacker can obtain a serial number of a
smart mete ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-30100 (Dell Alienware Command Center 6.x, versions prior to 6.7.37.0
contain ...)
NOT-FOR-US: Dell / EMC
CVE-2025-2497 (A maliciously crafted DWG file, when parsed through Autodesk
Revit, ca ...)
@@ -205,39 +205,39 @@ CVE-2025-2314 (The User Profile Builder \u2013 Beautiful
User Registration Forms
CVE-2025-29471 (Cross Site Scripting vulnerability in Nagios Log Server
v.2024R1.3.1 a ...)
TODO: check
CVE-2025-27939 (An attacker can change registered email addresses of other
users and t ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27938 (Unauthenticated attackers can obtain restricted information
about a us ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27929 (Unauthenticated attackers can retrieve full list of users
associated w ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27927 (An unauthenticated attackers can obtain a list of smart
devices by kno ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27892 (Shopware prior to version 6.5.8.13 is affected by a SQL
injection vuln ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2025-27719 (Unauthenticated attackers can query an API endpoint and get
device det ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27575 (An unauthenticated attacker can obtain EV charger version and
firmware ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27571 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x
<= 9.11 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-27568 (An unauthenticated attacker can get users' emails by knowing
usernames ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27565 (An unauthenticated attacker can delete any user's "rooms" by
knowing t ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27561 (Unauthenticated attackers can rename "rooms" of arbitrary
users.)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-27538 (Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to
enforce ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2025-27011 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-27008 (Missing Authorization vulnerability in NotFound Unlimited
Timeline all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26998 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26996 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26953 (Missing Authorization vulnerability in NotFound JetMenu allows
Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26951 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26950 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -277,9 +277,9 @@ CVE-2025-25458 (Tenda AC10 V4.0si_V16.03.10.20 is
vulnerable to Buffer Overflow
CVE-2025-25453 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer
Overflow in Adv ...)
NOT-FOR-US: Tenda
CVE-2025-25276 (An unauthenticated attacker can hijack other users' devices
and potent ...)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-24850 (An attacker can export other users' plant information.)
- TODO: check
+ NOT-FOR-US: Growatt Cloud portal
CVE-2025-24839 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x
<= 9.11 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-24487 (An unauthenticated attacker can infer the existence of
usernames in th ...)
@@ -341,7 +341,7 @@ CVE-2025-1274 (A maliciously crafted RCS file, when parsed
through Autodesk Revi
CVE-2025-1273 (A maliciously crafted PDF file, when linked or imported into
Autodesk ...)
NOT-FOR-US: Autodesk
CVE-2025-0101 (A low privileged user can set the date of the devices to the
19th of J ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2024-49200 (An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in
Insyde I ...)
NOT-FOR-US: InsydeH2O
CVE-2024-44843 (An issue in the web socket handshake process of SteVe v3.7.1
allows at ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/899e4a926db3e4d9bc3e399989b4a42c4615cdb6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/899e4a926db3e4d9bc3e399989b4a42c4615cdb6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
