Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c105e0cb by Salvatore Bonaccorso at 2025-05-05T22:21:14+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2025-4316 (Improper access control in PAM feature in
Devolutions Server 2025
CVE-2025-4287 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been
rated as ...)
TODO: check
CVE-2025-4286 (A vulnerability was found in Intelbras InControl up to 2.21.59.
It has ...)
- TODO: check
+ NOT-FOR-US: Intelbras InControl
CVE-2025-4283 (A vulnerability was found in SourceCodester/oretnom23 Stock
Management ...)
NOT-FOR-US: SourceCodester
CVE-2025-4282 (A vulnerability has been found in SourceCodester/oretnom23
Stock Manag ...)
NOT-FOR-US: SourceCodester
CVE-2025-4281 (A vulnerability, which was classified as problematic, was found
in She ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Sixun Software Sixun Shanghui Group Business
Management System
CVE-2025-4279 (The External image replace plugin for WordPress is vulnerable
to arbit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4272 (A vulnerability was found in Mechrevo Control Console 1.0.2.70.
It has ...)
@@ -19,29 +19,29 @@ CVE-2025-4272 (A vulnerability was found in Mechrevo
Control Console 1.0.2.70. I
CVE-2025-47240
REJECTED
CVE-2025-46813 (Discourse is an open-source community platform. A data leak
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-46734 (league/commonmark is a PHP Markdown parser. A cross-site
scripting (XS ...)
TODO: check
CVE-2025-46731 (Craft is a content management system. Versions of Craft CMS on
the 4.x ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2025-46730 (MobSF is a mobile application security testing tool used.
Typically, M ...)
- TODO: check
+ NOT-FOR-US: MobSF
CVE-2025-46726 (Langroid is a framework for building
large-language-model-powered appl ...)
TODO: check
CVE-2025-46720 (Keystone is a content management system for Node.js. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Keystone CMS
CVE-2025-46719 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2025-46571 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2025-46559 (Misskey is an open source, federated social media platform.
Starting i ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2025-46553 (@misskey-dev/summaly is a tool for getting a summary of a web
page. St ...)
- TODO: check
+ NOT-FOR-US: misskey-dev/summaly
CVE-2025-46340 (Misskey is an open source, federated social media platform.
Starting i ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2025-46335 (Mobile Security Framework (MobSF) is a security research
platform for ...)
- TODO: check
+ NOT-FOR-US: Mobile Security Framework (MobSF)
CVE-2025-45751 (SourceCodester Web Based Pharmacy Product Management System
1.0 is vul ...)
NOT-FOR-US: SourceCodester
CVE-2025-45618 (Incorrect access control in the component
/admin/sys/datasource/ajaxLi ...)
@@ -69,19 +69,19 @@ CVE-2025-45608 (Incorrect access control in the
/system/user/findUserList API of
CVE-2025-45607 (An issue in the component /manage/ of itranswarp v2.19 allows
attacker ...)
TODO: check
CVE-2025-45322 (kashipara Online Service Management Portal V1.0 is vulnerable
to SQL I ...)
- TODO: check
+ NOT-FOR-US: kashipara Online Service Management Portal
CVE-2025-45321 (kashipara Online Service Management Portal V1.0 is vulnerable
to SQL I ...)
- TODO: check
+ NOT-FOR-US: kashipara Online Service Management Portal
CVE-2025-45320 (A Directory Listing Vulnerability was found in the
/osms/Requester/ di ...)
- TODO: check
+ NOT-FOR-US: kashipara Online Service Management Portal
CVE-2025-45242 (Rhymix v2.1.22 was discovered to contain an arbitrary file
deletion vu ...)
TODO: check
CVE-2025-45240 (foxcms v1.2.5 was discovered to contain a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: foxcms
CVE-2025-45239 (An issue in the restores method (DataBackup.php) of foxcms
v2.0.6 allo ...)
- TODO: check
+ NOT-FOR-US: foxcms
CVE-2025-45238 (foxcms v1.2.5 was discovered to contain an arbitrary file
deletion vul ...)
- TODO: check
+ NOT-FOR-US: foxcms
CVE-2025-45237 (Incorrect access control in the component /config/download of
DBSyncer ...)
TODO: check
CVE-2025-45236 (A stored cross-site scripting (XSS) vulnerability in the Edit
Profile ...)
@@ -89,7 +89,7 @@ CVE-2025-45236 (A stored cross-site scripting (XSS)
vulnerability in the Edit Pr
CVE-2025-45042 (Tenda AC9 v15.03.05.14 was discovered to contain a command
injection v ...)
NOT-FOR-US: Tenda
CVE-2025-43915 (In Buoyant Edge releases before edge-25.2.1 and Enterprise for
Linkerd ...)
- TODO: check
+ NOT-FOR-US: Buoyant Edge
CVE-2025-43852 (Retrieval-based-Voice-Conversion-WebUI is a voice changing
framework b ...)
TODO: check
CVE-2025-43851 (Retrieval-based-Voice-Conversion-WebUI is a voice changing
framework b ...)
@@ -115,7 +115,7 @@ CVE-2025-43842 (Retrieval-based-Voice-Conversion-WebUI is a
voice changing frame
CVE-2025-2905 (An XML External Entity (XXE) vulnerability exists in the
gateway compo ...)
TODO: check
CVE-2025-29573 (Cross-Site Scripting (XSS) vulnerability exists in Mezzanine
CMS 6.0.0 ...)
- TODO: check
+ NOT-FOR-US: Mezzanine CMS
CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0 is vulnerable to
Unrestricted ...)
TODO: check
CVE-2025-28062 (A Cross-Site Request Forgery (CSRF) vulnerability was
discovered in ER ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c105e0cb70fcb39ac2eee2dd1ee1e16fe3a3edd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c105e0cb70fcb39ac2eee2dd1ee1e16fe3a3edd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
