Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfdd852d by Salvatore Bonaccorso at 2025-08-02T00:31:24+02:00
Associate some NFUs with itp'ed entry for freshrss
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17511,7 +17511,7 @@ CVE-2025-49007 (Rack is a modular Ruby web server
interface. Starting in version
CVE-2025-48947 (The Auth0 Next.js SDK is a library for implementing user
authenticatio ...)
NOT-FOR-US: Next.js
CVE-2025-46341 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2025-3055 (The WP User Frontend Pro plugin for WordPress is vulnerable to
arbitra ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3054 (The WP User Frontend Pro plugin for WordPress is vulnerable to
arbitra ...)
@@ -17591,7 +17591,7 @@ CVE-2025-48888 (Deno is a JavaScript, TypeScript, and
WebAssembly runtime. Start
CVE-2025-47728 (Delta Electronics CNCSoft-G2lacks proper validation of the
user-suppli ...)
NOT-FOR-US: Delta Electronics
CVE-2025-46339 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to
escalate ...)
NOT-FOR-US: Unifiedtransform
CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to
escalate ...)
@@ -17599,13 +17599,13 @@ CVE-2025-46203 (An issue in Unifiedtransform v2.0
allows a remote attacker to es
CVE-2025-46011 (Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL
Injection in th ...)
NOT-FOR-US: Listmonk
CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2025-31482 (FreshRSS is a self-hosted RSS feed aggregator. A vulnerability
in vers ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2025-31136 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2025-30415 (Denial of service due to improper handling of malformed input.
The fol ...)
NOT-FOR-US: Acronis
CVE-2025-2336 (Improper sanitization of the value of the 'href' and
'xlink:href' attr ...)
@@ -232821,7 +232821,7 @@ CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark,
a CommonMark parsing and re
CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-22481 (FreshRSS is a self-hosted RSS feed aggregator. When using the
greader ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused
on help ...)
NOT-FOR-US: KubeOperator
CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack
allows ...)
@@ -309461,7 +309461,7 @@ CVE-2022-23499 (HTML sanitizer is written in PHP,
aiming to provide XSS-safe mar
CVE-2022-23498 (Grafana is an open-source platform for monitoring and
observability. W ...)
- grafana <not-affected> (Specific to Grafana Enterprise)
CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User
configuration f ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that
tries to ...)
NOT-FOR-US: Yet Another UserAgent Analyzer (Yauaa)
CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds
two ipld n ...)
@@ -522547,7 +522547,7 @@ CVE-2018-19784 (The str_rot_pass function in
vendor/atholn1600/php-proxy/src/hel
CVE-2018-19783 (Kentix MultiSensor-LAN 5.63.00 devices and previous allow
Authenticati ...)
NOT-FOR-US: Kentix MultiSensor-LAN
CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET
requests in ...)
- NOT-FOR-US: FreshRSS
+ - freshrss <itp> (bug #1032767)
CVE-2018-19781
RESERVED
CVE-2018-19780
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfdd852dfeb0d3a7084a1954f41cc59eb3b196e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfdd852dfeb0d3a7084a1954f41cc59eb3b196e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
