Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a667b18 by Salvatore Bonaccorso at 2025-02-21T09:38:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
CVE-2025-27100 (lakeFS is an open-source tool that transforms your object
storage into ...)
- TODO: check
+ NOT-FOR-US: lakeFS
CVE-2025-27098 (GraphQL Mesh is a GraphQL Federation framework and gateway for
both Gr ...)
- TODO: check
+ NOT-FOR-US: GraphQL Mesh
CVE-2025-27097 (GraphQL Mesh is a GraphQL Federation framework and gateway for
both Gr ...)
- TODO: check
+ NOT-FOR-US: GraphQL Mesh
CVE-2025-27088 (oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In
affected vers ...)
- TODO: check
+ NOT-FOR-US: oxyno-zeta/s3-proxy
CVE-2025-25960 (Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: phpcmsv9
CVE-2025-25958 (Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3
allows a remo ...)
- TODO: check
+ NOT-FOR-US: phpcmsv9
CVE-2025-25957 (Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and
before a ...)
- TODO: check
+ NOT-FOR-US: Xunruicms
CVE-2025-25679 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25678 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25676 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25675 (Tenda AC10 V1.0 V15.03.06.23 has a command injection
vulnerablility lo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25674 (Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow
in form_ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25668 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack
overflow vi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25667 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack
overflow vi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25664 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack
overflow vi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25663 (A vulnerability was found in Tenda AC8V4 V16.03.34.06.
Affected is the ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-25662 (Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow
in the ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-22973 (An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to
obtain s ...)
- TODO: check
+ NOT-FOR-US: QiboSoft QiboCMS
CVE-2025-1407 (The AMO Team Showcase plugin for WordPress is vulnerable to
Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1406 (The Newpost Catch plugin for WordPress is vulnerable to Stored
Cross-S ...)
@@ -43,9 +43,9 @@ CVE-2025-1001 (Medixant RadiAnt DICOM Viewer is vulnerable
due to failure of the
CVE-2024-7131
REJECTED
CVE-2024-54756 (A remote code execution (RCE) vulnerability in the ZScript
function of ...)
- TODO: check
+ NOT-FOR-US: ZDoom Team GZDoom
CVE-2024-38657 (External control of a file name in Ivanti Connect Secure
before versio ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-13883 (The WPUpper Share Buttons plugin for WordPress is vulnerable
to Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13818 (The Registration Forms \u2013 User Registration Forms,
Invitation-Base ...)
@@ -55,7 +55,7 @@ CVE-2024-13751 (The 3D Photo Gallery plugin for WordPress is
vulnerable to Store
CVE-2024-13672 (The Mini Course Generator | Embed mini-courses and interactive
content ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13585 (The Ajax Search Lite WordPress plugin before 4.12.5 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13537 (The C9 Blocks plugin for WordPress is vulnerable to Full Path
Disclosu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13388 (The TCBD Tooltip plugin for WordPress is vulnerable to Stored
Cross-Si ...)
@@ -63,7 +63,7 @@ CVE-2024-13388 (The TCBD Tooltip plugin for WordPress is
vulnerable to Stored Cr
CVE-2024-13379 (The C9 Admin Dashboard plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13314 (The Carousel, Slider, Gallery by WP Carousel WordPress plugin
before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13235 (The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11260 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
@@ -104,7 +104,7 @@ CVE-2025-21106 (Dell Recover Point for Virtual Machines
6.0.X contains a Weak fi
CVE-2025-21105 (Dell RecoverPoint for Virtual Machines 6.0.X contains a
command execut ...)
NOT-FOR-US: Dell
CVE-2025-20059 (Relative Path Traversal vulnerability in Ping Identity PingAM
Java Pol ...)
- TODO: check
+ NOT-FOR-US: Ping Identity PingAM Java Policy Agent
CVE-2025-1483 (The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1328 (The Typed JS: A typewriter style animation plugin for WordPress
is vul ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a667b1812eda23a1624b065ce3eb40bb7675a75
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a667b1812eda23a1624b065ce3eb40bb7675a75
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
