Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89b933f3 by Salvatore Bonaccorso at 2025-04-15T22:34:38+02:00
Proces some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46,19 +46,19 @@ CVE-2025-32776 (OpenRazer is an open source driver and
user-space daemon to cont
NOTE: Fixed by:
https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39
(v3.10.2)
NOTE: Fixed by:
https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f
(v3.10.2)
CVE-2025-32445 (Argo Events is an event-driven workflow automation framework
for Kuber ...)
- TODO: check
+ NOT-FOR-US: Argo Events
CVE-2025-32439 (pleezer is a headless Deezer Connect player. Hook scripts in
pleezer c ...)
- TODO: check
+ NOT-FOR-US: pleezer
CVE-2025-32438 (make-initrd-ng is a tool for copying binaries and their
dependencies. ...)
- TODO: check
+ NOT-FOR-US: make-initrd-ng (from NixOS)
CVE-2025-32103 (CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1
allows di ...)
- TODO: check
+ NOT-FOR-US: CrushFTP
CVE-2025-32102 (CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1
allows SS ...)
- TODO: check
+ NOT-FOR-US: CrushFTP
CVE-2025-32012 (Jellyfin is an open source self hosted media server. In
versions 10.9. ...)
TODO: check
CVE-2025-31497 (TEIGarage is a webservice and RESTful service to transform,
convert an ...)
- TODO: check
+ NOT-FOR-US: TEIGarage
CVE-2025-31011 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30985 (Deserialization of Untrusted Data vulnerability in NotFound
GNUCommerc ...)
@@ -70,7 +70,7 @@ CVE-2025-30964 (Server-Side Request Forgery (SSRF)
vulnerability in EPC Photogra
CVE-2025-30962 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30206 (Dpanel is a Docker visualization panel system which provides
complete ...)
- TODO: check
+ NOT-FOR-US: Dpanel
CVE-2025-2567 (An attacker could modify or disable settings, disrupt fuel
monitoring ...)
TODO: check
CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is
vulnerable t ...)
@@ -78,33 +78,33 @@ CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for
WordPress is vulnera
CVE-2025-29817 (Uncontrolled search path element in Power Automate allows an
authorize ...)
TODO: check
CVE-2025-29705 (code-gen <=2.0.6 is vulnerable to Incorrect Access Control.
The projec ...)
- TODO: check
+ NOT-FOR-US: code-gen
CVE-2025-29281 (In PerfreeBlog version 4.0.11, regular users can exploit the
arbitrary ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2025-29280 (Stored cross-site scripting vulnerability exists in
PerfreeBlog v4.0.1 ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2025-29213 (A zip slip vulnerability in the component
\service\migrate\MigrateForm ...)
- TODO: check
+ NOT-FOR-US: JEEWMS
CVE-2025-28399 (An issue in Erick xmall v.1.1 and before allows a remote
attacker to e ...)
- TODO: check
+ NOT-FOR-US: Erick xmall
CVE-2025-28198 (A SQL injection vulnerability in Hitout car sale 1.0 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: Hitout car sale
CVE-2025-28145 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3
1.0.15 was ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-28144 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3
1.0.15 was ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-28143 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC
V3_1.0.15 was ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-28142 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC
V3_1.0.15 was ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-28137 (The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to
contain a pre ...)
TODO: check
CVE-2025-28136 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a
buffer o ...)
TODO: check
CVE-2025-28100 (A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a
attacker ...)
- TODO: check
+ NOT-FOR-US: dingfanzuCMS
CVE-2025-27980 (cashbook v4.0.3 has an arbitrary file read vulnerability in
/api/entry ...)
- TODO: check
+ NOT-FOR-US: cashbook
CVE-2025-27791 (Collabora Online is a collaborative online office suite based
on Libre ...)
TODO: check
CVE-2025-26992 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -114,17 +114,17 @@ CVE-2025-26990 (Server-Side Request Forgery (SSRF)
vulnerability in WP Royal Roy
CVE-2025-26982 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26959 (Missing Authorization vulnerability in Qu\xfd L\xea 91
Administrator Z ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26958 (Missing Authorization vulnerability in NotFound JetBlog allows
Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26955 (Missing Authorization vulnerability in VW Themes Industrial
Lite allow ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26954 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26944 (Missing Authorization vulnerability in NotFound JetPopup
allows Access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26942 (Missing Authorization vulnerability in NotFound JetTricks
allows Acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26894 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26889 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -136,13 +136,13 @@ CVE-2025-26744 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-26743 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26741 (Missing Authorization vulnerability in AWEOS GmbH Email
Notifications ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25456 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer
Overflow in Adv ...)
NOT-FOR-US: Tenda
CVE-2025-24949 (In JotUrl 2.0, is possible to bypass security requirements
during the ...)
- TODO: check
+ NOT-FOR-US: JotUrl
CVE-2025-24948 (In JotUrl 2.0, passwords are sent via HTTP GET-type requests,
potentia ...)
- TODO: check
+ NOT-FOR-US: JotUrl
CVE-2025-24358 (gorilla/csrf provides Cross Site Request Forgery (CSRF)
prevention mid ...)
TODO: check
CVE-2025-22903 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to
contain a sta ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b933f3dfa76a8383e763a9a8e5388f94e92215
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b933f3dfa76a8383e763a9a8e5388f94e92215
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
