Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
141a7706 by Salvatore Bonaccorso at 2025-05-06T22:42:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-4388 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
NOT-FOR-US: Liferay
CVE-2025-4384 (The MQTT add-on of PcVue fails to verify that a remote
device\u2019s c ...)
- TODO: check
+ NOT-FOR-US: PcVue
CVE-2025-4374 (A flaw was found in Quay. When an organization acts as a proxy
cache, ...)
- TODO: check
+ NOT-FOR-US: Quay
CVE-2025-4373 (A flaw was found in GLib, which is vulnerable to an integer
overflow i ...)
TODO: check
CVE-2025-4368 (A vulnerability, which was classified as critical, was found in
Tenda ...)
@@ -29,9 +29,9 @@ CVE-2025-4355 (A vulnerability was found in Tenda DAP-1520
1.10B04_BETA02. It ha
CVE-2025-4354 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and
classif ...)
NOT-FOR-US: Tenda
CVE-2025-4353 (A vulnerability, which was classified as critical, was found in
Golden ...)
- TODO: check
+ NOT-FOR-US: Golden Link Secondary System
CVE-2025-4352 (A vulnerability, which was classified as critical, has been
found in G ...)
- TODO: check
+ NOT-FOR-US: Golden Link Secondary System
CVE-2025-4350 (A vulnerability classified as critical was found in D-Link
DIR-600L up ...)
NOT-FOR-US: D-Link
CVE-2025-4349 (A vulnerability classified as critical has been found in D-Link
DIR-60 ...)
@@ -53,7 +53,7 @@ CVE-2025-4342 (A vulnerability, which was classified as
critical, has been found
CVE-2025-4341 (A vulnerability classified as critical was found in D-Link
DIR-880L up ...)
NOT-FOR-US: D-Link
CVE-2025-4041 (In Optigo Networks ONS NC600 versions 4.2.1-084 through
4.7.2-330, an ...)
- TODO: check
+ NOT-FOR-US: Optigo Networks ONS NC600
CVE-2025-47417 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: Crestron Automate VX
CVE-2025-47256 (Libxmp through 4.6.2 has a stack-based buffer overflow in
depack_pha i ...)
@@ -66,13 +66,13 @@ CVE-2025-46820 (phpgt/Dom provides access to modern DOM
APIs. Versions of phpgt/
CVE-2025-46816 (goshs is a SimpleHTTPServer written in Go. Starting in version
0.3.4 a ...)
TODO: check
CVE-2025-46815 (The identity infrastructure software ZITADEL offers developers
the abi ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2025-46814 (FastAPI Guard is a security library for FastAPI that provides
middlewa ...)
- TODO: check
+ NOT-FOR-US: FastAPI Guard
CVE-2025-46736 (Umbraco is a free and open source .NET content management
system. Prio ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2025-46735 (Terraform WinDNS Provider allows users to manage their Windows
DNS ser ...)
- TODO: check
+ NOT-FOR-US: Terraform WinDNS Provider
CVE-2025-45492 (Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection
via the I ...)
NOT-FOR-US: Netgear
CVE-2025-45491 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
@@ -86,21 +86,21 @@ CVE-2025-45488 (Linksys E5600 v1.1.0.26 was discovered to
contain a command inje
CVE-2025-45487 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
NOT-FOR-US: Linksys
CVE-2025-45250 (MrDoc v0.95 and before is vulnerable to Server-Side Request
Forgery (S ...)
- TODO: check
+ NOT-FOR-US: MrDoc
CVE-2025-44900 (In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo
function ...)
NOT-FOR-US: Tenda
CVE-2025-40625 (Unrestricted file upload in TCMAN's GIM v11. This
vulnerability allows ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40624 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40623 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40622 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40621 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40620 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-3782 (The Cision Block plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-37730 (Improper certificate validation in Logstash's TCP output could
lead to ...)
@@ -120,7 +120,7 @@ CVE-2025-27241 (in OpenHarmony v5.0.3 and prior versions
allow a local attacker
CVE-2025-27132 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker arbitr ...)
NOT-FOR-US: OpenHarmony
CVE-2025-26262 (An issue in the component /internals/functions of R-fx
Networks Linux ...)
- TODO: check
+ NOT-FOR-US: R-fx Networks Linux Malware Detect
CVE-2025-25218 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker case D ...)
NOT-FOR-US: OpenHarmony
CVE-2025-25052 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker cause ...)
@@ -158,7 +158,7 @@ CVE-2025-21459 (Transient DOS while parsing per STA profile
in ML IE.)
CVE-2025-21453 (Memory corruption while processing a data structure, when an
iterator ...)
NOT-FOR-US: Qualcomm
CVE-2025-0984 (Unrestricted Upload of File with Dangerous Type, Improper
Neutralizati ...)
- TODO: check
+ NOT-FOR-US: Netoloji Software E-Flow
CVE-2024-49847 (Transient DOS while processing of a registration acceptance
OTA due to ...)
NOT-FOR-US: Qualcomm
CVE-2024-49846 (Memory corruption while decoding of OTA messages from T3448
IE.)
@@ -212,7 +212,7 @@ CVE-2024-45562 (Memory corruption during concurrent access
to server info object
CVE-2024-45554 (Memory corruption during concurrent SSR execution due to race
conditio ...)
NOT-FOR-US: Qualcomm
CVE-2023-33770 (Real Estate Management System v1.0 was discovered to contain a
SQL inj ...)
- TODO: check
+ NOT-FOR-US: Real Estate Management System
CVE-2025-22873
- golang-1.24 <unfixed>
- golang-1.23 <not-affected> (Vulnerable code only present in 1.24.x
releases)
@@ -226,25 +226,25 @@ CVE-2025-4340 (A vulnerability classified as critical has
been found in D-Link D
CVE-2025-4337 (The AHAthat Plugin plugin for WordPress is vulnerable to
Cross-Site Re ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4333 (A vulnerability was found in feng_ha_ha/megagao ssm-erp and
production ...)
- TODO: check
+ NOT-FOR-US: feng_ha_ha/megagao and ssm-erp production_ssm
CVE-2025-4332 (A vulnerability was found in PHPGurukul Company Visitor
Management Sys ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4331 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
NOT-FOR-US: SourceCodester
CVE-2025-4329 (A vulnerability was found in 74CMS up to 3.33.0. It has been
rated as ...)
- TODO: check
+ NOT-FOR-US: 74CMS
CVE-2025-4328 (A vulnerability was found in fp2952 spring-cloud-base up to
7f050dc6db ...)
TODO: check
CVE-2025-4327 (A vulnerability was found in MRCMS 3.1.2. It has been
classified as pr ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4326 (A vulnerability was found in MRCMS 3.1.2 and classified as
problematic ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4325 (A vulnerability has been found in MRCMS 3.1.2 and classified as
proble ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4324 (A vulnerability, which was classified as problematic, was found
in MRC ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4323 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4314 (A vulnerability has been found in SourceCodester Advanced Web
Store 1. ...)
NOT-FOR-US: SourceCodester
CVE-2025-4313 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -264,7 +264,7 @@ CVE-2025-4307 (A vulnerability was found in PHPGurukul Art
Gallery Management Sy
CVE-2025-4306 (A vulnerability was found in PHPGurukul Nipah Virus Testing
Management ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4305 (A vulnerability has been found in kefaming mayi up to 1.3.9 and
classi ...)
- TODO: check
+ NOT-FOR-US: kefaming mayi
CVE-2025-4304 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4303 (A vulnerability, which was classified as critical, has been
found in P ...)
@@ -280,11 +280,11 @@ CVE-2025-4298 (A vulnerability was found in Tenda AC1206
up to 15.03.06.23. It h
CVE-2025-4297 (A vulnerability was found in PHPGurukul Men Salon Management
System 2. ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4293 (A vulnerability was found in MRCMS 3.1.3 and classified as
problematic ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4292 (A vulnerability has been found in MRCMS 3.1.3 and classified as
proble ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4291 (A vulnerability, which was classified as critical, was found in
IdeaCM ...)
- TODO: check
+ NOT-FOR-US: IdeaCMS
CVE-2025-4290 (A vulnerability, which was classified as critical, has been
found in P ...)
NOT-FOR-US: PCMan FTP Server
CVE-2025-4289 (A vulnerability classified as critical was found in PCMan FTP
Server 2 ...)
@@ -330,11 +330,11 @@ CVE-2025-46585 (Out-of-bounds array read/write
vulnerability in the kernel modul
CVE-2025-46584 (Vulnerability of improper authentication logic implementation
in the f ...)
NOT-FOR-US: Huawei
CVE-2025-44074 (SeaCMS v13.3 was discovered to contain a SQL injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-44072 (SeaCMS v13.3 was discovered to contain a SQL injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-44071 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-3610 (The Reales WP STPT plugin for WordPress is vulnerable to
privilege esc ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3609 (The Reales WP STPT plugin for WordPress is vulnerable to
unauthorized ...)
@@ -356,7 +356,7 @@ CVE-2025-0915 (IBM Db2 for Linux, UNIX and Windows
(includes DB2 Connect Server)
CVE-2024-58252 (Vulnerability of insufficient information protection in the
media libr ...)
NOT-FOR-US: Huawei
CVE-2024-39442 (In sprd ssense service, there is a possible missing permission
check. ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-46716
REJECTED
CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the
aws-am ...)
@@ -408,9 +408,9 @@ CVE-2025-45751 (SourceCodester Web Based Pharmacy Product
Management System 1.0
CVE-2025-45618 (Incorrect access control in the component
/admin/sys/datasource/ajaxLi ...)
TODO: check
CVE-2025-45617 (Incorrect access control in the component /user/list of
production_ssm ...)
- TODO: check
+ NOT-FOR-US: production_ssm
CVE-2025-45616 (Incorrect access control in the /admin/** API of brcc v1.2.0
allows at ...)
- TODO: check
+ NOT-FOR-US: brcc
CVE-2025-45615 (Incorrect access control in the /admin/ API of yaoqishan
v0.0.1-SNAPSH ...)
NOT-FOR-US: yaoqishan
CVE-2025-45614 (Incorrect access control in the component /api/user/manager of
One v1. ...)
@@ -424,7 +424,7 @@ CVE-2025-45611 (Incorrect access control in the /user/edit/
component of hope-bo
CVE-2025-45610 (Incorrect access control in the component /scheduleLog/info/1
of PassJ ...)
NOT-FOR-US: PassJava-Platform
CVE-2025-45609 (Incorrect access control in the doFilter function of kob
latest v1.0.0 ...)
- TODO: check
+ NOT-FOR-US: kob
CVE-2025-45608 (Incorrect access control in the /system/user/findUserList API
of Xingu ...)
NOT-FOR-US: Xinguan
CVE-2025-45607 (An issue in the component /manage/ of itranswarp v2.19 allows
attacker ...)
@@ -436,7 +436,7 @@ CVE-2025-45321 (kashipara Online Service Management Portal
V1.0 is vulnerable to
CVE-2025-45320 (A Directory Listing Vulnerability was found in the
/osms/Requester/ di ...)
NOT-FOR-US: kashipara Online Service Management Portal
CVE-2025-45242 (Rhymix v2.1.22 was discovered to contain an arbitrary file
deletion vu ...)
- TODO: check
+ NOT-FOR-US: Rhymix CMS
CVE-2025-45240 (foxcms v1.2.5 was discovered to contain a SQL injection
vulnerability ...)
NOT-FOR-US: foxcms
CVE-2025-45239 (An issue in the restores method (DataBackup.php) of foxcms
v2.0.6 allo ...)
@@ -444,9 +444,9 @@ CVE-2025-45239 (An issue in the restores method
(DataBackup.php) of foxcms v2.0.
CVE-2025-45238 (foxcms v1.2.5 was discovered to contain an arbitrary file
deletion vul ...)
NOT-FOR-US: foxcms
CVE-2025-45237 (Incorrect access control in the component /config/download of
DBSyncer ...)
- TODO: check
+ NOT-FOR-US: DBSyncer
CVE-2025-45236 (A stored cross-site scripting (XSS) vulnerability in the Edit
Profile ...)
- TODO: check
+ NOT-FOR-US: DBSyncer
CVE-2025-45042 (Tenda AC9 v15.03.05.14 was discovered to contain a command
injection v ...)
NOT-FOR-US: Tenda
CVE-2025-43915 (In Buoyant Edge releases before edge-25.2.1 and Enterprise for
Linkerd ...)
@@ -474,7 +474,7 @@ CVE-2025-43843 (Retrieval-based-Voice-Conversion-WebUI is a
voice changing frame
CVE-2025-43842 (Retrieval-based-Voice-Conversion-WebUI is a voice changing
framework b ...)
NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
CVE-2025-2905 (An XML External Entity (XXE) vulnerability exists in the
gateway compo ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-29573 (Cross-Site Scripting (XSS) vulnerability exists in Mezzanine
CMS 6.0.0 ...)
NOT-FOR-US: Mezzanine CMS
CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0 is vulnerable to
Unrestricted ...)
@@ -482,21 +482,21 @@ CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0
is vulnerable to Unrestr
CVE-2025-28062 (A Cross-Site Request Forgery (CSRF) vulnerability was
discovered in ER ...)
NOT-FOR-US: ERPNEXT
CVE-2025-27921 (A reflected cross-site scripting (XSS) vulnerability was
discovered in ...)
- TODO: check
+ NOT-FOR-US: Output Messenger
CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory
traversal ...)
- TODO: check
+ NOT-FOR-US: Output Messenger
CVE-2025-26241 (A SQL injection vulnerability in the "Search" functionality of
"ticket ...)
TODO: check
CVE-2025-25504 (An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC
(In AV o ...)
- TODO: check
+ NOT-FOR-US: Gefen WebFWC
CVE-2025-24977 (OpenCTI is an open cyber threat intelligence (CTI) platform.
Prior to ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2025-1992 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
NOT-FOR-US: IBM
CVE-2025-1909 (The BuddyBoss Platform Pro plugin for WordPress is vulnerable
to authe ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0217 (BeyondTrust Privileged Remote Access (PRA) versions prior to
25.1 are ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2024-58237 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.9-1
NOTE:
https://git.kernel.org/linus/1a4607ffba35bf2a630aab299e34dd3f6e658d70 (6.13-rc3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/141a7706ede075afe7fe7daf16b3adea1938eaf6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/141a7706ede075afe7fe7daf16b3adea1938eaf6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
