Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3d7bd6bf by Salvatore Bonaccorso at 2025-05-07T23:02:29+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -316,15 +316,15 @@ CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88
allows command injection
CVE-2025-46828 (WeGIA is a web manager for charitable institutions. An
unauthenticate ...)
NOT-FOR-US: WeGIA
CVE-2025-46827 (Graylog is a free and open log management platform. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: Graylog
CVE-2025-46824 (The Discourse Code Review Plugin allows users to review GitHub
commits ...)
- TODO: check
+ NOT-FOR-US: Discourse Code Review Plugin
CVE-2025-46551 (JRuby-OpenSSL is an add-on gem for JRuby that emulates the
Ruby OpenSS ...)
TODO: check
CVE-2025-45514 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the
functio ...)
NOT-FOR-US: Tenda
CVE-2025-45388 (Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Wagtail CMS
CVE-2025-3476 (Incorrect Authorization vulnerability in OpenText\u2122
Operations Bri ...)
NOT-FOR-US: OpenText
CVE-2025-3272 (Incorrect Authorization vulnerability in OpenText\u2122
Operations Bri ...)
@@ -340,31 +340,31 @@ CVE-2025-32820 (A vulnerability in SMA100 allows a remote
authenticated attacker
CVE-2025-32819 (A vulnerability in SMA100 allows a remote authenticated
attacker with ...)
NOT-FOR-US: SonicWall
CVE-2025-30147 (Besu Native contains scripts and tooling that is used to build
and pac ...)
- TODO: check
+ NOT-FOR-US: Besu Native
CVE-2025-2778
REJECTED
CVE-2025-2777 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2025-2776 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2025-2775 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2025-29746 (Cross Site Scripting vulnerability in Koillection v.1.6.10
allows a re ...)
- TODO: check
+ NOT-FOR-US: Koillection
CVE-2025-29602 (flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in
Adminis ...)
TODO: check
CVE-2025-29448 (A business logic vulnerability in Easy Appointments v1.5.1
allows atta ...)
- TODO: check
+ NOT-FOR-US: Easy Appointments
CVE-2025-29154 (HTML injection vulnerability in lemeconsultoria HCM galera.app
v.4.58. ...)
- TODO: check
+ NOT-FOR-US: lemeconsultoria HCM galera.app
CVE-2025-29153 (SQL Injection vulnerability in lemeconsultoria HCM galera.app
v.4.58.0 ...)
- TODO: check
+ NOT-FOR-US: lemeconsultoria HCM galera.app
CVE-2025-29152 (Cross-Site Scripting vulnerability in lemeconsultoria HCM
galera.app v ...)
- TODO: check
+ NOT-FOR-US: lemeconsultoria HCM galera.app
CVE-2025-26169 (IXON VPN Client before 1.4.4 on Windows allows Local Privilege
Escalat ...)
- TODO: check
+ NOT-FOR-US: IXON VPN Client
CVE-2025-26168 (IXON VPN Client before 1.4.4 on Linux and macOS allows Local
Privilege ...)
- TODO: check
+ NOT-FOR-US: IXON VPN Client
CVE-2025-20980 (Out-of-bounds write in libsavscmn prior to Android 15 allows
local att ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-20979 (Out-of-bounds write in libsavscmn prior to Android 15 allows
local att ...)
@@ -426,75 +426,75 @@ CVE-2025-20949 (Path traversal vulnerability in Samsung
Members prior to version
CVE-2025-20937 (Out-of-bounds write in Keymaster trustlet prior to SMR
May-2025 Releas ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-20223 (A vulnerability in Cisco Catalyst Center, formerly Cisco DNA
Center, c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20221 (A vulnerability in the packet filtering features of Cisco IOS
XE SD-WA ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20216 (A vulnerability in the web interface of Cisco Catalyst SD-WAN
Manager, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20214 (A vulnerability in the Network Configuration Access Control
Module (NA ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20213 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager,
formerly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20210 (A vulnerability in the management API of Cisco Catalyst
Center, former ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20202 (A vulnerability in Cisco IOS XE Wireless Controller Software
could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20201 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20200 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20199 (A vulnerability in the CLI of Cisco IOS XE Software could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20198 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20197 (A vulnerability in the CLI of Cisco IOS XE Software could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20196 (A vulnerability in the Cisco IOx application hosting
environment of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20195 (A vulnerability in the web-based management interface of Cisco
IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20194 (A vulnerability in the web-based management interface of Cisco
IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20193 (A vulnerability in the web-based management interface of Cisco
IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20192 (A vulnerability in the Internet Key Exchange version 1 (IKEv1)
impleme ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20191 (A vulnerability in the Switch Integrated Security Features
(SISF) of C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20190 (A vulnerability in the lobby ambassador web interface of Cisco
IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20189 (A vulnerability in the Cisco Express Forwarding functionality
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20188 (A vulnerability in the Out-of-Band Access Point (AP) Image
Download fe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20187 (A vulnerability in the application data endpoints of Cisco
Catalyst SD ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20186 (A vulnerability in the web-based management interface of the
Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20182 (A vulnerability in the Internet Key Exchange version 2 (IKEv2)
protoco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20181 (A vulnerability in Cisco IOS Software for Cisco Catalyst
2960X, 2960XR ...)
NOT-FOR-US: Cisco
CVE-2025-20164 (A vulnerability in the Cisco Industrial Ethernet Switch Device
Manager ...)
NOT-FOR-US: Cisco
CVE-2025-20162 (A vulnerability in the DHCP snooping security feature of Cisco
IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20157 (A vulnerability in certificate validation processing of Cisco
Catalyst ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20155 (A vulnerability in the bootstrap loading of Cisco IOS XE
Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20154 (A vulnerability in the Two-Way Active Measurement Protocol
(TWAMP) ser ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20151 (A vulnerability in the implementation of the Simple Network
Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20147 (A vulnerability in the web-based management interface of Cisco
Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20140 (A vulnerability in the Wireless Network Control daemon (wncd)
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20137 (A vulnerability in the access control list (ACL) programming
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager,
formerly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2,
`tls_wildc ...)
TODO: check
CVE-2020-36791 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
@@ -569,9 +569,9 @@ CVE-2025-32396 (An Heap-based Buffer Overflow in RT-Labs
P-Net version 1.0.1 or
CVE-2025-2821 (The Search Exclude plugin for WordPress is vulnerable to
unauthorized ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1400 (Out-of-bounds Read vulnerability inunpack_response (conn.c) in
libplct ...)
- TODO: check
+ NOT-FOR-US: libplctag
CVE-2025-1399 (Out-of-bounds Read vulnerability inunpack_response (session.c)
in libp ...)
- TODO: check
+ NOT-FOR-US: libplctag
CVE-2025-0856 (The PGS Core plugin for WordPress is vulnerable to unauthorized
access ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0855 (The PGS Core plugin for WordPress is vulnerable to PHP Object
Injectio ...)
@@ -579,13 +579,13 @@ CVE-2025-0855 (The PGS Core plugin for WordPress is
vulnerable to PHP Object Inj
CVE-2025-0853 (The PGS Core plugin for WordPress is vulnerable to SQL
Injection via t ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0669 (Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server
allows ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0668 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0667 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0666 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow
serving ver ...)
TODO: check
CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
@@ -950,7 +950,7 @@ CVE-2025-3609 (The Reales WP STPT plugin for WordPress is
vulnerable to unauthor
CVE-2025-3281 (The User Registration & Membership \u2013 Custom Registration
Form, Lo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3020 (An low privileged remote Attacker can execute arbitrary web
scripts or ...)
- TODO: check
+ NOT-FOR-US: Wiesemann & Theis GmbH Products
CVE-2025-2802 (The LayoutBoxx plugin for WordPress is vulnerable to arbitrary
shortco ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2509 (Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0
allows a m ...)
@@ -1096,7 +1096,7 @@ CVE-2025-27921 (A reflected cross-site scripting (XSS)
vulnerability was discove
CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory
traversal ...)
NOT-FOR-US: Output Messenger
CVE-2025-26241 (A SQL injection vulnerability in the "Search" functionality of
"ticket ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2025-25504 (An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC
(In AV o ...)
NOT-FOR-US: Gefen WebFWC
CVE-2025-24977 (OpenCTI is an open cyber threat intelligence (CTI) platform.
Prior to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d7bd6bfb25a6fb1a7cb533251bc36460fd23673
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d7bd6bfb25a6fb1a7cb533251bc36460fd23673
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
