Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e000b111 by security tracker role at 2025-05-21T20:13:46+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2025-5049 (A vulnerability was found in FreeFloat FTP
Server 1.0. It has bee
CVE-2025-5033 (A vulnerability classified as problematic was found in
XiaoBingby TeaC ...)
TODO: check
CVE-2025-5032 (A vulnerability classified as critical has been found in
Campcodes Onl ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5031 (A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It
has be ...)
TODO: check
CVE-2025-5030 (A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It
has be ...)
@@ -17,21 +17,21 @@ CVE-2025-5029 (A vulnerability has been found in Kingdee
Cloud Galaxy Private Cl
CVE-2025-5020 (Opening maliciously-crafted URLs in Firefox from other apps
such as Sa ...)
TODO: check
CVE-2025-4803 (The Glossary by WPPedia \u2013 Best Glossary plugin for
WordPress plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4611 (The Slim SEO \u2013 Fast & Automated WordPress SEO Plugin
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4416 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-4415 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-4221 (The Animated Buttons plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4219 (The DPEPress plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4217 (The WP YouTube Video Optimizer plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4105 (The Splitit plugin for WordPress is vulnerable to unauthorized
modific ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4008 (The Meteobridge web interface let meteobridge administrator
manage the ...)
TODO: check
CVE-2025-48417 (The certificate and private key used for providing transport
layer sec ...)
@@ -69,13 +69,13 @@ CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki
16.10.0, required rig
CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and
including 1 ...)
TODO: check
CVE-2025-48012 (Authentication Bypass by Capture-replay vulnerability in
Drupal One Ti ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-48011 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-48010 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-48009 (Missing Authorization vulnerability in Drupal Single Content
Sync allo ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-47291 (containerd is an open-source container runtime. A bug was
found in the ...)
TODO: check
CVE-2025-46822 (OsamaTaher/Java-springboot-codebase is a collection of Java
and Spring ...)
@@ -93,17 +93,17 @@ CVE-2025-44895 (FW-WGS-804HPT v1.305b241111 was discovered
to contain a stack ov
CVE-2025-44892 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
TODO: check
CVE-2025-44083 (An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker
to bypa ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-41426 (Affected Vertiv products contain a stack based buffer overflow
vulnera ...)
TODO: check
CVE-2025-41232 (Spring Security Aspects may not correctly locate method
security annot ...)
TODO: check
CVE-2025-3781 (The Raisely Donation Form plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3751 (The component listed above contains a vulnerability that can be
exploi ...)
TODO: check
CVE-2025-3750 (The Network Posts Extended plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-36535 (The embedded web server lacks authentication and access
controls, allo ...)
TODO: check
CVE-2025-2261 (Stored XSS in TIBCO ActiveMatrix Administrator allows malicious
data t ...)
@@ -177,7 +177,7 @@ CVE-2024-42922 (AAPanel v7.0.7 was discovered to contain an
OS command injection
CVE-2024-23337 (jq is a command-line JSON processor. In versions up to and
including 1 ...)
TODO: check
CVE-2024-12561 (The Affiliate Sales in Google Analytics and other tools plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-40775 (When an incoming DNS protocol message includes a Transaction
Signature ...)
- bind9 1:9.20.9-1
[bookworm] - bind9 <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e000b111fe92a9c1db2116bfd0c26fc67b218202
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e000b111fe92a9c1db2116bfd0c26fc67b218202
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
