Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97e327a4 by Salvatore Bonaccorso at 2025-06-09T22:33:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2025-5914 (A vulnerability has been identified in the
libarchive library, sp
NOTE: https://github.com/libarchive/libarchive/pull/2598
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/09685126fcec664e2b8ca595e1fc371bd494d209
(v3.8.0)
CVE-2025-5895 (A vulnerability was found in Metabase 54.10. It has been
classified as ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2025-5892 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2025-5891 (A vulnerability classified as problematic was found in Unitech
pm2 up ...)
- TODO: check
+ NOT-FOR-US: Unitech pm2
CVE-2025-5890 (A vulnerability classified as problematic has been found in
actions to ...)
TODO: check
CVE-2025-5889 (A vulnerability was found in juliangruber brace-expansion up to
1.1.11 ...)
@@ -33,19 +33,19 @@ CVE-2025-5888 (A vulnerability was found in jsnjfz
WebStack-Guns 1.0. It has bee
CVE-2025-5887 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has
been cla ...)
TODO: check
CVE-2025-5886 (A vulnerability was found in Emlog up to 2.5.7 and classified
as probl ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2025-5885 (A vulnerability has been found in Konica Minolta bizhub up to
20250202 ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta bizhub
CVE-2025-5884 (A vulnerability, which was classified as problematic, was found
in Kon ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta bizhub
CVE-2025-5881 (A vulnerability was found in code-projects Chat System up to
1.0 and c ...)
NOT-FOR-US: code-projects
CVE-2025-5880 (A vulnerability has been found in Whistle 2.9.98 and classified
as pro ...)
- TODO: check
+ NOT-FOR-US: Whistle
CVE-2025-5879 (A vulnerability, which was classified as problematic, was found
in WuK ...)
- TODO: check
+ NOT-FOR-US: WuKongOpenSource WukongCRM
CVE-2025-5877 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Fengoffice Feng Office
CVE-2025-5876 (A vulnerability classified as problematic was found in Lucky
LM-520-SC ...)
TODO: check
CVE-2025-5875 (A vulnerability classified as critical has been found in
TP-Link TL-IP ...)
@@ -53,51 +53,51 @@ CVE-2025-5875 (A vulnerability classified as critical has
been found in TP-Link
CVE-2025-5874 (A vulnerability was found in Redash up to 10.1.0/25.1.0. It has
been r ...)
TODO: check
CVE-2025-5873 (A vulnerability was found in eCharge Hardy Barth Salia PLCC
2.2.0. It ...)
- TODO: check
+ NOT-FOR-US: eCharge Hardy Barth Salia PLCC
CVE-2025-5872 (A vulnerability was found in eGauge EG3000 Energy Monitor
3.6.3. It ha ...)
- TODO: check
+ NOT-FOR-US: eGauge EG3000 Energy Monitor
CVE-2025-5871 (A vulnerability was found in Papendorf SOL Connect Center
3.3.0.0 and ...)
- TODO: check
+ NOT-FOR-US: Papendorf SOL Connect Center
CVE-2025-5870 (A vulnerability has been found in TRENDnet TV-IP121W 1.1.1
Build 36 an ...)
NOT-FOR-US: TRENDnet
CVE-2025-5869 (A vulnerability, which was classified as critical, was found in
RT-Thr ...)
- TODO: check
+ NOT-FOR-US: RT-Thread
CVE-2025-5868 (A vulnerability, which was classified as critical, has been
found in R ...)
- TODO: check
+ NOT-FOR-US: RT-Thread
CVE-2025-49653 (Exposure of sensitive data in active sessions in Lablup's
BackendAI al ...)
- TODO: check
+ NOT-FOR-US: Lablup's BackendAI
CVE-2025-49652 (Missing Authentication in the registration feature of Lablup's
Backend ...)
- TODO: check
+ NOT-FOR-US: Lablup's BackendAI
CVE-2025-49651 (Missing Authorization in Lablup's BackendAI allows attackers
to takeov ...)
- TODO: check
+ NOT-FOR-US: Lablup's BackendAI
CVE-2025-49297 (Path Traversal vulnerability in Mikado-Themes Grill and Chow
allows PH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49296 (Path Traversal vulnerability in Mikado-Themes GrandPrix allows
PHP Loc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49295 (Path Traversal vulnerability in Mikado-Themes MediClinic
allows PHP Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49282 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49281 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49280 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49279 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49278 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49277 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49276 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49275 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49265 (Missing Authorization vulnerability in WP Swings Membership
For WooCom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49136 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
TODO: check
CVE-2025-49131 (FastGPT is an open-source project that provides a platform for
buildin ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2025-49130 (Laravel Translation Manager is a package to manage Laravel
translation ...)
TODO: check
CVE-2025-49013 (WilderForge is a Wildermyth coremodding API. A critical
vulnerability ...)
@@ -105,65 +105,65 @@ CVE-2025-49013 (WilderForge is a Wildermyth coremodding
API. A critical vulnerab
CVE-2025-49006 (Wasp (Web Application Specification) is a Rails-like framework
for Rea ...)
TODO: check
CVE-2025-48877 (Discourse is an open-source discussion platform. Prior to
version 3.4. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-48281 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48279 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48267 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48261 (Insertion of Sensitive Information Into Sent Data
vulnerability in Mul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48147 (Missing Authorization vulnerability in Crypto Cloud
CryptoCloud - Cryp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48143 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48141 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48140 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48139 (Missing Authorization vulnerability in relentlo StyleAI allows
Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48130 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48129 (Incorrect Privilege Assignment vulnerability in Holest
Engineering Spr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48126 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48125 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48124 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48123 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48122 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48062 (Discourse is an open-source discussion platform. Prior to
version 3.4. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-48053 (Discourse is an open-source discussion platform. Prior to
version 3.4. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-47651 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47608 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47561 (Incorrect Privilege Assignment vulnerability in RomanCode
MapSVG allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47527 (Missing Authorization vulnerability in Icegram Icegram Collect
\u2013 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47511 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47487 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47477 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47463 (Missing Authorization vulnerability in Fahad Mahmood Stock
Locations f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46178 (Cross-Site Scripting (XSS) vulnerability exists in
askquery.php via th ...)
TODO: check
CVE-2025-46041 (A stored cross-site scripting (XSS) vulnerability in Anchor
CMS v0.12. ...)
- TODO: check
+ NOT-FOR-US: Anchor CMS
CVE-2025-45055 (Silverpeas 6.4.2 contains a stored cross-site scripting (XSS)
vulnerab ...)
TODO: check
CVE-2025-45002 (Vigybag v1.0 and before is vulnerable to Cross Site Scripting
(XSS) vi ...)
@@ -185,33 +185,33 @@ CVE-2025-40668 (Incorrect authorization vulnerability in
TCMAN's GIM v11. This v
CVE-2025-3835 (Zohocorp ManageEngineExchange Reporter Plus versions5721 and
prior are ...)
NOT-FOR-US: Zoho
CVE-2025-39539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39476 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39475 (Path Traversal vulnerability in Frenify Arlo allows PHP Local
File Inc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39473 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-36528 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are
vulnera ...)
NOT-FOR-US: Zoho
CVE-2025-32595 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32308 (Missing Authorization vulnerability in looks_awesome Team
Builder allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32291 (Unrestricted Upload of File with Dangerous Type vulnerability
in Fanta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31925 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31920 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31917 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31638 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31635 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31429 (Deserialization of Untrusted Data vulnerability in themeton
PressGrid ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31426 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -219,13 +219,13 @@ CVE-2025-31426 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-31424 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31398 (Deserialization of Untrusted Data vulnerability in themeton
PIMP - Cre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31396 (Deserialization of Untrusted Data vulnerability in themeton
FLAP - Bus ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31061 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31059 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31058 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31057 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -235,7 +235,7 @@ CVE-2025-31052 (Deserialization of Untrusted Data
vulnerability in themeton The
CVE-2025-31050 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31045 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31039 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31022 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
@@ -243,31 +243,31 @@ CVE-2025-31022 (Authentication Bypass Using an Alternate
Path or Channel vulnera
CVE-2025-31019 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-29627 (An issue in KeeperChat IOS Application v.5.8.8 allows a
physically pro ...)
- TODO: check
+ NOT-FOR-US: KeeperChat IOS Application
CVE-2025-28992 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28945 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28944 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28888 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27709 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are
vulnera ...)
NOT-FOR-US: Zoho
CVE-2025-27362 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26592 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24770 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24768 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24767 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23974 (Incorrect Privilege Assignment vulnerability in ifkooo
One-Login allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-46452 (A Host Header injection vulnerability in the password reset
function o ...)
- TODO: check
+ NOT-FOR-US: VigyBag Open Source Online Shop
CVE-2025-5894 (Smart Parking Management System from Honding Technology has a
Missing ...)
NOT-FOR-US: Honding Technology
CVE-2025-5893 (Smart Parking Management System from Honding Technology has an
Exposur ...)
@@ -204970,7 +204970,7 @@ CVE-2023-26007
CVE-2023-26006
RESERVED
CVE-2023-26005 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26004
RESERVED
CVE-2023-26003 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97e327a45f746437e02b15c4f04544cd0a5df41d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97e327a45f746437e02b15c4f04544cd0a5df41d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
