Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da5a5f1b by Salvatore Bonaccorso at 2025-07-31T22:35:11+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-8426 (Marvell QConvergeConsole compressConfigFiles Directory
Traversal Infor ...)
- TODO: check
+ NOT-FOR-US: Marvell
CVE-2025-8409 (A vulnerability has been found in code-projects Vehicle
Management 1.0 ...)
- TODO: check
+ NOT-FOR-US: code-projects Vehicle Management
CVE-2025-8408 (A vulnerability, which was classified as critical, was found in
code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Vehicle Management
CVE-2025-8407 (A vulnerability, which was classified as critical, has been
found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Vehicle Management
CVE-2025-8401 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8382 (A vulnerability, which was classified as critical, was found in
Campco ...)
@@ -19,37 +19,37 @@ CVE-2025-8379 (A vulnerability classified as critical has
been found in Campcode
CVE-2025-8378 (A vulnerability was found in Campcodes Online Hotel Reservation
System ...)
NOT-FOR-US: Campcodes
CVE-2025-8376 (A vulnerability classified as critical has been found in
code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects Vehicle Management
CVE-2025-8375 (A vulnerability was found in code-projects Vehicle Management
1.0. It ...)
- TODO: check
+ NOT-FOR-US: code-projects Vehicle Management
CVE-2025-8374 (A vulnerability was found in code-projects Vehicle Management
1.0. It ...)
- TODO: check
+ NOT-FOR-US: code-projects Vehicle Management
CVE-2025-8286 (G\xfcralp FMUS series seismic monitoring devicesexpose an
unauthentica ...)
- TODO: check
+ NOT-FOR-US: Guralp FMUS series seismic monitoring devices
CVE-2025-8213 (The NinjaScanner \u2013 Virus & Malware scan plugin for
WordPress is v ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8192 (There exists a TOCTOU race condition in TvSettings
AppRestrictionsFrag ...)
- TODO: check
+ NOT-FOR-US: TvSettings
CVE-2025-8151 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8068 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-54834 (OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0
allows an u ...)
- TODO: check
+ NOT-FOR-US: OPEXUS FOIAXpress Public Access Link (PAL)
CVE-2025-54833 (OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0
allows atta ...)
- TODO: check
+ NOT-FOR-US: OPEXUS FOIAXpress Public Access Link (PAL)
CVE-2025-54832 (OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0,
allows an ...)
- TODO: check
+ NOT-FOR-US: OPEXUS FOIAXpress Public Access Link (PAL)
CVE-2025-54589 (Copyparty is a portable file server. In versions 1.18.6 and
below, whe ...)
- TODO: check
+ NOT-FOR-US: Copyparty
CVE-2025-52289 (A Broken Access Control vulnerability in MagnusBilling
v7.8.5.3 allows ...)
- TODO: check
+ NOT-FOR-US: MagnusBilling
CVE-2025-52203 (A stored cross-site scripting (XSS) vulnerability exists in
DevaslanPH ...)
- TODO: check
+ NOT-FOR-US: DevaslanPHP project-management
CVE-2025-51569 (A cross-site scripting (XSS) vulnerability exists in the
LB-Link BL-CP ...)
- TODO: check
+ NOT-FOR-US: LB-Link
CVE-2025-51503 (A Stored Cross-Site Scripting (XSS) vulnerability in
Microweber CMS 2. ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2025-51385 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in
the yyxz ...)
NOT-FOR-US: D-Link
CVE-2025-51384 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in
the ipse ...)
@@ -57,33 +57,33 @@ CVE-2025-51384 (D-LINK DI-8200 16.07.26A1 is vulnerable to
Buffer Overflow in th
CVE-2025-51383 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in
the ipse ...)
NOT-FOR-US: D-Link
CVE-2025-50867 (A SQL Injection vulnerability exists in the
takeassessment2.php endpoi ...)
- TODO: check
+ NOT-FOR-US: CloudClassroom-PHP-Project
CVE-2025-50866 (CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site
Scripti ...)
- TODO: check
+ NOT-FOR-US: CloudClassroom-PHP-Project
CVE-2025-50850 (An issue was discovered in CS Cart 4.18.3 allows the vendor
login func ...)
- TODO: check
+ NOT-FOR-US: CS Cart
CVE-2025-50849 (CS Cart 4.18.3 is vulnerable to Insecure Direct Object
Reference (IDOR ...)
- TODO: check
+ NOT-FOR-US: CS Cart
CVE-2025-50848 (A file upload vulnerability was discovered in CS Cart 4.18.3,
allows a ...)
- TODO: check
+ NOT-FOR-US: CS Cart
CVE-2025-50847 (Cross Site Request Forgery (CSRF) vulnerability in CS Cart
4.18.3, all ...)
- TODO: check
+ NOT-FOR-US: CS Cart
CVE-2025-50572 (An issue was discovered in Archer Technology RSA Archer
6.11.00204.100 ...)
- TODO: check
+ NOT-FOR-US: RSA Archer
CVE-2025-50475 (An OS command injection vulnerability exists in Russound
MBX-PRE-D67F ...)
- TODO: check
+ NOT-FOR-US: Russound MBX-PRE-D67F firmware
CVE-2025-50270 (A stored Cross Site Scripting (xss) vulnerability in the
"content mana ...)
- TODO: check
+ NOT-FOR-US: AnQiCMS
CVE-2025-46809 (A Insertion of Sensitive Information into Log File
vulnerability in SU ...)
- TODO: check
+ NOT-FOR-US: SUSE Multi Linux Manager
CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption.)
TODO: check
CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption.)
- TODO: check
+ NOT-FOR-US: php-jwt
CVE-2025-41688 (A high privileged remote attacker can execute arbitrary OS
commands us ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-40980 (A Stored Cross Site Scripting vulnerability has been found in
Ultimate ...)
- TODO: check
+ NOT-FOR-US: UltimatePOS by UltimateFosters
CVE-2025-37112 (A vulnerability was discovered in the storage policy for
certain sets ...)
NOT-FOR-US: HPE
CVE-2025-37111 (A vulnerability was discovered in the storage policy for
certain sets ...)
@@ -97,11 +97,11 @@ CVE-2025-37108 (Cross-site scripting vulnerability has been
identified in HPE Te
CVE-2025-34146 (A prototype pollution vulnerability exists in
@nyariv/sandboxjs versio ...)
TODO: check
CVE-2025-2813 (An unauthenticated remote attacker can cause a Denial of
Service by se ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2025-29557 (ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access
Control ...)
- TODO: check
+ NOT-FOR-US: ExaGrid EX10
CVE-2025-29556 (ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access
Control ...)
- TODO: check
+ NOT-FOR-US: ExaGrid EX10
CVE-2025-26064 (A cross-site scripting (XSS) vulnerability in Intelbras RX1500
v2.2.9 ...)
NOT-FOR-US: Intelbras
CVE-2025-26063 (An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows
unauthen ...)
@@ -113,41 +113,41 @@ CVE-2025-24854 (A carefully crafted request using the
Image plugin could trigger
CVE-2025-24853 (A carefully crafted request when creating a header link using
the wik ...)
TODO: check
CVE-2024-34328 (An open redirect in Sielox AnyWare v2.1.2 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Sielox AnyWare
CVE-2024-34327 (Sielox AnyWare v2.1.2 was discovered to contain a SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: Sielox AnyWare
CVE-2014-125126 (An unrestricted file upload vulnerability exists in Simple
E-Document ...)
- TODO: check
+ NOT-FOR-US: Simple E-Document
CVE-2014-125125 (A path traversal vulnerability exists in A10 Networks AX
Loadbalancer ...)
- TODO: check
+ NOT-FOR-US: A10 Networks AX Loadbalancer
CVE-2014-125124 (An unauthenticated remote command execution vulnerability
exists in Pa ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2014-125123 (An unauthenticated SQL injection vulnerability exists in the
Kloxo web ...)
- TODO: check
+ NOT-FOR-US: Kloxo web hosting control panel
CVE-2014-125122 (A stack-based buffer overflow vulnerability exists in the
tmUnblock.cg ...)
NOT-FOR-US: Linksys
CVE-2014-125121 (Array Networks vAPV (version 8.3.2.17) and vxAG (version
9.2.0.34) app ...)
- TODO: check
+ NOT-FOR-US: Array Networks
CVE-2013-10043 (A vulnerability exists in OAstium VoIP PBX
astium-confweb-2.1-25399 an ...)
- TODO: check
+ NOT-FOR-US: OAstium VoIP PBX
CVE-2013-10042 (A stack-based buffer overflow vulnerability exists in freeFTPd
version ...)
- TODO: check
+ NOT-FOR-US: freeFTPd
CVE-2013-10040 (ClipBucket version 2.6 and earlier contains a critical
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2013-10039 (A command injection vulnerability exists in GestioIP 3.0
commit ac67be ...)
- TODO: check
+ NOT-FOR-US: GestioIP
CVE-2013-10038 (An unauthenticated arbitrary file upload vulnerability exists
in Flash ...)
- TODO: check
+ NOT-FOR-US: FlashChat
CVE-2013-10037 (An OS command injection vulnerability exists in WebTester
version 5.x ...)
- TODO: check
+ NOT-FOR-US: WebTester
CVE-2013-10036 (A stack-based buffer overflow vulnerability exists in Beetel
Connectio ...)
- TODO: check
+ NOT-FOR-US: Beetel Connection Manager
CVE-2013-10035 (A code injection vulnerability exists in ProcessMaker Open
Source vers ...)
- TODO: check
+ NOT-FOR-US: ProcessMaker Open Source
CVE-2013-10034 (An unrestricted file upload vulnerability exists in Kaseya
KServer ver ...)
- TODO: check
+ NOT-FOR-US: Kaseya KServer
CVE-2013-10033 (An unauthenticated SQL injection vulnerability exists in Kimai
version ...)
- TODO: check
+ NOT-FOR-US: Kimai
CVE-2012-10021 (A stack-based buffer overflow vulnerability exists in D-Link
DIR-605L ...)
NOT-FOR-US: D-Link
CVE-2011-10008 (A stack-based buffer overflow vulnerability exists in MPlayer
Lite r33 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da5a5f1b45c1f85d926c4cbed887ca12a1be0a19
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da5a5f1b45c1f85d926c4cbed887ca12a1be0a19
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
