[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 3 21:37:32 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db027f4a by Moritz Muehlenhoff at 2025-04-03T22:37:23+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52,7 +52,7 @@ CVE-2025-3157 (A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. I
 CVE-2025-3155 (A flaw was found in Yelp. The Gnome user help application allows the h ...)
 	TODO: check
 CVE-2025-32054 (In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could b ...)
-	NOT-FOR-US: JetBrains IntelliJ IDEA
+	- intellij-idea <itp> (bug #747616)
 CVE-2025-32052 (A flaw was found in libsoup. A vulnerability in the sniff_unknown() fu ...)
 	TODO: check
 CVE-2025-32051 (A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() fu ...)
@@ -182,7 +182,7 @@ CVE-2025-30611 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-30596 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	TODO: check
 CVE-2025-30406 (Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.563 ...)
-	TODO: check
+	NOT-FOR-US: Gladinet CentreStack
 CVE-2025-2946 (pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site ...)
 	TODO: check
 CVE-2025-2945 (Remote Code Execution security vulnerability in pgAdmin 4  (Query Tool ...)
@@ -192,33 +192,33 @@ CVE-2025-2299 (The LuckyWP Table of Contents plugin for WordPress is vulnerable
 CVE-2025-29987 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-29647 (SeaCMS v13.3 has a SQL injection vulnerability in the component admin_ ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2025-29570 (An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 al ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Libituo Technology
 CVE-2025-29504 (Insecure Permission vulnerability in student-manage 1 allows a local a ...)
-	TODO: check
+	NOT-FOR-US: student-manage
 CVE-2025-29462 (A buffer overflow vulnerability has been discovered in Tenda Ac15 V15. ...)
 	NOT-FOR-US: Tenda
 CVE-2025-29369 (Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in  ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects  Site
 CVE-2025-29064 (An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote atta ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-26818 (Netwrix Password Secure through 9.2 allows command injection.)
-	TODO: check
+	NOT-FOR-US: Netwrix Password Secure
 CVE-2025-26817 (Netwrix Password Secure 9.2.0.32454 allows OS command injection.)
-	TODO: check
+	NOT-FOR-US: Netwrix Password Secure
 CVE-2025-22931 (An insecure direct object reference (IDOR) in the component /assets/st ...)
-	TODO: check
+	NOT-FOR-US: OS4ED openSIS
 CVE-2025-22930 (OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection v ...)
-	TODO: check
+	NOT-FOR-US: OS4ED openSIS
 CVE-2025-22929 (OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection v ...)
-	TODO: check
+	NOT-FOR-US: OS4ED openSIS
 CVE-2025-22928 (OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection v ...)
-	TODO: check
+	NOT-FOR-US: OS4ED openSIS
 CVE-2025-22927 (An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execut ...)
-	TODO: check
+	NOT-FOR-US: OS4ED openSIS
 CVE-2025-22926 (An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execut ...)
-	TODO: check
+	NOT-FOR-US: OS4ED openSIS
 CVE-2025-22457 (A stack-based buffer overflow in Ivanti Connect Secure before version  ...)
 	NOT-FOR-US: Ivanti
 CVE-2025-0272 (HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This v ...)
@@ -226,7 +226,7 @@ CVE-2025-0272 (HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. T
 CVE-2024-9416 (The Modula Image Gallery plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-45198 (insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerab ...)
-	TODO: check
+	NOT-FOR-US: insightsoftware Spark JDBC
 CVE-2024-22611 (OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\clas ...)
 	NOT-FOR-US: OpenEMR
 CVE-2023-47639 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
@@ -60750,7 +60750,7 @@ CVE-2024-7098 (Improper Restriction of XML External Entity Reference vulnerabili
 CVE-2024-6401 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: SFS Consulting InsureE GL
 CVE-2024-46970 (In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the projec ...)
-	NOT-FOR-US: JetBrains IntelliJ IDEA
+	- intellij-idea <itp> (bug #747616)
 CVE-2024-46937 (An improper access control (IDOR) vulnerability in the /api-selfportal ...)
 	NOT-FOR-US: MFASOFT Secure Authentication Server (SAS)
 CVE-2024-46451 (TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulner ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db027f4ad14fe4a4641a075daee0fcb2d54f0f41

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db027f4ad14fe4a4641a075daee0fcb2d54f0f41
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250403/207dd620/attachment.htm>

More information about the debian-security-tracker-commits mailing list