[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 15 21:35:01 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89b933f3 by Salvatore Bonaccorso at 2025-04-15T22:34:38+02:00
Proces some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46,19 +46,19 @@ CVE-2025-32776 (OpenRazer is an open source driver and user-space daemon to cont
NOTE: Fixed by: https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39 (v3.10.2)
NOTE: Fixed by: https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f (v3.10.2)
CVE-2025-32445 (Argo Events is an event-driven workflow automation framework for Kuber ...)
- TODO: check
+ NOT-FOR-US: Argo Events
CVE-2025-32439 (pleezer is a headless Deezer Connect player. Hook scripts in pleezer c ...)
- TODO: check
+ NOT-FOR-US: pleezer
CVE-2025-32438 (make-initrd-ng is a tool for copying binaries and their dependencies. ...)
- TODO: check
+ NOT-FOR-US: make-initrd-ng (from NixOS)
CVE-2025-32103 (CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows di ...)
- TODO: check
+ NOT-FOR-US: CrushFTP
CVE-2025-32102 (CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SS ...)
- TODO: check
+ NOT-FOR-US: CrushFTP
CVE-2025-32012 (Jellyfin is an open source self hosted media server. In versions 10.9. ...)
TODO: check
CVE-2025-31497 (TEIGarage is a webservice and RESTful service to transform, convert an ...)
- TODO: check
+ NOT-FOR-US: TEIGarage
CVE-2025-31011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30985 (Deserialization of Untrusted Data vulnerability in NotFound GNUCommerc ...)
@@ -70,7 +70,7 @@ CVE-2025-30964 (Server-Side Request Forgery (SSRF) vulnerability in EPC Photogra
CVE-2025-30962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30206 (Dpanel is a Docker visualization panel system which provides complete ...)
- TODO: check
+ NOT-FOR-US: Dpanel
CVE-2025-2567 (An attacker could modify or disable settings, disrupt fuel monitoring ...)
TODO: check
CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable t ...)
@@ -78,33 +78,33 @@ CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is vulnera
CVE-2025-29817 (Uncontrolled search path element in Power Automate allows an authorize ...)
TODO: check
CVE-2025-29705 (code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The projec ...)
- TODO: check
+ NOT-FOR-US: code-gen
CVE-2025-29281 (In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2025-29280 (Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.1 ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2025-29213 (A zip slip vulnerability in the component \service\migrate\MigrateForm ...)
- TODO: check
+ NOT-FOR-US: JEEWMS
CVE-2025-28399 (An issue in Erick xmall v.1.1 and before allows a remote attacker to e ...)
- TODO: check
+ NOT-FOR-US: Erick xmall
CVE-2025-28198 (A SQL injection vulnerability in Hitout car sale 1.0 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: Hitout car sale
CVE-2025-28145 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-28144 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-28143 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-28142 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-28137 (The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre ...)
TODO: check
CVE-2025-28136 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer o ...)
TODO: check
CVE-2025-28100 (A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker ...)
- TODO: check
+ NOT-FOR-US: dingfanzuCMS
CVE-2025-27980 (cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry ...)
- TODO: check
+ NOT-FOR-US: cashbook
CVE-2025-27791 (Collabora Online is a collaborative online office suite based on Libre ...)
TODO: check
CVE-2025-26992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -114,17 +114,17 @@ CVE-2025-26990 (Server-Side Request Forgery (SSRF) vulnerability in WP Royal Roy
CVE-2025-26982 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26959 (Missing Authorization vulnerability in Qu\xfd L\xea 91 Administrator Z ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26958 (Missing Authorization vulnerability in NotFound JetBlog allows Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26955 (Missing Authorization vulnerability in VW Themes Industrial Lite allow ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26954 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26944 (Missing Authorization vulnerability in NotFound JetPopup allows Access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26942 (Missing Authorization vulnerability in NotFound JetTricks allows Acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26894 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26889 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -136,13 +136,13 @@ CVE-2025-26744 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-26743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26741 (Missing Authorization vulnerability in AWEOS GmbH Email Notifications ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-25456 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in Adv ...)
NOT-FOR-US: Tenda
CVE-2025-24949 (In JotUrl 2.0, is possible to bypass security requirements during the ...)
- TODO: check
+ NOT-FOR-US: JotUrl
CVE-2025-24948 (In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentia ...)
- TODO: check
+ NOT-FOR-US: JotUrl
CVE-2025-24358 (gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention mid ...)
TODO: check
CVE-2025-22903 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b933f3dfa76a8383e763a9a8e5388f94e92215
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b933f3dfa76a8383e763a9a8e5388f94e92215
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250415/8f4fd96d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list