[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 9 21:34:05 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97e327a4 by Salvatore Bonaccorso at 2025-06-09T22:33:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2025-5914 (A vulnerability has been identified in the libarchive library, sp
NOTE: https://github.com/libarchive/libarchive/pull/2598
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/09685126fcec664e2b8ca595e1fc371bd494d209 (v3.8.0)
CVE-2025-5895 (A vulnerability was found in Metabase 54.10. It has been classified as ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2025-5892 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2025-5891 (A vulnerability classified as problematic was found in Unitech pm2 up ...)
- TODO: check
+ NOT-FOR-US: Unitech pm2
CVE-2025-5890 (A vulnerability classified as problematic has been found in actions to ...)
TODO: check
CVE-2025-5889 (A vulnerability was found in juliangruber brace-expansion up to 1.1.11 ...)
@@ -33,19 +33,19 @@ CVE-2025-5888 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has bee
CVE-2025-5887 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been cla ...)
TODO: check
CVE-2025-5886 (A vulnerability was found in Emlog up to 2.5.7 and classified as probl ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2025-5885 (A vulnerability has been found in Konica Minolta bizhub up to 20250202 ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta bizhub
CVE-2025-5884 (A vulnerability, which was classified as problematic, was found in Kon ...)
- TODO: check
+ NOT-FOR-US: Konica Minolta bizhub
CVE-2025-5881 (A vulnerability was found in code-projects Chat System up to 1.0 and c ...)
NOT-FOR-US: code-projects
CVE-2025-5880 (A vulnerability has been found in Whistle 2.9.98 and classified as pro ...)
- TODO: check
+ NOT-FOR-US: Whistle
CVE-2025-5879 (A vulnerability, which was classified as problematic, was found in WuK ...)
- TODO: check
+ NOT-FOR-US: WuKongOpenSource WukongCRM
CVE-2025-5877 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Fengoffice Feng Office
CVE-2025-5876 (A vulnerability classified as problematic was found in Lucky LM-520-SC ...)
TODO: check
CVE-2025-5875 (A vulnerability classified as critical has been found in TP-Link TL-IP ...)
@@ -53,51 +53,51 @@ CVE-2025-5875 (A vulnerability classified as critical has been found in TP-Link
CVE-2025-5874 (A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been r ...)
TODO: check
CVE-2025-5873 (A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It ...)
- TODO: check
+ NOT-FOR-US: eCharge Hardy Barth Salia PLCC
CVE-2025-5872 (A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It ha ...)
- TODO: check
+ NOT-FOR-US: eGauge EG3000 Energy Monitor
CVE-2025-5871 (A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and ...)
- TODO: check
+ NOT-FOR-US: Papendorf SOL Connect Center
CVE-2025-5870 (A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 an ...)
NOT-FOR-US: TRENDnet
CVE-2025-5869 (A vulnerability, which was classified as critical, was found in RT-Thr ...)
- TODO: check
+ NOT-FOR-US: RT-Thread
CVE-2025-5868 (A vulnerability, which was classified as critical, has been found in R ...)
- TODO: check
+ NOT-FOR-US: RT-Thread
CVE-2025-49653 (Exposure of sensitive data in active sessions in Lablup's BackendAI al ...)
- TODO: check
+ NOT-FOR-US: Lablup's BackendAI
CVE-2025-49652 (Missing Authentication in the registration feature of Lablup's Backend ...)
- TODO: check
+ NOT-FOR-US: Lablup's BackendAI
CVE-2025-49651 (Missing Authorization in Lablup's BackendAI allows attackers to takeov ...)
- TODO: check
+ NOT-FOR-US: Lablup's BackendAI
CVE-2025-49297 (Path Traversal vulnerability in Mikado-Themes Grill and Chow allows PH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49296 (Path Traversal vulnerability in Mikado-Themes GrandPrix allows PHP Loc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49295 (Path Traversal vulnerability in Mikado-Themes MediClinic allows PHP Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49282 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49281 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49280 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49279 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49278 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49277 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49276 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49275 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49265 (Missing Authorization vulnerability in WP Swings Membership For WooCom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49136 (listmonk is a standalone, self-hosted, newsletter and mailing list man ...)
TODO: check
CVE-2025-49131 (FastGPT is an open-source project that provides a platform for buildin ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2025-49130 (Laravel Translation Manager is a package to manage Laravel translation ...)
TODO: check
CVE-2025-49013 (WilderForge is a Wildermyth coremodding API. A critical vulnerability ...)
@@ -105,65 +105,65 @@ CVE-2025-49013 (WilderForge is a Wildermyth coremodding API. A critical vulnerab
CVE-2025-49006 (Wasp (Web Application Specification) is a Rails-like framework for Rea ...)
TODO: check
CVE-2025-48877 (Discourse is an open-source discussion platform. Prior to version 3.4. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-48281 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48279 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48267 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48261 (Insertion of Sensitive Information Into Sent Data vulnerability in Mul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48147 (Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Cryp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48141 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48140 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48139 (Missing Authorization vulnerability in relentlo StyleAI allows Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48130 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48129 (Incorrect Privilege Assignment vulnerability in Holest Engineering Spr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48126 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48125 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48124 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48123 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48122 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48062 (Discourse is an open-source discussion platform. Prior to version 3.4. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-48053 (Discourse is an open-source discussion platform. Prior to version 3.4. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-47651 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47608 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47561 (Incorrect Privilege Assignment vulnerability in RomanCode MapSVG allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47527 (Missing Authorization vulnerability in Icegram Icegram Collect \u2013 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47511 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47487 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47477 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47463 (Missing Authorization vulnerability in Fahad Mahmood Stock Locations f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46178 (Cross-Site Scripting (XSS) vulnerability exists in askquery.php via th ...)
TODO: check
CVE-2025-46041 (A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12. ...)
- TODO: check
+ NOT-FOR-US: Anchor CMS
CVE-2025-45055 (Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerab ...)
TODO: check
CVE-2025-45002 (Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) vi ...)
@@ -185,33 +185,33 @@ CVE-2025-40668 (Incorrect authorization vulnerability in TCMAN's GIM v11. This v
CVE-2025-3835 (Zohocorp ManageEngineExchange Reporter Plus versions5721 and prior are ...)
NOT-FOR-US: Zoho
CVE-2025-39539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39476 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39475 (Path Traversal vulnerability in Frenify Arlo allows PHP Local File Inc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39473 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-36528 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnera ...)
NOT-FOR-US: Zoho
CVE-2025-32595 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32308 (Missing Authorization vulnerability in looks_awesome Team Builder allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32291 (Unrestricted Upload of File with Dangerous Type vulnerability in Fanta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31920 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31635 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31429 (Deserialization of Untrusted Data vulnerability in themeton PressGrid ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31426 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -219,13 +219,13 @@ CVE-2025-31426 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-31424 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31398 (Deserialization of Untrusted Data vulnerability in themeton PIMP - Cre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31396 (Deserialization of Untrusted Data vulnerability in themeton FLAP - Bus ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31061 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31059 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31058 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31057 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -235,7 +235,7 @@ CVE-2025-31052 (Deserialization of Untrusted Data vulnerability in themeton The
CVE-2025-31050 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31045 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31039 (Improper Restriction of XML External Entity Reference vulnerability in ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31022 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
@@ -243,31 +243,31 @@ CVE-2025-31022 (Authentication Bypass Using an Alternate Path or Channel vulnera
CVE-2025-31019 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-29627 (An issue in KeeperChat IOS Application v.5.8.8 allows a physically pro ...)
- TODO: check
+ NOT-FOR-US: KeeperChat IOS Application
CVE-2025-28992 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28945 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28944 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28888 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27709 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnera ...)
NOT-FOR-US: Zoho
CVE-2025-27362 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26592 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24770 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24768 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24767 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23974 (Incorrect Privilege Assignment vulnerability in ifkooo One-Login allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-46452 (A Host Header injection vulnerability in the password reset function o ...)
- TODO: check
+ NOT-FOR-US: VigyBag Open Source Online Shop
CVE-2025-5894 (Smart Parking Management System from Honding Technology has a Missing ...)
NOT-FOR-US: Honding Technology
CVE-2025-5893 (Smart Parking Management System from Honding Technology has an Exposur ...)
@@ -204970,7 +204970,7 @@ CVE-2023-26007
CVE-2023-26006
RESERVED
CVE-2023-26005 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26004
RESERVED
CVE-2023-26003 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97e327a45f746437e02b15c4f04544cd0a5df41d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97e327a45f746437e02b15c4f04544cd0a5df41d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250609/97c5c5a3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list