[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Mar 19 20:17:31 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da2dad54 by Moritz Muehlenhoff at 2025-03-19T21:17:12+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a certificate with ...)
TODO: check
CVE-2025-30197 (Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-30196 (Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-30154 (reviewdog/action-setup is a GitHub action that installs reviewdog. rev ...)
TODO: check
CVE-2025-30153 (kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131 ...)
@@ -15,9 +15,9 @@ CVE-2025-30144 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prio
CVE-2025-2536 (Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 th ...)
TODO: check
CVE-2025-2512 (The File Away plugin for WordPress is vulnerable to arbitrary file upl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2511 (The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2476 (Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowe ...)
TODO: check
CVE-2025-2324 (Improper Privilege Management vulnerability for users configured as Sh ...)
@@ -37,9 +37,9 @@ CVE-2025-29405 (An arbitrary file upload vulnerability in the component /admin/t
CVE-2025-29401 (An arbitrary file upload vulnerability in the component /views/plugin. ...)
TODO: check
CVE-2025-29137 (Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the time ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29118 (Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-27705 (There is a cross-site scripting vulnerability in the Secure Access adm ...)
TODO: check
CVE-2025-27704 (There is a cross-site scripting vulnerability in the Secure Access adm ...)
@@ -51,9 +51,9 @@ CVE-2025-26486 (Use of a Broken or Risky Cryptographic Algorithm, Use of Passwor
CVE-2025-26485 (The Exposure of Sensitive Information to an Unauthorized Actor vulner ...)
TODO: check
CVE-2025-26475 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26 ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-23382 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26 ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-1758 (Improper Input Validation vulnerability in Progress LoadMaster allows ...)
TODO: check
CVE-2025-1472 (Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authoriz ...)
@@ -67,29 +67,29 @@ CVE-2024-57061 (An issue in Termius Version 9.9.0 through v.9.16.0 allows a phys
CVE-2024-55551 (An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can in ...)
TODO: check
CVE-2024-53970 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-53969 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-53968 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-53967 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-51459 (IBM InfoSphere Information Server 11.7 could allow a local user to exe ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-45644 (IBM Security ReaQta 3.12 allows a privileged user to upload or transfe ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-42176 (HCL MyXalytics is affected by concurrent login vulnerability. A concur ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-25132 (A flaw was found in the Hive hibernation controller component of OpenS ...)
TODO: check
CVE-2024-13933 (The FoodBakery | Delivery Restaurant Directory WordPress Theme theme f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13790 (The MinimogWP \u2013 The High Converting eCommerce WordPress Theme the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13442 (The Service Finder Bookings plugin for WordPress is vulnerable to priv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12920 (The FoodBakery | Delivery Restaurant Directory WordPress Theme theme f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12137 (Authentication Bypass by Capture-replay vulnerability in Elfatek Elekt ...)
TODO: check
CVE-2024-12136 (Missing Critical Step in Authentication vulnerability in Elfatek Elekt ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da2dad540fb6654c5f1a05e918458c97c3a630f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da2dad540fb6654c5f1a05e918458c97c3a630f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250319/ce59ad49/attachment.htm>
More information about the debian-security-tracker-commits
mailing list