[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 27 21:09:57 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ee6212fe by Salvatore Bonaccorso at 2025-03-27T22:09:32+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -273,9 +273,9 @@ CVE-2025-30362 (WeGIA is a Web manager for charitable institutions. A stored Cro
CVE-2025-30361 (WeGIA is a Web manager for charitable institutions. A security vulnera ...)
NOT-FOR-US: WeGIA
CVE-2025-30358 (Mesop is a Python-based UI framework that allows users to build web ap ...)
- TODO: check
+ NOT-FOR-US: Mesop
CVE-2025-30221 (Pitchfork is a preforking HTTP server for Rack applications. Versions ...)
- TODO: check
+ NOT-FOR-US: Pitchfork
CVE-2025-30093 (HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before ...)
TODO: check
CVE-2025-2867 (An issue has been discovered in the GitLab Duo with Amazon Q affecting ...)
@@ -283,7 +283,7 @@ CVE-2025-2867 (An issue has been discovered in the GitLab Duo with Amazon Q affe
CVE-2025-2857 (Following the recent Chrome sandbox escape (CVE-2025-2783), various Fi ...)
TODO: check
CVE-2025-2855 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: elunez eladmin
CVE-2025-2854 (A vulnerability classified as critical was found in code-projects Payr ...)
NOT-FOR-US: code-projects
CVE-2025-2852 (A vulnerability has been found in SourceCodester Food Ordering Managem ...)
@@ -295,7 +295,7 @@ CVE-2025-2847 (A vulnerability, which was classified as critical, has been found
CVE-2025-2846 (A vulnerability classified as critical was found in SourceCodester Onl ...)
NOT-FOR-US: SourceCodester
CVE-2025-2516 (The use of a weak cryptographic key pair in the signature verification ...)
- TODO: check
+ NOT-FOR-US: WPS Office (Kingsoft)
CVE-2025-29993 (The affected versions of PowerCMS allow HTTP header injection. This vu ...)
NOT-FOR-US: PowerCMS
CVE-2025-29497 (libming v0.4.8 was discovered to contain a memory leak via the parseSW ...)
@@ -343,13 +343,13 @@ CVE-2025-29483 (libming v0.4.8 was discovered to contain a memory leak via the p
CVE-2025-29306 (An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitra ...)
NOT-FOR-US: FoxCMS
CVE-2025-29072 (An integer overflow in Nethermind Juno before v.12.05 within the Sierr ...)
- TODO: check
+ NOT-FOR-US: Nethermind Juno
CVE-2025-28138 (TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execu ...)
NOT-FOR-US: TOTOLINK
CVE-2025-28135 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
NOT-FOR-US: TOTOLINK
CVE-2025-27793 (Vega is a visualization grammar, a declarative format for creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2025-26909 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26762 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -367,11 +367,11 @@ CVE-2025-26732 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-26731 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26619 (Vega is a visualization grammar, a declarative format for creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2025-26265 (A segmentation fault in openairinterface5g v2.1.0 allows attackers to ...)
TODO: check
CVE-2025-25686 (semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.)
- TODO: check
+ NOT-FOR-US: semcms
CVE-2025-25100 (Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-25086 (Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret ...)
@@ -383,7 +383,7 @@ CVE-2025-22783 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-22770 (Missing Authorization vulnerability in EnvoThemes Envo Multipurpose al ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22673 (Missing Authorization vulnerability in WPFactory EAN for WooCommerce a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22672 (Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22671 (Missing Authorization vulnerability in Leap13 Disable Elementor Editor ...)
@@ -441,11 +441,11 @@ CVE-2025-1997 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.
CVE-2024-56469 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, ...)
NOT-FOR-US: IBM
CVE-2024-55073 (A Broken Object Level Authorization vulnerability in the component /ap ...)
- TODO: check
+ NOT-FOR-US: hay-kot mealie
CVE-2024-55072 (A Broken Object Level Authorization vulnerability in the component /ap ...)
- TODO: check
+ NOT-FOR-US: hay-kot mealie
CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the component /ho ...)
- TODO: check
+ NOT-FOR-US: hay-kot mealie
CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link Following") and ...)
TODO: check
CVE-2023-38272 (IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee6212fe186d506b7da9059b0a1805c16c3d18d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee6212fe186d506b7da9059b0a1805c16c3d18d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250327/af9d1b1f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list