[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 28 20:28:38 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ad47f74 by Salvatore Bonaccorso at 2025-03-28T21:28:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,9 +97,9 @@ CVE-2025-31073 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-31010 (Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers Si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro versions pr ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2025-30371 (Metabase is a business intelligence and embedded analytics tool. Versi ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming language. ...)
TODO: check
CVE-2025-2926 (A vulnerability was found in HDF5 up to 1.14.6 and classified as probl ...)
@@ -111,13 +111,13 @@ CVE-2025-2924 (A vulnerability, which was classified as problematic, was found i
CVE-2025-2923 (A vulnerability, which was classified as problematic, has been found i ...)
TODO: check
CVE-2025-2922 (A vulnerability classified as problematic was found in Netis WF-2404 1 ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2025-2921 (A vulnerability classified as critical has been found in Netis WF-2404 ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2025-2920 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rate ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2025-2919 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has been decl ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2025-2917 (A vulnerability, which was classified as problematic, was found in Che ...)
NOT-FOR-US: ChestnutCMS
CVE-2025-2916 (A vulnerability, which was classified as critical, has been found in A ...)
@@ -161,33 +161,33 @@ CVE-2025-2861 (SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol.
CVE-2025-2860 (SaTECH BCU in its firmware version 2.1.3, allows an authenticated atta ...)
NOT-FOR-US: SaTECH BCU
CVE-2025-2859 (An attacker with access to the network where the vulnerable device is ...)
- TODO: check
+ NOT-FOR-US: saTECH BCU
CVE-2025-2858 (Privilege escalation vulnerability in the saTECH BCU firmware version ...)
- TODO: check
+ NOT-FOR-US: saTECH BCU
CVE-2025-2815 (The Administrator Z plugin for WordPress is vulnerable to unauthorized ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2713 (Google gVisor's runsc component exhibited a local privilege escalation ...)
TODO: check
CVE-2025-29928 (authentik is an open-source identity provider. Prior to versions 2024. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2025-28221 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set ...)
NOT-FOR-US: Tenda
CVE-2025-28220 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set ...)
NOT-FOR-US: Tenda
CVE-2025-28219 (Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-27932 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27726 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27718 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27716 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27574 (Cross-site scripting vulnerability exists in the USB storage file-shar ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27567 (Cross-site scripting vulnerability exists in the NickName registration ...)
- TODO: check
+ NOT-FOR-US: HGW-BL1500HM
CVE-2025-27001 (Insertion of Sensitive Information Into Sent Data vulnerability in Shi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -213,7 +213,7 @@ CVE-2025-1705 (The tagDiv Composer plugin for WordPress is vulnerable to Cross-S
CVE-2025-0986 (IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 throu ...)
NOT-FOR-US: IBM
CVE-2024-7407 (Use of a custom password encoding algorithmin Streamsoft Presti\u017c ...)
- TODO: check
+ NOT-FOR-US: Streamsoft
CVE-2024-54362 (Path Traversal vulnerability in NotFound GetShop ecommerce allows Path ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-54291 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -223,9 +223,9 @@ CVE-2024-51624 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-48615 (Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier ...)
TODO: check
CVE-2024-39311 (Publify is a self hosted Web publishing platform on Rails. Prior to ve ...)
- TODO: check
+ NOT-FOR-US: Publify
CVE-2024-11504 (Input from multiple fields inStreamsoft Presti\u017c is not sanitized ...)
- TODO: check
+ NOT-FOR-US: Streamsoft
CVE-2025-31101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ad47f74d86716dcb6d750a453096e1594bf587f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ad47f74d86716dcb6d750a453096e1594bf587f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/d3d8fe9a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list