[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 6 21:43:07 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
141a7706 by Salvatore Bonaccorso at 2025-05-06T22:42:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-4388 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
NOT-FOR-US: Liferay
CVE-2025-4384 (The MQTT add-on of PcVue fails to verify that a remote device\u2019s c ...)
- TODO: check
+ NOT-FOR-US: PcVue
CVE-2025-4374 (A flaw was found in Quay. When an organization acts as a proxy cache, ...)
- TODO: check
+ NOT-FOR-US: Quay
CVE-2025-4373 (A flaw was found in GLib, which is vulnerable to an integer overflow i ...)
TODO: check
CVE-2025-4368 (A vulnerability, which was classified as critical, was found in Tenda ...)
@@ -29,9 +29,9 @@ CVE-2025-4355 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It ha
CVE-2025-4354 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classif ...)
NOT-FOR-US: Tenda
CVE-2025-4353 (A vulnerability, which was classified as critical, was found in Golden ...)
- TODO: check
+ NOT-FOR-US: Golden Link Secondary System
CVE-2025-4352 (A vulnerability, which was classified as critical, has been found in G ...)
- TODO: check
+ NOT-FOR-US: Golden Link Secondary System
CVE-2025-4350 (A vulnerability classified as critical was found in D-Link DIR-600L up ...)
NOT-FOR-US: D-Link
CVE-2025-4349 (A vulnerability classified as critical has been found in D-Link DIR-60 ...)
@@ -53,7 +53,7 @@ CVE-2025-4342 (A vulnerability, which was classified as critical, has been found
CVE-2025-4341 (A vulnerability classified as critical was found in D-Link DIR-880L up ...)
NOT-FOR-US: D-Link
CVE-2025-4041 (In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an ...)
- TODO: check
+ NOT-FOR-US: Optigo Networks ONS NC600
CVE-2025-47417 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Crestron Automate VX
CVE-2025-47256 (Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha i ...)
@@ -66,13 +66,13 @@ CVE-2025-46820 (phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/
CVE-2025-46816 (goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 a ...)
TODO: check
CVE-2025-46815 (The identity infrastructure software ZITADEL offers developers the abi ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2025-46814 (FastAPI Guard is a security library for FastAPI that provides middlewa ...)
- TODO: check
+ NOT-FOR-US: FastAPI Guard
CVE-2025-46736 (Umbraco is a free and open source .NET content management system. Prio ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2025-46735 (Terraform WinDNS Provider allows users to manage their Windows DNS ser ...)
- TODO: check
+ NOT-FOR-US: Terraform WinDNS Provider
CVE-2025-45492 (Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the I ...)
NOT-FOR-US: Netgear
CVE-2025-45491 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection ...)
@@ -86,21 +86,21 @@ CVE-2025-45488 (Linksys E5600 v1.1.0.26 was discovered to contain a command inje
CVE-2025-45487 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection ...)
NOT-FOR-US: Linksys
CVE-2025-45250 (MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (S ...)
- TODO: check
+ NOT-FOR-US: MrDoc
CVE-2025-44900 (In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function ...)
NOT-FOR-US: Tenda
CVE-2025-40625 (Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40624 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40623 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40622 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40621 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-40620 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
- TODO: check
+ NOT-FOR-US: TCMAN's GIM
CVE-2025-3782 (The Cision Block plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-37730 (Improper certificate validation in Logstash's TCP output could lead to ...)
@@ -120,7 +120,7 @@ CVE-2025-27241 (in OpenHarmony v5.0.3 and prior versions allow a local attacker
CVE-2025-27132 (in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitr ...)
NOT-FOR-US: OpenHarmony
CVE-2025-26262 (An issue in the component /internals/functions of R-fx Networks Linux ...)
- TODO: check
+ NOT-FOR-US: R-fx Networks Linux Malware Detect
CVE-2025-25218 (in OpenHarmony v5.0.3 and prior versions allow a local attacker case D ...)
NOT-FOR-US: OpenHarmony
CVE-2025-25052 (in OpenHarmony v5.0.3 and prior versions allow a local attacker cause ...)
@@ -158,7 +158,7 @@ CVE-2025-21459 (Transient DOS while parsing per STA profile in ML IE.)
CVE-2025-21453 (Memory corruption while processing a data structure, when an iterator ...)
NOT-FOR-US: Qualcomm
CVE-2025-0984 (Unrestricted Upload of File with Dangerous Type, Improper Neutralizati ...)
- TODO: check
+ NOT-FOR-US: Netoloji Software E-Flow
CVE-2024-49847 (Transient DOS while processing of a registration acceptance OTA due to ...)
NOT-FOR-US: Qualcomm
CVE-2024-49846 (Memory corruption while decoding of OTA messages from T3448 IE.)
@@ -212,7 +212,7 @@ CVE-2024-45562 (Memory corruption during concurrent access to server info object
CVE-2024-45554 (Memory corruption during concurrent SSR execution due to race conditio ...)
NOT-FOR-US: Qualcomm
CVE-2023-33770 (Real Estate Management System v1.0 was discovered to contain a SQL inj ...)
- TODO: check
+ NOT-FOR-US: Real Estate Management System
CVE-2025-22873
- golang-1.24 <unfixed>
- golang-1.23 <not-affected> (Vulnerable code only present in 1.24.x releases)
@@ -226,25 +226,25 @@ CVE-2025-4340 (A vulnerability classified as critical has been found in D-Link D
CVE-2025-4337 (The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Re ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4333 (A vulnerability was found in feng_ha_ha/megagao ssm-erp and production ...)
- TODO: check
+ NOT-FOR-US: feng_ha_ha/megagao and ssm-erp production_ssm
CVE-2025-4332 (A vulnerability was found in PHPGurukul Company Visitor Management Sys ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4331 (A vulnerability classified as critical was found in SourceCodester Onl ...)
NOT-FOR-US: SourceCodester
CVE-2025-4329 (A vulnerability was found in 74CMS up to 3.33.0. It has been rated as ...)
- TODO: check
+ NOT-FOR-US: 74CMS
CVE-2025-4328 (A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db ...)
TODO: check
CVE-2025-4327 (A vulnerability was found in MRCMS 3.1.2. It has been classified as pr ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4326 (A vulnerability was found in MRCMS 3.1.2 and classified as problematic ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4325 (A vulnerability has been found in MRCMS 3.1.2 and classified as proble ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4324 (A vulnerability, which was classified as problematic, was found in MRC ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4323 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4314 (A vulnerability has been found in SourceCodester Advanced Web Store 1. ...)
NOT-FOR-US: SourceCodester
CVE-2025-4313 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -264,7 +264,7 @@ CVE-2025-4307 (A vulnerability was found in PHPGurukul Art Gallery Management Sy
CVE-2025-4306 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4305 (A vulnerability has been found in kefaming mayi up to 1.3.9 and classi ...)
- TODO: check
+ NOT-FOR-US: kefaming mayi
CVE-2025-4304 (A vulnerability, which was classified as critical, was found in PHPGur ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4303 (A vulnerability, which was classified as critical, has been found in P ...)
@@ -280,11 +280,11 @@ CVE-2025-4298 (A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It h
CVE-2025-4297 (A vulnerability was found in PHPGurukul Men Salon Management System 2. ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4293 (A vulnerability was found in MRCMS 3.1.3 and classified as problematic ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4292 (A vulnerability has been found in MRCMS 3.1.3 and classified as proble ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2025-4291 (A vulnerability, which was classified as critical, was found in IdeaCM ...)
- TODO: check
+ NOT-FOR-US: IdeaCMS
CVE-2025-4290 (A vulnerability, which was classified as critical, has been found in P ...)
NOT-FOR-US: PCMan FTP Server
CVE-2025-4289 (A vulnerability classified as critical was found in PCMan FTP Server 2 ...)
@@ -330,11 +330,11 @@ CVE-2025-46585 (Out-of-bounds array read/write vulnerability in the kernel modul
CVE-2025-46584 (Vulnerability of improper authentication logic implementation in the f ...)
NOT-FOR-US: Huawei
CVE-2025-44074 (SeaCMS v13.3 was discovered to contain a SQL injection vulnerability v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-44072 (SeaCMS v13.3 was discovered to contain a SQL injection vulnerability v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-44071 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-3610 (The Reales WP STPT plugin for WordPress is vulnerable to privilege esc ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3609 (The Reales WP STPT plugin for WordPress is vulnerable to unauthorized ...)
@@ -356,7 +356,7 @@ CVE-2025-0915 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server)
CVE-2024-58252 (Vulnerability of insufficient information protection in the media libr ...)
NOT-FOR-US: Huawei
CVE-2024-39442 (In sprd ssense service, there is a possible missing permission check. ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-46716
REJECTED
CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the aws-am ...)
@@ -408,9 +408,9 @@ CVE-2025-45751 (SourceCodester Web Based Pharmacy Product Management System 1.0
CVE-2025-45618 (Incorrect access control in the component /admin/sys/datasource/ajaxLi ...)
TODO: check
CVE-2025-45617 (Incorrect access control in the component /user/list of production_ssm ...)
- TODO: check
+ NOT-FOR-US: production_ssm
CVE-2025-45616 (Incorrect access control in the /admin/** API of brcc v1.2.0 allows at ...)
- TODO: check
+ NOT-FOR-US: brcc
CVE-2025-45615 (Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSH ...)
NOT-FOR-US: yaoqishan
CVE-2025-45614 (Incorrect access control in the component /api/user/manager of One v1. ...)
@@ -424,7 +424,7 @@ CVE-2025-45611 (Incorrect access control in the /user/edit/ component of hope-bo
CVE-2025-45610 (Incorrect access control in the component /scheduleLog/info/1 of PassJ ...)
NOT-FOR-US: PassJava-Platform
CVE-2025-45609 (Incorrect access control in the doFilter function of kob latest v1.0.0 ...)
- TODO: check
+ NOT-FOR-US: kob
CVE-2025-45608 (Incorrect access control in the /system/user/findUserList API of Xingu ...)
NOT-FOR-US: Xinguan
CVE-2025-45607 (An issue in the component /manage/ of itranswarp v2.19 allows attacker ...)
@@ -436,7 +436,7 @@ CVE-2025-45321 (kashipara Online Service Management Portal V1.0 is vulnerable to
CVE-2025-45320 (A Directory Listing Vulnerability was found in the /osms/Requester/ di ...)
NOT-FOR-US: kashipara Online Service Management Portal
CVE-2025-45242 (Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vu ...)
- TODO: check
+ NOT-FOR-US: Rhymix CMS
CVE-2025-45240 (foxcms v1.2.5 was discovered to contain a SQL injection vulnerability ...)
NOT-FOR-US: foxcms
CVE-2025-45239 (An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allo ...)
@@ -444,9 +444,9 @@ CVE-2025-45239 (An issue in the restores method (DataBackup.php) of foxcms v2.0.
CVE-2025-45238 (foxcms v1.2.5 was discovered to contain an arbitrary file deletion vul ...)
NOT-FOR-US: foxcms
CVE-2025-45237 (Incorrect access control in the component /config/download of DBSyncer ...)
- TODO: check
+ NOT-FOR-US: DBSyncer
CVE-2025-45236 (A stored cross-site scripting (XSS) vulnerability in the Edit Profile ...)
- TODO: check
+ NOT-FOR-US: DBSyncer
CVE-2025-45042 (Tenda AC9 v15.03.05.14 was discovered to contain a command injection v ...)
NOT-FOR-US: Tenda
CVE-2025-43915 (In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd ...)
@@ -474,7 +474,7 @@ CVE-2025-43843 (Retrieval-based-Voice-Conversion-WebUI is a voice changing frame
CVE-2025-43842 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
NOT-FOR-US: Retrieval-based-Voice-Conversion-WebUI
CVE-2025-2905 (An XML External Entity (XXE) vulnerability exists in the gateway compo ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-29573 (Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 ...)
NOT-FOR-US: Mezzanine CMS
CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestricted ...)
@@ -482,21 +482,21 @@ CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestr
CVE-2025-28062 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ER ...)
NOT-FOR-US: ERPNEXT
CVE-2025-27921 (A reflected cross-site scripting (XSS) vulnerability was discovered in ...)
- TODO: check
+ NOT-FOR-US: Output Messenger
CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory traversal ...)
- TODO: check
+ NOT-FOR-US: Output Messenger
CVE-2025-26241 (A SQL injection vulnerability in the "Search" functionality of "ticket ...)
TODO: check
CVE-2025-25504 (An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV o ...)
- TODO: check
+ NOT-FOR-US: Gefen WebFWC
CVE-2025-24977 (OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2025-1992 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
NOT-FOR-US: IBM
CVE-2025-1909 (The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authe ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0217 (BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2024-58237 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.9-1
NOTE: https://git.kernel.org/linus/1a4607ffba35bf2a630aab299e34dd3f6e658d70 (6.13-rc3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/141a7706ede075afe7fe7daf16b3adea1938eaf6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/141a7706ede075afe7fe7daf16b3adea1938eaf6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250506/a79a8adc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list