[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 7 22:02:53 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3d7bd6bf by Salvatore Bonaccorso at 2025-05-07T23:02:29+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -316,15 +316,15 @@ CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88 allows command injection
CVE-2025-46828 (WeGIA is a web manager for charitable institutions. An unauthenticate ...)
NOT-FOR-US: WeGIA
CVE-2025-46827 (Graylog is a free and open log management platform. Prior to versions ...)
- TODO: check
+ NOT-FOR-US: Graylog
CVE-2025-46824 (The Discourse Code Review Plugin allows users to review GitHub commits ...)
- TODO: check
+ NOT-FOR-US: Discourse Code Review Plugin
CVE-2025-46551 (JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSS ...)
TODO: check
CVE-2025-45514 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the functio ...)
NOT-FOR-US: Tenda
CVE-2025-45388 (Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Wagtail CMS
CVE-2025-3476 (Incorrect Authorization vulnerability in OpenText\u2122 Operations Bri ...)
NOT-FOR-US: OpenText
CVE-2025-3272 (Incorrect Authorization vulnerability in OpenText\u2122 Operations Bri ...)
@@ -340,31 +340,31 @@ CVE-2025-32820 (A vulnerability in SMA100 allows a remote authenticated attacker
CVE-2025-32819 (A vulnerability in SMA100 allows a remote authenticated attacker with ...)
NOT-FOR-US: SonicWall
CVE-2025-30147 (Besu Native contains scripts and tooling that is used to build and pac ...)
- TODO: check
+ NOT-FOR-US: Besu Native
CVE-2025-2778
REJECTED
CVE-2025-2777 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticate ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2025-2776 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticate ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2025-2775 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticate ...)
- TODO: check
+ NOT-FOR-US: SysAid
CVE-2025-29746 (Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a re ...)
- TODO: check
+ NOT-FOR-US: Koillection
CVE-2025-29602 (flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Adminis ...)
TODO: check
CVE-2025-29448 (A business logic vulnerability in Easy Appointments v1.5.1 allows atta ...)
- TODO: check
+ NOT-FOR-US: Easy Appointments
CVE-2025-29154 (HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58. ...)
- TODO: check
+ NOT-FOR-US: lemeconsultoria HCM galera.app
CVE-2025-29153 (SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 ...)
- TODO: check
+ NOT-FOR-US: lemeconsultoria HCM galera.app
CVE-2025-29152 (Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v ...)
- TODO: check
+ NOT-FOR-US: lemeconsultoria HCM galera.app
CVE-2025-26169 (IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalat ...)
- TODO: check
+ NOT-FOR-US: IXON VPN Client
CVE-2025-26168 (IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege ...)
- TODO: check
+ NOT-FOR-US: IXON VPN Client
CVE-2025-20980 (Out-of-bounds write in libsavscmn prior to Android 15 allows local att ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-20979 (Out-of-bounds write in libsavscmn prior to Android 15 allows local att ...)
@@ -426,75 +426,75 @@ CVE-2025-20949 (Path traversal vulnerability in Samsung Members prior to version
CVE-2025-20937 (Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Releas ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-20223 (A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20221 (A vulnerability in the packet filtering features of Cisco IOS XE SD-WA ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20216 (A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20214 (A vulnerability in the Network Configuration Access Control Module (NA ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20213 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20210 (A vulnerability in the management API of Cisco Catalyst Center, former ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20202 (A vulnerability in Cisco IOS XE Wireless Controller Software could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20201 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20200 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20199 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20198 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20197 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20196 (A vulnerability in the Cisco IOx application hosting environment of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20195 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20194 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20193 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20192 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) impleme ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20191 (A vulnerability in the Switch Integrated Security Features (SISF) of C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20190 (A vulnerability in the lobby ambassador web interface of Cisco IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20189 (A vulnerability in the Cisco Express Forwarding functionality of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20188 (A vulnerability in the Out-of-Band Access Point (AP) Image Download fe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20187 (A vulnerability in the application data endpoints of Cisco Catalyst SD ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20186 (A vulnerability in the web-based management interface of the Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20182 (A vulnerability in the Internet Key Exchange version 2 (IKEv2) protoco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20181 (A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR ...)
NOT-FOR-US: Cisco
CVE-2025-20164 (A vulnerability in the Cisco Industrial Ethernet Switch Device Manager ...)
NOT-FOR-US: Cisco
CVE-2025-20162 (A vulnerability in the DHCP snooping security feature of Cisco IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20157 (A vulnerability in certificate validation processing of Cisco Catalyst ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20155 (A vulnerability in the bootstrap loading of Cisco IOS XE Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20154 (A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) ser ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20151 (A vulnerability in the implementation of the Simple Network Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20147 (A vulnerability in the web-based management interface of Cisco Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20140 (A vulnerability in the Wireless Network Control daemon (wncd) of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20137 (A vulnerability in the access control list (ACL) programming of Cisco ...)
NOT-FOR-US: Cisco
CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildc ...)
TODO: check
CVE-2020-36791 (In the Linux kernel, the following vulnerability has been resolved: n ...)
@@ -569,9 +569,9 @@ CVE-2025-32396 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or
CVE-2025-2821 (The Search Exclude plugin for WordPress is vulnerable to unauthorized ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1400 (Out-of-bounds Read vulnerability inunpack_response (conn.c) in libplct ...)
- TODO: check
+ NOT-FOR-US: libplctag
CVE-2025-1399 (Out-of-bounds Read vulnerability inunpack_response (session.c) in libp ...)
- TODO: check
+ NOT-FOR-US: libplctag
CVE-2025-0856 (The PGS Core plugin for WordPress is vulnerable to unauthorized access ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0855 (The PGS Core plugin for WordPress is vulnerable to PHP Object Injectio ...)
@@ -579,13 +579,13 @@ CVE-2025-0855 (The PGS Core plugin for WordPress is vulnerable to PHP Object Inj
CVE-2025-0853 (The PGS Core plugin for WordPress is vulnerable to SQL Injection via t ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0669 (Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0668 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0667 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0666 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow serving ver ...)
TODO: check
CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
@@ -950,7 +950,7 @@ CVE-2025-3609 (The Reales WP STPT plugin for WordPress is vulnerable to unauthor
CVE-2025-3281 (The User Registration & Membership \u2013 Custom Registration Form, Lo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3020 (An low privileged remote Attacker can execute arbitrary web scripts or ...)
- TODO: check
+ NOT-FOR-US: Wiesemann & Theis GmbH Products
CVE-2025-2802 (The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortco ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2509 (Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a m ...)
@@ -1096,7 +1096,7 @@ CVE-2025-27921 (A reflected cross-site scripting (XSS) vulnerability was discove
CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory traversal ...)
NOT-FOR-US: Output Messenger
CVE-2025-26241 (A SQL injection vulnerability in the "Search" functionality of "ticket ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2025-25504 (An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV o ...)
NOT-FOR-US: Gefen WebFWC
CVE-2025-24977 (OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d7bd6bfb25a6fb1a7cb533251bc36460fd23673
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d7bd6bfb25a6fb1a7cb533251bc36460fd23673
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250507/830f16d6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list