[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 23 21:51:03 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
52b3fe48 by Salvatore Bonaccorso at 2025-05-23T22:50:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2025-5096 (The TablePress plugin for WordPress is vulnerable to DOM-Based St
CVE-2025-4975 (When a notification relating to low battery appears for a user with wh ...)
NOT-FOR-US: TP-Link
CVE-2025-4692 (Actors can use a maliciously crafted JavaScript object notation (JSON) ...)
- TODO: check
+ NOT-FOR-US: ABUP
CVE-2025-4642
REJECTED
CVE-2025-4594 (The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Sit ...)
@@ -35,9 +35,9 @@ CVE-2025-4594 (The Tournamatch plugin for WordPress is vulnerable to Stored Cros
CVE-2025-4562
REJECTED
CVE-2025-4379 (DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Si ...)
- TODO: check
+ NOT-FOR-US: DobryCMS
CVE-2025-4338 (Lantronix Device installer is vulnerable to XML external entity (XXE) ...)
- TODO: check
+ NOT-FOR-US: Lantronix Device installer
CVE-2025-48741 (A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 befo ...)
NOT-FOR-US: StrangeBee TheHive
CVE-2025-48740 (A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHiv ...)
@@ -59,7 +59,7 @@ CVE-2025-48376 (DNN (formerly DotNetNuke) is an open-source web content manageme
CVE-2025-48375 (Schule is open-source school management system software. Prior to vers ...)
NOT-FOR-US: Schule open-source school management system
CVE-2025-48374 (zot is ancontainer image/artifact registry based on the Open Container ...)
- TODO: check
+ NOT-FOR-US: zot
CVE-2025-48373 (Schule is open-source school management system software. The applicati ...)
NOT-FOR-US: Schule open-source school management system
CVE-2025-48372 (Schule is open-source school management system software. The generateO ...)
@@ -69,19 +69,19 @@ CVE-2025-48371 (OpenFGA is an authorization/permission engine. OpenFGA versions
CVE-2025-48292 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48289 (Deserialization of Untrusted Data vulnerability in AncoraThemes Kids P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48287 (Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48283 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48275 (Missing Authorization vulnerability in dastan800 Visual Header allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48273 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48271 (Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48245 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48241 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -89,7 +89,7 @@ CVE-2025-48241 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-47690 (Missing Authorization vulnerability in smackcoders Lead Form Data Coll ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47687 (Unrestricted Upload of File with Dangerous Type vulnerability in Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47680 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47678 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -97,31 +97,31 @@ CVE-2025-47678 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-47673 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47672 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47671 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47670 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47663 (Unrestricted Upload of File with Dangerous Type vulnerability in mojoo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47660 (Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47658 (Unrestricted Upload of File with Dangerous Type vulnerability in ELEXt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47646 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47642 (Unrestricted Upload of File with Dangerous Type vulnerability in Ajar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47641 (Unrestricted Upload of File with Dangerous Type vulnerability in print ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47640 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47637 (Unrestricted Upload of File with Dangerous Type vulnerability in STAGG ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47631 (Incorrect Privilege Assignment vulnerability in mojoomla Hospital Mana ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47619 (Missing Authorization vulnerability in 6Storage 6Storage Rentals allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47618 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47613 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -129,9 +129,9 @@ CVE-2025-47613 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-47611 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47603 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47599 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47575 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47568 (Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds a ...)
@@ -139,15 +139,15 @@ CVE-2025-47568 (Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSo
CVE-2025-47558 (Missing Authorization vulnerability in RomanCode MapSVG allows Accessi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47541 (Insertion of Sensitive Information Into Sent Data vulnerability in WPF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47539 (Incorrect Privilege Assignment vulnerability in Themewinter Eventin al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47535 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47532 (Deserialization of Untrusted Data vulnerability in CoinPayments CoinPa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47530 (Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47529 (Missing Authorization vulnerability in UX Design Experts Experto CTA W ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47513 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -155,23 +155,23 @@ CVE-2025-47513 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2025-47512 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47492 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47478 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47461 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47458 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47453 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47438 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47181 (Improper link resolution before file access ('link following') in Micr ...)
TODO: check
CVE-2025-47149 (The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an is ...)
- TODO: check
+ NOT-FOR-US: i-FILTER
CVE-2025-46539 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46527 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -179,39 +179,39 @@ CVE-2025-46527 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2025-46526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46493 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46490 (Unrestricted Upload of File with Dangerous Type vulnerability in wordw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46488 (Missing Authorization vulnerability in dastan800 Visual Builder allows ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46487 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46486 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46474 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46468 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46463 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46460 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46458 (Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46456 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46455 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46454 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46448 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46446 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46444 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46440 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -221,29 +221,29 @@ CVE-2025-46437 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-46176 (Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B0 ...)
NOT-FOR-US: D-Link
CVE-2025-44998 (A stored cross-site scripting (XSS) vulnerability in the component /ti ...)
- TODO: check
+ NOT-FOR-US: TinyFileManager
CVE-2025-43860 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2025-41407 (Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable ...)
NOT-FOR-US: Zoho
CVE-2025-41380 (Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Iridium Certus 700
CVE-2025-41379 (The Intellian C700 web panel allows you to add firewall rules. Each of ...)
- TODO: check
+ NOT-FOR-US: Intellian C700 web panel
CVE-2025-41378 (The SSID field is not parsed correctly and can be used to inject comma ...)
- TODO: check
+ NOT-FOR-US: Intellian
CVE-2025-41377 (Cryptographic vulnerability in Iridium Certus 700. This vulnerability ...)
- TODO: check
+ NOT-FOR-US: Intellian
CVE-2025-3895 (Token used for resetting passwords in MegaBIP softwareare generated us ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2025-3894 (Text editor embedded into MegaBIP software does not neutralize user in ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2025-3893 (While editing pages managed by MegaBIP a user with high privileges is ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2025-3580 (An access control vulnerability was discovered in Grafana OSS where an ...)
TODO: check
CVE-2025-39536 (Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39506 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -265,13 +265,13 @@ CVE-2025-39495 (Deserialization of Untrusted Data vulnerability in BoldThemes Av
CVE-2025-39494 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39490 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39489 (Incorrect Privilege Assignment vulnerability in pebas CouponXL allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39485 (Deserialization of Untrusted Data vulnerability in ThemeGoods Grand To ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39480 (Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-36527 (Zohocorp ManageEngineADAudit Plus versions below 8511 are vulnerable t ...)
NOT-FOR-US: Zoho
CVE-2025-32967 (OpenEMR is a free and open source electronic health records and medica ...)
@@ -279,35 +279,35 @@ CVE-2025-32967 (OpenEMR is a free and open source electronic health records and
CVE-2025-32794 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2025-32309 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32302 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32294 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32293 (Deserialization of Untrusted Data vulnerability in designthemes Financ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32292 (Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32289 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32286 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32285 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32284 (Deserialization of Untrusted Data vulnerability in designthemes Pet Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31927 (Deserialization of Untrusted Data vulnerability in themeton Acerola al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31924 (Deserialization of Untrusted Data vulnerability in designthemes Crafts ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31918 (Incorrect Privilege Assignment vulnerability in quantumcloud Simple Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31916 (Unrestricted Upload of File with Dangerous Type vulnerability in joy20 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31914 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31913 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31912 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31636 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -315,29 +315,29 @@ CVE-2025-31636 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-31633 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31632 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31631 (Deserialization of Untrusted Data vulnerability in AncoraThemes Fish H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31430 (Deserialization of Untrusted Data vulnerability in themeton The Busine ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31423 (Deserialization of Untrusted Data vulnerability in AncoraThemes Umbert ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31397 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31069 (Deserialization of Untrusted Data vulnerability in themeton HotStar \u ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31064 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31060 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31056 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31053 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31049 (Deserialization of Untrusted Data vulnerability in themeton Dash allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2394 (Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 c ...)
- TODO: check
+ NOT-FOR-US: Ecovacs Home Android and iOS Mobile Applications
CVE-2025-24917 (In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, ...)
TODO: check
CVE-2025-24916 (When installing Tenable Network Monitor to a non-default location on a ...)
@@ -349,7 +349,7 @@ CVE-2024-9163 (A business logic error in GitLab CE/EE affecting all versions sta
CVE-2024-7803 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
TODO: check
CVE-2024-51360 (An issue in Hospital Management System In PHP V4.0 allows a remote att ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System In PHP
CVE-2024-51108 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
NOT-FOR-US: PHPGurukul
CVE-2024-51107 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
@@ -371,7 +371,7 @@ CVE-2024-13945 (Stored Absolute Path Traversal vulnerabilities in ASPECT could e
CVE-2023-53154 (parse_string in cJSON before 1.7.18 has a heap-based buffer over-read ...)
TODO: check
CVE-2023-34873 (On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5 ...)
- TODO: check
+ NOT-FOR-US: MOBOTIX P3 cameras
CVE-2018-25110 (Marked prior to version 0.3.17 is vulnerable to a Regular Expression D ...)
TODO: check
CVE-2025-40909 [Thread creation while a directory handle is open does a fchdir, affecting other threads (race condition)]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52b3fe482fc2f3e3c2a37fa7a887cdac408118b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52b3fe482fc2f3e3c2a37fa7a887cdac408118b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250523/2d479fc1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list