Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ff73e602 by Salvatore Bonaccorso at 2025-02-28T21:25:42+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
CVE-2025-27408 (Manifest offers users a one-file micro back end. Prior to
version 4.9. ...)
- TODO: check
+ NOT-FOR-US: Manifest
CVE-2025-27400 (Magento Long Term Support (LTS) is an unofficial,
community-driven pro ...)
- TODO: check
+ NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2025-26326 (A vulnerability in the remote connection complements of the
NVDA (Nonv ...)
- TODO: check
+ NOT-FOR-US: NVDA (Nonvisual Desktop Access)
CVE-2025-26263 (GeoVision ASManager Windows desktop application with the
version 6.1.2 ...)
- TODO: check
+ NOT-FOR-US: GeoVision
CVE-2025-26047 (Loggrove v1.0 is vulnerable to SQL Injection in the read.py
file.)
- TODO: check
+ NOT-FOR-US: Loggrove
CVE-2025-25916 (wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability
in del ...)
- TODO: check
+ NOT-FOR-US: wuzhicms
CVE-2025-25635 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer
overflow vulne ...)
- TODO: check
+ NOT-FOR-US: TOTOlink
CVE-2025-25610 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer
overflow vulne ...)
- TODO: check
+ NOT-FOR-US: TOTOlink
CVE-2025-25609 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer
overflow vulne ...)
- TODO: check
+ NOT-FOR-US: TOTOlink
CVE-2025-25461 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
SeedDMS 6. ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2025-25431 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site
Scripting (X ...)
- TODO: check
+ NOT-FOR-US: Trendnet
CVE-2025-25430 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site
Scripting (X ...)
- TODO: check
+ NOT-FOR-US: Trendnet
CVE-2025-25429 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site
Scripting (X ...)
- TODO: check
+ NOT-FOR-US: Trendnet
CVE-2025-25428 (TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a
hardcoded pas ...)
- TODO: check
+ NOT-FOR-US: Trendnet
CVE-2025-24849 (Lack of encryption in transit for cloud infrastructure
facilitating po ...)
TODO: check
CVE-2025-24843 (Insecure file retrieval process that facilitates potential for
file ma ...)
@@ -37,19 +37,19 @@ CVE-2025-24316 (The Dario Health Internet-based server
infrastructure is vulnera
CVE-2025-23405 (Unauthenticated log effects metrics gathering incident
response effort ...)
TODO: check
CVE-2025-22492 (The connection string visible to users with access to FRSCore
database ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2025-22491 (The user input was not sanitized on Reporting Hierarchy
Management pag ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2025-22274 (It is possible to inject HTML code into the page content using
the "co ...)
- TODO: check
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
CVE-2025-22273 (Application does not limit the number or frequency of user
interaction ...)
- TODO: check
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
CVE-2025-22272 (In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg"
endpoint, i ...)
- TODO: check
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
CVE-2025-22271 (The application or its infrastructure allows for IP address
spoofing b ...)
- TODO: check
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
CVE-2025-22270 (An attacker with access to the Administration panel,
specifically the ...)
- TODO: check
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager in SaaS
CVE-2025-20060 (An attacker could expose cross-user personal identifiable
information ...)
TODO: check
CVE-2025-20049 (The Dario Health portal service application is vulnerable to
XSS, whic ...)
@@ -57,63 +57,63 @@ CVE-2025-20049 (The Dario Health portal service application
is vulnerable to XSS
CVE-2025-1795 (During an address list folding when a separating comma ends up
on a fo ...)
TODO: check
CVE-2025-1776 (Cross-Site Scripting (XSS) vulnerability in Soteshop, versions
prior t ...)
- TODO: check
+ NOT-FOR-US: Soteshop
CVE-2025-1749 (HTML injection vulnerabilities in OpenCart versions prior to
4.1.0. Th ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2025-1748 (HTML injection vulnerabilities in OpenCart versions prior to
4.1.0. Th ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2025-1747 (HTML injection vulnerabilities in OpenCart versions prior to
4.1.0. Th ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2025-1746 (Cross-Site Scripting vulnerability in OpenCart versions prior
to 4.1.0 ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2025-1662 (The URL Media Uploader plugin for WordPress is vulnerable to
Server-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1570 (The Directorist: AI-Powered Business Directory Plugin with
Classified ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1560 (The WOW Entrance Effects (WEE!) plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1413 (DaVinci Resolve on MacOS was found to be installed with
incorrect file ...)
- TODO: check
+ NOT-FOR-US: DaVinci Resolve
CVE-2025-1319 (The Site Mailer \u2013 SMTP Replacement, Email API
Deliverability & Em ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1300 (CodeChecker is an analyzer tooling, defect database and viewer
extensi ...)
TODO: check
CVE-2025-0985 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores
potentially sensi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-0769 (PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1
was fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0160 (IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through
8.5.0.13, 8.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-0159 (IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through
8.5.0.13, 8.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-9195 (The WHMPress - WHMCS Client Area plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9193 (The WHMpress - WHMCS WordPress Integration Plugin plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9019 (The SecuPress Free \u2014 WordPress Security plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8425 (The WooCommerce Ultimate Gift Card plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8420 (The DHVC Form plugin for WordPress is vulnerable to privilege
escalati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-54175 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a
local user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-44754 (Cryptographic key extraction from internal flash in Minut M2
with firm ...)
TODO: check
CVE-2024-13851 (The Modal Portfolio plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13832 (The Ultra Addons Lite for Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13831 (The Tabs for WooCommerce plugin for WordPress is vulnerable to
PHP Obj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13716 (The Forex Calculators plugin for WordPress is vulnerable to
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13638 (The Order Attachments for WooCommerce plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13469 (The Pricing Table by PickPlugins plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10860 (The NextMove Lite \u2013 Thank You Page for WooCommerce plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27531
NOT-FOR-US: Apache InLong
CVE-2025-26325 (ShopXO 6.4.0 is vulnerable to File Upload in
ThemeDataService.php.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff73e60281230ce211177d89b50e80b35c23a060
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff73e60281230ce211177d89b50e80b35c23a060
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
