Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3729b839 by Salvatore Bonaccorso at 2025-03-14T21:27:47+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-2304 (A Privilege Escalation through a Mass Assignment exists in
Camaleon CM ...)
- TODO: check
+ NOT-FOR-US: Camaleon CMS
CVE-2025-2268 (The HP LaserJet MFP M232-M237 Printer Series may be vulnerable
to a de ...)
- TODO: check
+ NOT-FOR-US: HP LaserJet MFP M232-M237 Printer Series
CVE-2025-2232 (The Realteo - Real Estate Plugin by Purethemes plugin for
WordPress, u ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2000 (A maliciously crafted QPY file can potential execute
arbitrary-code em ...)
@@ -13,13 +13,13 @@ CVE-2025-29780 (Post-Quantum Secure Feldman's Verifiable
Secret Sharing provides
CVE-2025-29779 (Post-Quantum Secure Feldman's Verifiable Secret Sharing
provides a Pyt ...)
TODO: check
CVE-2025-29776 (Azle is a WebAssembly runtime for TypeScript and JavaScript on
ICP. Ca ...)
- TODO: check
+ NOT-FOR-US: Azle
CVE-2025-29775 (xml-crypto is an XML digital signature and encryption library
for Node ...)
- TODO: check
+ NOT-FOR-US: Node xml-crypto
CVE-2025-29774 (xml-crypto is an XML digital signature and encryption library
for Node ...)
- TODO: check
+ NOT-FOR-US: Node xml-crypto
CVE-2025-29771 (HtmlSanitizer is a client-side HTML Sanitizer. Versions prior
to 2.0.3 ...)
- TODO: check
+ NOT-FOR-US: HtmlSanitizer Node.js module
CVE-2025-29387 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter
of /gofor ...)
NOT-FOR-US: Tenda
CVE-2025-29386 (In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of
/goform/Adv ...)
@@ -45,21 +45,21 @@ CVE-2025-27594 (The device uses an unencrypted, proprietary
protocol for communi
CVE-2025-27593 (The product can be used to distribute malicious code using SDD
Device ...)
TODO: check
CVE-2025-26626 (The GLPI Inventory Plugin handles various types of tasks for
GLPI agen ...)
- TODO: check
+ NOT-FOR-US: GLPI Inventory Plugin
CVE-2025-26312 (SendQuick Entera devices before 11HF5 are vulnerable to
CAPTCHA bypass ...)
- TODO: check
+ NOT-FOR-US: SendQuick Entera devices
CVE-2025-26216
REJECTED
CVE-2025-26215
REJECTED
CVE-2025-25873 (Cross Site Request Forgery vulnerability in Open Panel
OpenAdmin v.0.3 ...)
- TODO: check
+ NOT-FOR-US: Open Panel OpenAdmin
CVE-2025-25872 (An issue in Open Panel v.0.3.4 allows a remote attacker to
escalate pr ...)
- TODO: check
+ NOT-FOR-US: Open Panel
CVE-2025-25871 (An issue in Open Panel v.0.3.4 allows a remote attacker to
escalate pr ...)
- TODO: check
+ NOT-FOR-US: Open Panel
CVE-2025-1888 (The Leica Web Viewer within the Aperio Eslide Manager
Application is v ...)
- TODO: check
+ NOT-FOR-US: Aperio Eslide Manager Application
CVE-2025-1507 (The ShareThis Dashboard for Google Analytics plugin for
WordPress is v ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55594 (An improper handling of syntactically invalid structure in
Fortinet Fo ...)
@@ -87,7 +87,7 @@ CVE-2024-40590 (Animproper certificate validation
vulnerability [CWE-295] in For
CVE-2024-40585 (An insertion of sensitive information into log file
vulnerabilities [C ...)
NOT-FOR-US: Fortinet
CVE-2024-29409 (File Upload vulnerability in nestjs nest v.10.3.2 allows a
remote atta ...)
- TODO: check
+ NOT-FOR-US: nestjs nest
CVE-2024-26006 (An improper neutralization of input during web page Generation
vulnera ...)
NOT-FOR-US: Fortinet
CVE-2024-13773 (The Civi - Job Board & Freelance Marketplace WordPress Theme
plugin fo ...)
@@ -123,7 +123,7 @@ CVE-2024-8176 (A stack overflow vulnerability exists in the
libexpat library due
NOTE: https://github.com/libexpat/libexpat/issues/893
NOTE: https://github.com/libexpat/libexpat/pull/973
CVE-2025-30022 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was
discovered to c ...)
- TODO: check
+ NOT-FOR-US: CM Soluces Informatica Ltda Auto Atendimento
CVE-2025-2289 (The Zegen - Church WordPress Theme theme for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2221 (The WPCOM Member plugin for WordPress is vulnerable to
time-based SQL ...)
@@ -135,7 +135,7 @@ CVE-2025-2103 (The SoundRise Music plugin for WordPress is
vulnerable to unautho
CVE-2025-2056 (The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall
plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2025-26163 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was
discovered to c ...)
- TODO: check
+ NOT-FOR-US: CM Soluces Informatica Ltda Auto Atendimento
CVE-2025-24855 (numbers.c in libxslt before 1.1.43 has a use-after-free
because, in ne ...)
- libxslt <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
@@ -159,7 +159,7 @@ CVE-2024-55549 (xsltGetInheritedNsList in libxslt before
1.1.43 has a use-after-
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxslt/-/commit/46041b65f2fbddf5c284ee1a1332fa2c515c0515
(v1.1.43)
CVE-2024-55060 (A cross-site scripting (XSS) vulnerability in the component
index.php ...)
- TODO: check
+ NOT-FOR-US: Rafed CMS Website
CVE-2024-13913 (The InstaWP Connect \u2013 1-click WP Staging & Migration
plugin for W ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13824 (The CiyaShop - Multipurpose WooCommerce Theme theme for
WordPress is v ...)
@@ -296544,7 +296544,7 @@ CVE-2021-37789 (stb_image.h 2.27 has a heap-based
buffer over in stbi__jpeg_load
CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603
could all ...)
NOT-FOR-US: Gurock TestRail
CVE-2021-37787 (The unprivileged administrative interface in ABO.CMS version
5.8 throu ...)
- TODO: check
+ NOT-FOR-US: ABO.CMS
CVE-2021-37786 (Certain Federal Office of Information Technology Systems and
Telecommu ...)
NOT-FOR-US: Covid certificate app in Switzerland.
CVE-2021-37785
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3729b839fec74a5dbd7853ba8cba23cc1f081282
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3729b839fec74a5dbd7853ba8cba23cc1f081282
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
