Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da2dad54 by Moritz Muehlenhoff at 2025-03-19T21:17:12+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a
certificate with ...)
TODO: check
CVE-2025-30197 (Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier
does not ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-30196 (Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for
links it ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-30154 (reviewdog/action-setup is a GitHub action that installs
reviewdog. rev ...)
TODO: check
CVE-2025-30153 (kin-openapi is a Go project for handling OpenAPI files. Prior
to 0.131 ...)
@@ -15,9 +15,9 @@ CVE-2025-30144 (fast-jwt provides fast JSON Web Token (JWT)
implementation. Prio
CVE-2025-2536 (Cross-site scripting (XSS) vulnerability on Liferay Portal
7.4.3.82 th ...)
TODO: check
CVE-2025-2512 (The File Away plugin for WordPress is vulnerable to arbitrary
file upl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2511 (The AHAthat Plugin plugin for WordPress is vulnerable to
time-based SQ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2476 (Use after free in Lens in Google Chrome prior to 134.0.6998.117
allowe ...)
TODO: check
CVE-2025-2324 (Improper Privilege Management vulnerability for users
configured as Sh ...)
@@ -37,9 +37,9 @@ CVE-2025-29405 (An arbitrary file upload vulnerability in the
component /admin/t
CVE-2025-29401 (An arbitrary file upload vulnerability in the component
/views/plugin. ...)
TODO: check
CVE-2025-29137 (Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by
the time ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29118 (Tenda AC8 V16.03.34.06 was discovered to contain a stack
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-27705 (There is a cross-site scripting vulnerability in the Secure
Access adm ...)
TODO: check
CVE-2025-27704 (There is a cross-site scripting vulnerability in the Secure
Access adm ...)
@@ -51,9 +51,9 @@ CVE-2025-26486 (Use of a Broken or Risky Cryptographic
Algorithm, Use of Passwor
CVE-2025-26485 (The Exposure of Sensitive Information to an Unauthorized Actor
vulner ...)
TODO: check
CVE-2025-26475 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS,
version(s) 5.26 ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-23382 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS,
version(s) 5.26 ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-1758 (Improper Input Validation vulnerability in Progress LoadMaster
allows ...)
TODO: check
CVE-2025-1472 (Mattermost versions 9.11.x <= 9.11.8 fail to properly perform
authoriz ...)
@@ -67,29 +67,29 @@ CVE-2024-57061 (An issue in Termius Version 9.9.0 through
v.9.16.0 allows a phys
CVE-2024-55551 (An issue was discovered in Exasol jdbc driver 24.2.0.
Attackers can in ...)
TODO: check
CVE-2024-53970 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-53969 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-53968 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-53967 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-51459 (IBM InfoSphere Information Server 11.7 could allow a local
user to exe ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-45644 (IBM Security ReaQta 3.12 allows a privileged user to upload or
transfe ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-42176 (HCL MyXalytics is affected by concurrent login vulnerability.
A concur ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-25132 (A flaw was found in the Hive hibernation controller component
of OpenS ...)
TODO: check
CVE-2024-13933 (The FoodBakery | Delivery Restaurant Directory WordPress Theme
theme f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13790 (The MinimogWP \u2013 The High Converting eCommerce WordPress
Theme the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13442 (The Service Finder Bookings plugin for WordPress is vulnerable
to priv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12920 (The FoodBakery | Delivery Restaurant Directory WordPress Theme
theme f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12137 (Authentication Bypass by Capture-replay vulnerability in
Elfatek Elekt ...)
TODO: check
CVE-2024-12136 (Missing Critical Step in Authentication vulnerability in
Elfatek Elekt ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da2dad540fb6654c5f1a05e918458c97c3a630f6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da2dad540fb6654c5f1a05e918458c97c3a630f6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
