Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0658e9b by Salvatore Bonaccorso at 2025-03-20T21:20:31+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2025-30160 (Redlib is an alternative private front-end to Reddit. A
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Redlib
CVE-2025-2565 (The data exposure vulnerability in Liferay Portal 7.4.0 through
7.4.3. ...)
NOT-FOR-US: Liferay
CVE-2025-2557 (A vulnerability, which was classified as critical, has been
found in A ...)
- TODO: check
+ NOT-FOR-US: Audi UTR Dashcam
CVE-2025-2556 (A vulnerability classified as problematic was found in Audi UTR
Dashca ...)
- TODO: check
+ NOT-FOR-US: Audi UTR Dashcam
CVE-2025-2555 (A vulnerability classified as problematic has been found in
Audi Unive ...)
- TODO: check
+ NOT-FOR-US: Audi Universal Traffic Recorder App
CVE-2025-2553 (A vulnerability was found in D-Link DIR-618 and DIR-605L
2.02/3.02. It ...)
NOT-FOR-US: D-Link
CVE-2025-2552 (A vulnerability was found in D-Link DIR-618 and DIR-605L
2.02/3.02. It ...)
@@ -27,11 +27,11 @@ CVE-2025-2546 (A vulnerability classified as problematic
was found in D-Link DIR
CVE-2025-2539 (The File Away plugin for WordPress is vulnerable to
unauthorized acces ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2480 (Santesoft Sante DICOM Viewer Pro is vulnerable to an
out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Santesoft Sante DICOM Viewer Pro
CVE-2025-2311 (Incorrect Use of Privileged APIs, Cleartext Transmission of
Sensitive ...)
- TODO: check
+ NOT-FOR-US: SecHard
CVE-2025-29980 (A SQL injection issue has been discovered in eTRAKiT.net
release 3.2.1 ...)
- TODO: check
+ NOT-FOR-US: eTRAKiT.net
CVE-2025-29923 (go-redis is the official Redis client library for the Go
programming l ...)
TODO: check
CVE-2025-29922 (kcp is a Kubernetes-like control plane for form-factors and
use-cases ...)
@@ -39,11 +39,11 @@ CVE-2025-29922 (kcp is a Kubernetes-like control plane for
form-factors and use-
CVE-2025-29914 (OWASP Coraza WAF is a golang modsecurity compatible web
application fi ...)
TODO: check
CVE-2025-29412 (A cross-site scripting (XSS) vulnerability in the Client
Profile Updat ...)
- TODO: check
+ NOT-FOR-US: Mart Developers iBanking
CVE-2025-29411 (An arbitrary file upload vulnerability in the Client Profile
Update se ...)
- TODO: check
+ NOT-FOR-US: Mart Developers iBanking
CVE-2025-29410 (A cross-site scripting (XSS) vulnerability in the component
/contact.p ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System
CVE-2025-29218 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack
overflow ...)
NOT-FOR-US: Tenda
CVE-2025-29217 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack
overflow ...)
@@ -59,39 +59,39 @@ CVE-2025-29121 (A vulnerability was found in Tenda AC6
V15.03.05.16. The vulnera
CVE-2025-29101 (Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack
overflow ...)
NOT-FOR-US: Tenda
CVE-2025-26853 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a
broken au ...)
- TODO: check
+ NOT-FOR-US: DESCOR INFOCAD
CVE-2025-26852 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows
SQL Inje ...)
- TODO: check
+ NOT-FOR-US: DESCOR INFOCAD
CVE-2025-23120 (A vulnerability allowing remote code execution (RCE) for
domain users.)
- TODO: check
+ NOT-FOR-US: qVeeam
CVE-2025-1802 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1796 (A vulnerability in langgenius/dify v0.10.1 allows an attacker
to take ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2025-1496 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: BG-TEK Coslat Hotspot
CVE-2025-1474 (In mlflow/mlflow version 2.18, an admin is able to create a new
user a ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2025-1473 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
Signup ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2025-1451 (A vulnerability in parisneo/lollms-webui v13 arises from the
server's ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2025-1040 (AutoGPT versions 0.3.4 and earlier are vulnerable to a
Server-Side Tem ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2025-0655 (A vulnerability in man-group/dtale versions 3.15.1 allows an
attacker ...)
- TODO: check
+ NOT-FOR-US: man-group/dtale
CVE-2025-0628 (An improper authorization vulnerability exists in the
main-latest vers ...)
TODO: check
CVE-2025-0508 (A vulnerability in the SageMaker Workflow component of
aws/sagemaker-p ...)
- TODO: check
+ NOT-FOR-US: SageMaker
CVE-2025-0454 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in t ...)
TODO: check
CVE-2025-0453 (In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2025-0452 (eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary
file del ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/DB-GPT
CVE-2025-0330 (In berriai/litellm version v1.52.1, an issue in proxy_server.py
causes ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2025-0317 (A vulnerability in ollama/ollama versions <=0.3.14 allows a
malicious ...)
TODO: check
CVE-2025-0315 (A vulnerability in ollama/ollama <=0.3.14 allows a malicious
user to c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0658e9bd9875972d6d3ac54ac79253d87e24988
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0658e9bd9875972d6d3ac54ac79253d87e24988
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
