Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac793499 by Salvatore Bonaccorso at 2025-04-02T22:21:38+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2025-3099 (The Advanced Search by My Solr Server plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3098 (The Video Url plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3097 (The wp Time Machine plugin for WordPress is vulnerable to
Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3063 (The Shopper Approved Reviews plugin for WordPress is vulnerable
to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31728 (Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not
mask Asakus ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31727 (Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores
AsakusaSatell ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31726 (Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack
Hammer API ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31725 (Jenkins monitor-remote-job Plugin 1.0 stores passwords
unencrypted in ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31724 (Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31723 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Simple Qu ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31722 (In Jenkins Templating Engine Plugin 2.5.3 and earlier,
libraries defin ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31721 (A missing permission check in Jenkins 2.503 and earlier, LTS
2.492.2 a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31720 (A missing permission check in Jenkins 2.503 and earlier, LTS
2.492.2 a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-31286 (An HTML injection vulnerability previously discovered in Trend
Vision ...)
TODO: check
CVE-2025-31285 (A broken access control vulnerability previously discovered in
the Tre ...)
@@ -41,11 +41,11 @@ CVE-2025-2842 (A flaw was found in the Tempo Operator. When
the Jaeger UI Monito
CVE-2025-2786 (A flaw was found in Tempo Operator, where it creates a
ServiceAccount, ...)
TODO: check
CVE-2025-2513 (The Smart Icons For WordPress plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2483 (The Gift Certificate Creator plugin for WordPress is vulnerable
to Ref ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2005 (The Front End Users plugin for WordPress is vulnerable to
arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-20212 (A vulnerability in the Cisco AnyConnect VPN server of Cisco
Meraki MX ...)
TODO: check
CVE-2025-20203 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
@@ -55,17 +55,17 @@ CVE-2025-20139 (A vulnerability in chat messaging features
of Cisco Enterprise C
CVE-2025-20120 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
TODO: check
CVE-2025-0154 (IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose
sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-0014 (Incorrect default permissions on the AMD Ryzen(TM) AI
installation fol ...)
TODO: check
CVE-2024-56476 (IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an
attacker t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-56475 (IBM TXSeries for Multiplatforms 9.1 and 11.1is vulnerable to
cross-sit ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-56474 (IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to
cross-si ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-56341 (IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable
to cross ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-50597 (An integer underflow vulnerability exists in the HTTP server
PUT reque ...)
TODO: check
CVE-2024-50596 (An integer underflow vulnerability exists in the HTTP server
PUT reque ...)
@@ -87,13 +87,13 @@ CVE-2024-36336 (Integer overflow within the AMD NPU Driver
could allow a local a
CVE-2024-36328 (Integer overflow within AMD NPU Driver could allow a local
attacker to ...)
TODO: check
CVE-2024-25051 (IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate
session ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-13637 (The Demo Awesome plugin for WordPress is vulnerable to
unauthorized mo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12410 (The Front End Users plugin for WordPress is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40714 (A relative path traversal in Fortinet FortiSIEM versions
7.0.0, 6.7.0 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-27556 (An issue was discovered in Django 5.1 before 5.1.8 and 5.0
before 5.0. ...)
- python-django <not-affected> (Windows-specific)
NOTE:
https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac7934997eca52b1ed1d33f8e74c3f8c92db2fa9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac7934997eca52b1ed1d33f8e74c3f8c92db2fa9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
