Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6dc2d9bb by Salvatore Bonaccorso at 2025-04-17T17:33:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-43717 (In PEAR HTTP_Request2 before 2.7.0, multiple files in the
tests direct ...)
- TODO: check
+ NOT-FOR-US: PEAR HTTP_Request2
CVE-2025-43715 (Nullsoft Scriptable Install System (NSIS) before 3.11 on
Windows allow ...)
TODO: check
CVE-2025-43708 (VisiCut 2.1 allows stack consumption via an XML document with
nested s ...)
@@ -94,15 +94,15 @@ CVE-2025-1523 (The Ultimate Dashboard WordPress plugin
before 3.8.6 does not sa
CVE-2025-1290 (A race condition Use-After-Free vulnerability exists in the
virtio_tra ...)
NOT-FOR-US: ChromeOS
CVE-2025-0758 (Overview The product specifies permissions for a
security-critical ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2025-0757 (Overview The software does not neutralize or incorrectly
neutra ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2025-0756 (Overview The product receives input from an upstream
component ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantara Pentaho Data Integration & Analytics
CVE-2024-55372 (Wallos <=2.38.2 has a file upload vulnerability in the restore
databas ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2024-55371 (Wallos <= 2.38.2 has a file upload vulnerability in the
restore backup ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2024-13925 (The Klarna Checkout for WooCommerce WordPress plugin before
2.13.5 exp ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11924 (The Icegram Express formerly known as Email Subscribers
WordPress plu ...)
@@ -461,13 +461,13 @@ CVE-2025-20178 (A vulnerability in the web-based
management interface of Cisco S
CVE-2025-20150 (A vulnerability in Cisco Nexus Dashboard could allow an
unauthenticate ...)
NOT-FOR-US: Cisco
CVE-2025-1983 (A cross-site scripting (XSS) vulnerability in Ready_'s File
Explorer u ...)
- TODO: check
+ NOT-FOR-US: Ready OS
CVE-2025-1982 (Local File Inclusion vulnerability in Ready's attachment upload
panel ...)
- TODO: check
+ NOT-FOR-US: Ready OS
CVE-2025-1981 (Improper neutralization of input provided by a low-privileged
user int ...)
- TODO: check
+ NOT-FOR-US: Ready OS
CVE-2025-1980 (The Ready_ application's Profile section allows users to upload
files ...)
- TODO: check
+ NOT-FOR-US: Ready OS
CVE-2024-58249 (In wxWidgets before 3.2.7, a crash can be triggered in
wxWidgets apps ...)
TODO: check
CVE-2024-58248 (nopCommerce before 4.80.0 does not offer locking for order
placement. ...)
@@ -1372,7 +1372,7 @@ CVE-2025-0101 (A low privileged user can set the date of
the devices to the 19th
CVE-2024-49200 (An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in
Insyde I ...)
NOT-FOR-US: InsydeH2O
CVE-2024-44843 (An issue in the web socket handshake process of SteVe v3.7.1
allows at ...)
- TODO: check
+ NOT-FOR-US: SteVe
CVE-2024-13452 (The Contact Form by Supsystic plugin for WordPress is
vulnerable to Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10680 (The Form Maker by 10Web WordPress plugin before 1.15.32 does
not sani ...)
@@ -1463,7 +1463,7 @@ CVE-2025-30962 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-30206 (Dpanel is a Docker visualization panel system which provides
complete ...)
NOT-FOR-US: Dpanel
CVE-2025-2567 (An attacker could modify or disable settings, disrupt fuel
monitoring ...)
- TODO: check
+ NOT-FOR-US: Lantronix Xport
CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2025-29817 (Uncontrolled search path element in Power Automate allows an
authorize ...)
@@ -1549,7 +1549,7 @@ CVE-2025-1292 (Out-Of-Bounds Write in TPM2 Reference
Library in Google ChromeOS
CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google
ChromeOS 122.0 ...)
NOT-FOR-US: ChromeOS
CVE-2024-50960 (A command injection vulnerability in the Nmap diagnostic tool
in the a ...)
- TODO: check
+ NOT-FOR-US: Extron
CVE-2024-45712 (SolarWinds Serv-U is vulnerable to a client-side cross-site
scripting ...)
NOT-FOR-US: SolarWinds
CVE-2024-42200 (HCL BigFix Web Reports might be subject to a Stored Cross-Site
Scripti ...)
@@ -1629,7 +1629,7 @@ CVE-2025-32934
CVE-2025-32933
REJECTED
CVE-2025-32428 (Jupyter Remote Desktop Proxy allows you to run a Linux Desktop
on a Ju ...)
- TODO: check
+ NOT-FOR-US: Jupyter Remote Desktop Proxy
CVE-2025-31494 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
NOT-FOR-US: AutoGPT
CVE-2025-31491 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dc2d9bb7c04d186621706cf0e87d0cf7ec490d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dc2d9bb7c04d186621706cf0e87d0cf7ec490d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
