Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a7609e5 by Salvatore Bonaccorso at 2025-04-18T10:16:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,11 +7,11 @@ CVE-2025-40114 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-40014 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
TODO: check
CVE-2025-3783 (A vulnerability classified as critical was found in
SourceCodester Web ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-3598 (The Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3520 (The Avatar plugin for WordPress is vulnerable to arbitrary file
deleti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3509 (A Remote Code Execution (RCE) vulnerability was identified in
GitHub E ...)
TODO: check
CVE-2025-3246 (An improper neutralization of input vulnerability was
identified in Gi ...)
@@ -33,11 +33,11 @@ CVE-2025-39728 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-39688 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
TODO: check
CVE-2025-39471 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39470 (Path Traversal: '.../...//' vulnerability in ThimPress Ivy
School allo ...)
TODO: check
CVE-2025-39469 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-38637 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
TODO: check
CVE-2025-38575 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
@@ -61,9 +61,9 @@ CVE-2025-37860 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-37785 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
TODO: check
CVE-2025-2613 (The Login Manager \u2013 Design Login Page, View Login
Activity, Limit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2162 (The MapPress Maps for WordPress plugin before 2.94.10 does not
sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29461 (An issue in a-blogcms 3.1.15 allows a remote attacker to
obtain sensit ...)
TODO: check
CVE-2025-29460 (An issue in MyBB 1.8.38 allows a remote attacker to obtain
sensitive i ...)
@@ -91,15 +91,15 @@ CVE-2025-29450 (An issue in twonav v.2.1.18-20241105 allows
a remote attacker to
CVE-2025-29449 (An issue in twonav v.2.1.18-20241105 allows a remote attacker
to obtai ...)
TODO: check
CVE-2025-25427 (A Stored cross-site scripting (XSS) vulnerability in upnp page
of the ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-1863 (Insecure default settings have been found in recorder products
provide ...)
TODO: check
CVE-2025-0467 (Kernel software installed and running inside a Guest VM may
exploit me ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-26014
REJECTED
CVE-2024-13650 (The Piotnet Addons For Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-42178 (HCL MyXalytics is affected by a failure to restrict URL access
vulnera ...)
NOT-FOR-US: HCL MyXalytics
CVE-2025-43015 (In JetBrains RubyMine before 2025.1 remote Interpreter
overwrote ports ...)
@@ -447,9 +447,9 @@ CVE-2025-31006 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-2947 (IBM i 7.6 contains a privilege escalation vulnerability due to
incorr ...)
NOT-FOR-US: IBM
CVE-2025-2197 (Browser is affected by type confusion vulnerability, successful
exploi ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2025-2188 (There is a whitelist mechanism bypass in GameCenter ,successful
exploi ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2025-29931 (A vulnerability has been identified in TeleControl Server
Basic (All v ...)
NOT-FOR-US: Siemens
CVE-2025-29722 (A CSRF vulnerability in Commercify v1.0 allows remote
attackers to per ...)
@@ -639,7 +639,7 @@ CVE-2025-22565 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-22340 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-1532 (Phoneservice module is affected by code injection
vulnerability, succe ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2024-56518 (Hazelcast Management Center through 6.0 allows remote code
execution v ...)
NOT-FOR-US: Hazelcast Management Center
CVE-2024-55238 (OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An
attacker can e ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7609e50bdc0604e7182ad41dcfb319ad7977d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7609e50bdc0604e7182ad41dcfb319ad7977d0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
