Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d2deeb4 by Salvatore Bonaccorso at 2025-04-18T22:53:46+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-3795 (A vulnerability was found in DaiCuo 1.3.13. It has been rated
as probl ...)
- TODO: check
+ NOT-FOR-US: DaiCuo
CVE-2025-3792 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-3791 (A vulnerability classified as critical was found in symisc
UnQLite up ...)
- TODO: check
+ NOT-FOR-US: symisc UnQLite
CVE-2025-3790 (A vulnerability classified as critical has been found in
baseweb JSite ...)
- TODO: check
+ NOT-FOR-US: baseweb JSite
CVE-2025-3789 (A vulnerability was found in baseweb JSite 1.0. It has been
rated as p ...)
- TODO: check
+ NOT-FOR-US: baseweb JSite
CVE-2025-3788 (A vulnerability was found in baseweb JSite 1.0. It has been
declared a ...)
- TODO: check
+ NOT-FOR-US: baseweb JSite
CVE-2025-3787 (A vulnerability was found in PbootCMS 3.2.5. It has been
classified as ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2025-3786 (A vulnerability was found in Tenda AC15 up to 15.03.05.19 and
classifi ...)
NOT-FOR-US: Tenda
CVE-2025-3785 (A vulnerability has been found in D-Link DWR-M961 1.1.36 and
classifie ...)
@@ -21,31 +21,31 @@ CVE-2025-3106 (The LA-Studio Element Kit for Elementor
plugin for WordPress is v
CVE-2025-3056 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2025-36625 (In Nessus versions prior to 10.8.4, a non-authenticated
attacker could ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2025-32796 (Dify is an open-source LLM app development platform. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-32795 (Dify is an open-source LLM app development platform. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-32792 (SES safely executes third-party JavaScript 'strict' mode
programs in c ...)
TODO: check
CVE-2025-32790 (Dify is an open-source LLM app development platform. In
versions 0.6.8 ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-32442 (Fastify is a fast and low overhead web framework, for Node.js.
In vers ...)
TODO: check
CVE-2025-32434 (PyTorch is a Python package that provides tensor computation
with stro ...)
TODO: check
CVE-2025-32389 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2025-32377 (Rasa Pro is a framework for building scalable, dynamic
conversational ...)
- TODO: check
+ NOT-FOR-US: Rasa Pro
CVE-2025-31120 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2025-31118 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2025-30357 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2025-30158 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2025-2950 (IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header
injection ...)
NOT-FOR-US: IBM
CVE-2025-2492 (An improper authentication control vulnerability exists in
AiCloud. Th ...)
@@ -53,53 +53,53 @@ CVE-2025-2492 (An improper authentication control
vulnerability exists in AiClou
CVE-2025-29953 (Deserialization of Untrusted Data vulnerability in Apache
ActiveMQ NMS ...)
TODO: check
CVE-2025-29784 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
- TODO: check
+ NOT-FOR-US: NamelessMC
CVE-2025-29625 (A buffer overflow vulnerability in Astrolog v7.70 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Astrolog
CVE-2025-29513 (Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and
before a ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2025-29512 (Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and
before a ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2025-29209 (TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized
arbitrary com ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28355 (Volmarg Personal Management System 1.4.65 is vulnerable to
Cross Site ...)
- TODO: check
+ NOT-FOR-US: Volmarg Personal Management System
CVE-2025-28242 (Improper session management in the /login_ok.htm endpoint of
DAEnetIP4 ...)
- TODO: check
+ NOT-FOR-US: DAEnetIP4 METO
CVE-2025-28238 (Improper session management in Elber REBLE310 Firmware
v5.5.1.R , Equi ...)
- TODO: check
+ NOT-FOR-US: Elber REBLE310 Firmware
CVE-2025-28237 (An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter
v1.10.1 all ...)
- TODO: check
+ NOT-FOR-US: WorldCast Systems ECRESO FM/DAB/TV Transmitter
CVE-2025-28236 (Nautel VX Series transmitters VX SW v6.4.0 and below was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Nautel VX Series transmitters VX SW
CVE-2025-28235 (An information disclosure vulnerability in the component
/socket.io/1/ ...)
- TODO: check
+ NOT-FOR-US: Soundcraft Ui
CVE-2025-28233 (Incorrect access control in BW Broadcast TX600 (14980), TX300
(32990) ...)
- TODO: check
+ NOT-FOR-US: BW Broadcast
CVE-2025-28232 (Incorrect access control in the HOME.php endpoint of
JMBroadcast JMB01 ...)
- TODO: check
+ NOT-FOR-US: JMBroadcast JMB0150 Firmware
CVE-2025-28231 (Incorrect access control in Itel Electronics IP Stream
v1.7.0.6 allows ...)
- TODO: check
+ NOT-FOR-US: Itel Electronics IP Stream
CVE-2025-28230 (Incorrect access control in JMBroadcast JMB0150 Firmware v1.0
allows a ...)
- TODO: check
+ NOT-FOR-US: JMBroadcast JMB0150 Firmware
CVE-2025-28229 (Incorrect access control in Orban OPTIMOD 5950 Firmware
v1.0.0.2 and S ...)
- TODO: check
+ NOT-FOR-US: Orban OPTIMOD 5950 Firmware
CVE-2025-28228 (A credential exposure vulnerability in Electrolink 500W, 1kW,
2kW Medi ...)
- TODO: check
+ NOT-FOR-US: Electrolink Medium DAB Transmitter
CVE-2025-28197 (Crawl4AI <=0.4.247 is vulnerable to SSRF in
/crawl4ai/async_dispatcher ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2025-28059 (An access control vulnerability in Nagios Network Analyzer
2024R1.0.3 ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyzer
CVE-2025-27599 (Element X Android is a Matrix Android Client provided by
element.io. P ...)
TODO: check
CVE-2025-25985 (An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP
camera (Hw_H ...)
- TODO: check
+ NOT-FOR-US: Macro-video Technologies
CVE-2025-25984 (An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP
camera (Hw_H ...)
- TODO: check
+ NOT-FOR-US: Macro-video Technologies
CVE-2025-25983 (An issue in Macro-video Technologies Co.,Ltd V380 Pro android
applicat ...)
- TODO: check
+ NOT-FOR-US: Macro-video Technologies
CVE-2025-24914 (When installing Nessus to a non-default location on a Windows
host, Ne ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2025-1697 (A potential security vulnerability has been identified in the
HP Touch ...)
NOT-FOR-US: HP
CVE-2024-57493 (An issue in redoxOS relibc before commit 98aa4ea5 allows a
local attac ...)
@@ -107,13 +107,13 @@ CVE-2024-57493 (An issue in redoxOS relibc before commit
98aa4ea5 allows a local
CVE-2024-49808 (IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and
6.3.0 could ...)
NOT-FOR-US: IBM
CVE-2024-46089 (74cms <=3.33 is vulnerable to remote code execution (RCE) in
the backg ...)
- TODO: check
+ NOT-FOR-US: 74cms
CVE-2024-45651 (IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and
6.3.0 doe ...)
NOT-FOR-US: IBM
CVE-2024-41447 (A stored cross-site scripting (XSS) vulnerability in Alkacon
OpenCMS v ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCMS
CVE-2024-29643 (An issue in croogo v.3.0.2 allows an attacker to perform Host
header i ...)
- TODO: check
+ NOT-FOR-US: croogo
CVE-2024-11421
REJECTED
CVE-2025-37838 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2deeb4677e5c21f69d22068eefbc9a5cee7360
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2deeb4677e5c21f69d22068eefbc9a5cee7360
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
