Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
675ab662 by security tracker role at 2025-05-01T20:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-4174 (A vulnerability, which was classified as critical, has been
found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4173 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-4164 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4163 (A vulnerability, which was classified as critical, has been
found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-4162 (A vulnerability classified as critical was found in PCMan FTP
Server u ...)
TODO: check
CVE-2025-4161 (A vulnerability classified as critical has been found in PCMan
FTP Ser ...)
@@ -17,29 +17,29 @@ CVE-2025-4159 (A vulnerability was found in PCMan FTP
Server up to 2.0.7. It has
CVE-2025-4158 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It
has been ...)
TODO: check
CVE-2025-4157 (A vulnerability was found in PHPGurukul Boat Booking System 1.0
and cl ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-46635 (An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices.
Improper ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46634 (Cleartext transmission of sensitive information in the web
management ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46633 (Cleartext transmission of sensitive information in the web
management ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46632 (Initialization vector (IV) reuse in the web management portal
of the T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46631 (Improper access controls in the web management portal of the
Tenda RX2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46630 (Improper access controls in the web management portal of the
Tenda RX2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46629 (Lack of access controls in the 'ate' management binary of the
Tenda RX ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46628 (Lack of input validation/sanitization in the 'ate' management
service ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46627 (Use of weak credentials in the Tenda RX2 Pro 16.03.30.14
allows an una ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46626 (Reuse of a static AES key and initialization vector for
encrypted traf ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46625 (Lack of input validation/sanitization in the 'setLanCfg' API
endpoint ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-46569 (Open Policy Agent (OPA) is an open source, general-purpose
policy engi ...)
TODO: check
CVE-2025-46568 (Stirling-PDF is a locally hosted web application that allows
you to pe ...)
@@ -55,13 +55,13 @@ CVE-2025-46345 (Auth0 Account Link Extension is an
extension aimed to help link
CVE-2025-46337 (ADOdb is a PHP database class library that provides
abstractions for p ...)
TODO: check
CVE-2025-44867 (Tenda W20E V15.11.0.6 was found to contain a command injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-44866 (Tenda W20E V15.11.0.6 was found to contain a command injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-44865 (Tenda W20E V15.11.0.6 was found to contain a command injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-44864 (Tenda W20E V15.11.0.6 was found to contain a command injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-44863 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a
command ...)
TODO: check
CVE-2025-44862 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a
command ...)
@@ -99,15 +99,15 @@ CVE-2025-44837 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was
discovered to contai
CVE-2025-44836 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to
contain a co ...)
TODO: check
CVE-2025-44835 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command
injection in ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-3890 (The WordPress Simple Shopping Cart plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3889 (The WordPress Simple Shopping Cart plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3874 (The WordPress Simple Shopping Cart plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3517 (Privilege context switching error in PAM JIT feature in
Devolutions Se ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-36558 (KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a
cross-si ...)
TODO: check
CVE-2025-36521 (MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read
which m ...)
@@ -153,7 +153,7 @@ CVE-2025-23246 (NVIDIA vGPU software for Windows and Linux
contains a vulnerabil
CVE-2025-23245 (NVIDIA vGPU software for Windows and Linux contains a
vulnerability in ...)
TODO: check
CVE-2025-1529 (The AM LottiePlayer plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-52979 (Uncontrolled Resource Consumption in Elasticsearch while
evaluating sp ...)
TODO: check
CVE-2024-52976 (Inclusion of functionality from an untrusted control sphere in
Elastic ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675ab662af10e9447cb5aacfa12c2e4df833212d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675ab662af10e9447cb5aacfa12c2e4df833212d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
