Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c84b920f by Moritz Muehlenhoff at 2025-05-20T11:38:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -159,13 +159,13 @@ CVE-2025-48233 (Cross-Site Request Forgery (CSRF)
vulnerability in affmngr Affil
CVE-2025-48232 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-47949 (samlify is a Node.js library for SAML single sign-on. A
Signature Wrap ...)
- TODO: check
+ NOT-FOR-US: Node samlify
CVE-2025-47946 (Symfony UX is an initiative and set of libraries to integrate
JavaScri ...)
- TODO: check
+ NOT-FOR-US: symfony/ux
CVE-2025-47944 (Multer is a node.js middleware for handling
`multipart/form-data`. A v ...)
- TODO: check
+ NOT-FOR-US: Node multer
CVE-2025-47935 (Multer is a node.js middleware for handling
`multipart/form-data`. Ver ...)
- TODO: check
+ NOT-FOR-US: Node multer
CVE-2025-47934 (OpenPGP.js is a JavaScript implementation of the OpenPGP
protocol. Sta ...)
- node-openpgp <itp> (bug #787774)
CVE-2025-47583 (Unauthenticated Cross Site Request Forgery (CSRF) in Salon
booking sys ...)
@@ -179,11 +179,11 @@ CVE-2025-47577 (Unrestricted Upload of File with
Dangerous Type vulnerability in
CVE-2025-47576 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47284 (Gardener implements the automated management and operation of
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Gardener
CVE-2025-47283 (Gardener implements the automated management and operation of
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Gardener
CVE-2025-47282 (Gardener External DNS Management is an environment to manage
external ...)
- TODO: check
+ NOT-FOR-US: Gardener
CVE-2025-46543 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46441 (Path Traversal: '.../...//' vulnerability in ctltwp Section
Widget all ...)
@@ -215,7 +215,7 @@ CVE-2025-43833 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-43832 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-43714 (The ChatGPT system through 2025-03-30 performs inline
rendering of SVG ...)
- TODO: check
+ NOT-FOR-US: ChatGPT
CVE-2025-41429 (a-blog cms multiple versions neutralize logs improperly. If
this vulne ...)
NOT-FOR-US: a-blog cms
CVE-2025-3908 (The configuration initialization tool in OpenVPN 3 Linux v20
through v ...)
@@ -349,15 +349,15 @@ CVE-2025-31185 (A logic issue was addressed with improved
checks. This issue is
CVE-2025-31027 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30072 (Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass
by Captu ...)
- TODO: check
+ NOT-FOR-US: Tiiwee X1 Alarm System
CVE-2025-2099 (A vulnerability in the `preprocess_string()` function of the
`transfor ...)
- TODO: check
+ NOT-FOR-US: huggingface/transformers
CVE-2025-28371 (EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to
Incorrect Acces ...)
- TODO: check
+ NOT-FOR-US: EnGenius
CVE-2025-27566 (Path traversal vulnerability exists in a-blog cms versions
prior to Ve ...)
- TODO: check
+ NOT-FOR-US: a-blog cms
CVE-2025-27010 (Path Traversal: '.../...//' vulnerability in bslthemes Tastyc
allows P ...)
- TODO: check
+ NOT-FOR-US: bslthemes Tastyc
CVE-2025-26997 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26920 (Missing Authorization vulnerability in PressMaximum Customify
allows E ...)
@@ -371,7 +371,7 @@ CVE-2025-26867 (Missing Authorization vulnerability in
Themes4WP Bulk allows Acc
CVE-2025-26735 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26621 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2025-24189 (The issue was addressed with improved checks. This issue is
fixed in S ...)
NOT-FOR-US: Apple
CVE-2025-24184 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -403,7 +403,7 @@ CVE-2025-22678 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-22287 (Missing Authorization vulnerability in Eniture Technology LTL
Freight ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-55063 (Multiple Code Injection vulnerabilities in EasyVirt DC
NetScope <= 8.7 ...)
- TODO: check
+ NOT-FOR-US: EasyVirt DC NetScope
CVE-2024-51106 (A cross-site scripting (XSS) vulnerability in the component
mcgs/admin ...)
NOT-FOR-US: PHPGurukul
CVE-2024-4878
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84b920f1d42ee66fe1988edfdf966f79f4a90ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84b920f1d42ee66fe1988edfdf966f79f4a90ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
