Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52b3fe48 by Salvatore Bonaccorso at 2025-05-23T22:50:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2025-5096 (The TablePress plugin for WordPress is
vulnerable to DOM-Based St
CVE-2025-4975 (When a notification relating to low battery appears for a user
with wh ...)
NOT-FOR-US: TP-Link
CVE-2025-4692 (Actors can use a maliciously crafted JavaScript object notation
(JSON) ...)
- TODO: check
+ NOT-FOR-US: ABUP
CVE-2025-4642
REJECTED
CVE-2025-4594 (The Tournamatch plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
@@ -35,9 +35,9 @@ CVE-2025-4594 (The Tournamatch plugin for WordPress is
vulnerable to Stored Cros
CVE-2025-4562
REJECTED
CVE-2025-4379 (DobryCMS in versions 2.* and lower is vulnerable to Reflected
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: DobryCMS
CVE-2025-4338 (Lantronix Device installer is vulnerable to XML external entity
(XXE) ...)
- TODO: check
+ NOT-FOR-US: Lantronix Device installer
CVE-2025-48741 (A Broken Access Control vulnerability in StrangeBee TheHive
5.2.0 befo ...)
NOT-FOR-US: StrangeBee TheHive
CVE-2025-48740 (A Cross-Site Request Forgery (CSRF) vulnerability in
StrangeBee TheHiv ...)
@@ -59,7 +59,7 @@ CVE-2025-48376 (DNN (formerly DotNetNuke) is an open-source
web content manageme
CVE-2025-48375 (Schule is open-source school management system software. Prior
to vers ...)
NOT-FOR-US: Schule open-source school management system
CVE-2025-48374 (zot is ancontainer image/artifact registry based on the Open
Container ...)
- TODO: check
+ NOT-FOR-US: zot
CVE-2025-48373 (Schule is open-source school management system software. The
applicati ...)
NOT-FOR-US: Schule open-source school management system
CVE-2025-48372 (Schule is open-source school management system software. The
generateO ...)
@@ -69,19 +69,19 @@ CVE-2025-48371 (OpenFGA is an authorization/permission
engine. OpenFGA versions
CVE-2025-48292 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48289 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Kids P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48287 (Deserialization of Untrusted Data vulnerability in Pagaleve
Pix 4x sem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48286 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48283 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48275 (Missing Authorization vulnerability in dastan800 Visual Header
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48273 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48271 (Missing Authorization vulnerability in Leadinfo Leadinfo
allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48245 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48241 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -89,7 +89,7 @@ CVE-2025-48241 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-47690 (Missing Authorization vulnerability in smackcoders Lead Form
Data Coll ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47687 (Unrestricted Upload of File with Dangerous Type vulnerability
in Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47680 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47678 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -97,31 +97,31 @@ CVE-2025-47678 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-47673 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47672 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47671 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47670 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47663 (Unrestricted Upload of File with Dangerous Type vulnerability
in mojoo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47660 (Deserialization of Untrusted Data vulnerability in Codexpert,
Inc WC A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47658 (Unrestricted Upload of File with Dangerous Type vulnerability
in ELEXt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47646 (Weak Password Recovery Mechanism for Forgotten Password
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47642 (Unrestricted Upload of File with Dangerous Type vulnerability
in Ajar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47641 (Unrestricted Upload of File with Dangerous Type vulnerability
in print ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47640 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47637 (Unrestricted Upload of File with Dangerous Type vulnerability
in STAGG ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47631 (Incorrect Privilege Assignment vulnerability in mojoomla
Hospital Mana ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47619 (Missing Authorization vulnerability in 6Storage 6Storage
Rentals allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47618 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47613 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -129,9 +129,9 @@ CVE-2025-47613 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-47611 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47603 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47599 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47575 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47568 (Deserialization of Untrusted Data vulnerability in ZoomIt
ZoomSounds a ...)
@@ -139,15 +139,15 @@ CVE-2025-47568 (Deserialization of Untrusted Data
vulnerability in ZoomIt ZoomSo
CVE-2025-47558 (Missing Authorization vulnerability in RomanCode MapSVG allows
Accessi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47541 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47539 (Incorrect Privilege Assignment vulnerability in Themewinter
Eventin al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47535 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47532 (Deserialization of Untrusted Data vulnerability in
CoinPayments CoinPa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47530 (Deserialization of Untrusted Data vulnerability in WPFunnels
WPFunnels ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47529 (Missing Authorization vulnerability in UX Design Experts
Experto CTA W ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47513 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -155,23 +155,23 @@ CVE-2025-47513 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2025-47512 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47492 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47478 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47461 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47458 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47453 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47438 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47181 (Improper link resolution before file access ('link following')
in Micr ...)
TODO: check
CVE-2025-47149 (The optional feature 'Anti-Virus & Sandbox' of i-FILTER
contains an is ...)
- TODO: check
+ NOT-FOR-US: i-FILTER
CVE-2025-46539 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46537 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46527 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -179,39 +179,39 @@ CVE-2025-46527 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2025-46526 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46515 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46493 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46490 (Unrestricted Upload of File with Dangerous Type vulnerability
in wordw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46488 (Missing Authorization vulnerability in dastan800 Visual
Builder allows ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46487 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46486 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46474 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46468 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46463 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46460 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46458 (Cross-Site Request Forgery (CSRF) vulnerability in x000x
occupancyplan ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46456 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46455 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46454 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46448 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46446 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46444 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46440 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -221,29 +221,29 @@ CVE-2025-46437 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-46176 (Hardcoded credentials in the Telnet service in D-Link DIR-605L
v2.13B0 ...)
NOT-FOR-US: D-Link
CVE-2025-44998 (A stored cross-site scripting (XSS) vulnerability in the
component /ti ...)
- TODO: check
+ NOT-FOR-US: TinyFileManager
CVE-2025-43860 (OpenEMR is a free and open source electronic health records
and medica ...)
NOT-FOR-US: OpenEMR
CVE-2025-41407 (Zohocorp ManageEngine ADAudit Plus versions below 8511 are
vulnerable ...)
NOT-FOR-US: Zoho
CVE-2025-41380 (Iridium Certus 700 version 1.0.1 has an embedded credentials
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Iridium Certus 700
CVE-2025-41379 (The Intellian C700 web panel allows you to add firewall rules.
Each of ...)
- TODO: check
+ NOT-FOR-US: Intellian C700 web panel
CVE-2025-41378 (The SSID field is not parsed correctly and can be used to
inject comma ...)
- TODO: check
+ NOT-FOR-US: Intellian
CVE-2025-41377 (Cryptographic vulnerability in Iridium Certus 700. This
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Intellian
CVE-2025-3895 (Token used for resetting passwords in MegaBIP softwareare
generated us ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2025-3894 (Text editor embedded into MegaBIP software does not neutralize
user in ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2025-3893 (While editing pages managed by MegaBIP a user with high
privileges is ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2025-3580 (An access control vulnerability was discovered in Grafana OSS
where an ...)
TODO: check
CVE-2025-39536 (Missing Authorization vulnerability in Chimpstudio JobHunt Job
Alerts ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39506 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -265,13 +265,13 @@ CVE-2025-39495 (Deserialization of Untrusted Data
vulnerability in BoldThemes Av
CVE-2025-39494 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39490 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39489 (Incorrect Privilege Assignment vulnerability in pebas CouponXL
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39485 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Grand To ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39480 (Deserialization of Untrusted Data vulnerability in ThemeMakers
Car Dea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-36527 (Zohocorp ManageEngineADAudit Plus versions below 8511 are
vulnerable t ...)
NOT-FOR-US: Zoho
CVE-2025-32967 (OpenEMR is a free and open source electronic health records
and medica ...)
@@ -279,35 +279,35 @@ CVE-2025-32967 (OpenEMR is a free and open source
electronic health records and
CVE-2025-32794 (OpenEMR is a free and open source electronic health records
and medica ...)
NOT-FOR-US: OpenEMR
CVE-2025-32309 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32302 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32294 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32293 (Deserialization of Untrusted Data vulnerability in
designthemes Financ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32292 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Jarvis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32289 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32286 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32285 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32284 (Deserialization of Untrusted Data vulnerability in
designthemes Pet Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31927 (Deserialization of Untrusted Data vulnerability in themeton
Acerola al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31924 (Deserialization of Untrusted Data vulnerability in
designthemes Crafts ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31918 (Incorrect Privilege Assignment vulnerability in quantumcloud
Simple Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31916 (Unrestricted Upload of File with Dangerous Type vulnerability
in joy20 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31914 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31913 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31912 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31636 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -315,29 +315,29 @@ CVE-2025-31636 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-31633 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31632 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31631 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Fish H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31430 (Deserialization of Untrusted Data vulnerability in themeton
The Busine ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31423 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Umbert ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31397 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31069 (Deserialization of Untrusted Data vulnerability in themeton
HotStar \u ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31064 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31060 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31056 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31053 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31049 (Deserialization of Untrusted Data vulnerability in themeton
Dash allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2394 (Ecovacs Home Android and iOS Mobile Applications up to version
3.3.0 c ...)
- TODO: check
+ NOT-FOR-US: Ecovacs Home Android and iOS Mobile Applications
CVE-2025-24917 (In Tenable Network Monitor versions prior to 6.5.1 on a
Windows host, ...)
TODO: check
CVE-2025-24916 (When installing Tenable Network Monitor to a non-default
location on a ...)
@@ -349,7 +349,7 @@ CVE-2024-9163 (A business logic error in GitLab CE/EE
affecting all versions sta
CVE-2024-7803 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2024-51360 (An issue in Hospital Management System In PHP V4.0 allows a
remote att ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System In PHP
CVE-2024-51108 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
NOT-FOR-US: PHPGurukul
CVE-2024-51107 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
@@ -371,7 +371,7 @@ CVE-2024-13945 (Stored Absolute Path Traversal
vulnerabilities in ASPECT could e
CVE-2023-53154 (parse_string in cJSON before 1.7.18 has a heap-based buffer
over-read ...)
TODO: check
CVE-2023-34873 (On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras
before MX-V5 ...)
- TODO: check
+ NOT-FOR-US: MOBOTIX P3 cameras
CVE-2018-25110 (Marked prior to version 0.3.17 is vulnerable to a Regular
Expression D ...)
TODO: check
CVE-2025-40909 [Thread creation while a directory handle is open does a
fchdir, affecting other threads (race condition)]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52b3fe482fc2f3e3c2a37fa7a887cdac408118b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52b3fe482fc2f3e3c2a37fa7a887cdac408118b4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
