Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b24473e1 by Salvatore Bonaccorso at 2025-06-06T22:20:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-5799 (A vulnerability was found in Tenda AC8
16.03.34.09. It has been d
CVE-2025-5798 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been
classi ...)
NOT-FOR-US: Tenda
CVE-2025-5797 (A vulnerability was found in Laundry Laundry System 1.0 and
classified ...)
- TODO: check
+ NOT-FOR-US: Laundry Laundry System
CVE-2025-5796 (A vulnerability has been found in code-projects Laundry System
1.0 and ...)
NOT-FOR-US: code-projects
CVE-2025-5795 (A vulnerability, which was classified as critical, was found in
Tenda ...)
@@ -13,23 +13,23 @@ CVE-2025-5795 (A vulnerability, which was classified as
critical, was found in T
CVE-2025-5794 (A vulnerability, which was classified as critical, has been
found in T ...)
NOT-FOR-US: Tenda
CVE-2025-5793 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5792 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5791 (A flaw was found in the user's crate for Rust. This
vulnerability allo ...)
TODO: check
CVE-2025-5790 (A vulnerability classified as critical was found in TOTOLINK
X15 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5789 (A vulnerability classified as critical has been found in
TOTOLINK X15 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5788 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105.
It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5787 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105.
It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5786 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105.
It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5785 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105
and cla ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5784 (A vulnerability has been found in PHPGurukul Employee Record
Managemen ...)
NOT-FOR-US: PHPGurukul
CVE-2025-5783 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
@@ -41,7 +41,7 @@ CVE-2025-5780 (A vulnerability was found in code-projects
Patient Record Managem
CVE-2025-5779 (A vulnerability has been found in code-projects Patient Record
Managem ...)
NOT-FOR-US: code-projects
CVE-2025-5778 (A vulnerability, which was classified as critical, was found in
1000 P ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects ABC Courier Management System
CVE-2025-5766 (A vulnerability was found in code-projects Laundry System 1.0.
It has ...)
NOT-FOR-US: code-projects
CVE-2025-5765 (A vulnerability was found in code-projects Laundry System 1.0.
It has ...)
@@ -67,181 +67,181 @@ CVE-2025-5756 (A vulnerability was found in code-projects
Real Estate Property M
CVE-2025-5755 (A vulnerability was found in SourceCodester Open Source Clinic
Managem ...)
NOT-FOR-US: SourceCodester
CVE-2025-5751 (WOLFBOX Level 2 EV Charger Management Card Hard-coded
Credentials Auth ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger Management Card
CVE-2025-5750 (WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse
Heap-b ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger
tuya_svc_devos_activate_result_parse
CVE-2025-5749 (WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized
Variable ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger
CVE-2025-5748 (WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger
CVE-2025-5747 (WOLFBOX Level 2 EV Charger MCU Command Parsing
Misinterpretation of In ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger
CVE-2025-5739 (A vulnerability classified as critical has been found in
TOTOLINK X15 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5738 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105.
It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5737 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105.
It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5481 (Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Sante DICOM Viewer Pro
CVE-2025-5480 (Action1 Uncontrolled Search Path Element Local Privilege
Escalation Vu ...)
- TODO: check
+ NOT-FOR-US: Action1
CVE-2025-5474 (2BrightSparks SyncBackFree Link Following Local Privilege
Escalation V ...)
- TODO: check
+ NOT-FOR-US: 2BrightSparks SyncBackFree
CVE-2025-5473 (GIMP ICO File Parsing Integer Overflow Remote Code Execution
Vulnerabi ...)
TODO: check
CVE-2025-5239 (The Domain For Sale plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5192 (A missing authentication for critical function vulnerability in
the cl ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-49599 (Huawei EG8141A5 devices through V5R019C00S100, EG8145V5
devices throug ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-49453 (Cross-Site Request Forgery (CSRF) vulnerability in Jatinder
Pal Singh ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49450 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49449 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map
Plugins Inte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49446 (Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao
Admin No ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49445 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map
Plugins Inte ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49443 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49442 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49441 (Missing Authorization vulnerability in WP Map Plugins
Interactive Regi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49440 (Cross-Site Request Forgery (CSRF) vulnerability in Vuong
Nguyen WP Sec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49439 (Cross-Site Request Forgery (CSRF) vulnerability in
mariusz88atelierweb ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49435 (Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp
Easy Al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49429 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49427 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49425 (Cross-Site Request Forgery (CSRF) vulnerability in Adrian
Hanft Konami ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49421 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49419 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49333 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49332 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople
WP Time ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49329 (Unrestricted Upload of File with Dangerous Type vulnerability
in Agile ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49328 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49327 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49326 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49325 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49324 (Missing Authorization vulnerability in PickPlugins Job Board
Manager a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49323 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49322 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49320 (Missing Authorization vulnerability in fraudlabspro FraudLabs
Pro for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49318 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49317 (Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page
Loading ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49315 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49314 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49313 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49311 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49310 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49309 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49308 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49307 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49304 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49301 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49299 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49298 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49294 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cod ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49293 (Missing Authorization vulnerability in CodeRevolution
Crawlomatic Mult ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49292 (Improper Validation of Specified Quantity in Input
vulnerability in Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49291 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople
Calculat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49289 (Missing Authorization vulnerability in add-ons.org PDF for
WPForms all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49288 (Missing Authorization vulnerability in Rustaurius Ultimate WP
Mail all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49287 (Missing Authorization vulnerability in WebToffee Product Feed
for WooC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49286 (Cross-Site Request Forgery (CSRF) vulnerability in WP Table
Builder WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49285 (Cross-Site Request Forgery (CSRF) vulnerability in WP Legal
Pages WP C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49284 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP
Maintenan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49283 (Cross-Site Request Forgery (CSRF) vulnerability in Matthias
Nordwig An ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49273 (Cross-Site Request Forgery (CSRF) vulnerability in Bill
Minozzi WP Too ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49272 (Missing Authorization vulnerability in sergiotrinity Trinity
Audio all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49270 (Missing Authorization vulnerability in Mario Peshev WP-CRM
System allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49269 (Cross-Site Request Forgery (CSRF) vulnerability in Anton
Vanyukov Mark ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49268 (Missing Authorization vulnerability in Soft8Soft LLC Verge3D
allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49263 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49262 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49250 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49248 (Missing Authorization vulnerability in cmoreira Team Showcase
allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49246 (Missing Authorization vulnerability in cmoreira Testimonials
Showcase ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49244 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49243 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49242 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49241 (Missing Authorization vulnerability in bobbingwide oik allows
Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49240 (Missing Authorization vulnerability in nK DocsPress allows
Exploiting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49239 (Cross-Site Request Forgery (CSRF) vulnerability in
tychesoftwares Prin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49238 (Cross-Site Request Forgery (CSRF) vulnerability in
everestthemes Evere ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49237 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor
POEditor a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49236 (Missing Authorization vulnerability in raychat Raychat allows
Accessin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49235 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49077 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh
Dynamic P ...)
@@ -253,9 +253,9 @@ CVE-2025-49075 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-49074 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49073 (Deserialization of Untrusted Data vulnerability in Axiomthemes
Sweet D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49072 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Mr. Mu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49068 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49067 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -263,15 +263,15 @@ CVE-2025-49067 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-49011 (SpiceDB is an open source database for storing and querying
fine-grain ...)
TODO: check
CVE-2025-48784 (A missing authorization vulnerability in Soar Cloud HRD Human
Resource ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48783 (An external control of file name or path vulnerability in the
delete f ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48782 (An unrestricted upload of file with dangerous type
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48781 (An external control of file name or path vulnerability in the
download ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48780 (A deserialization of untrusted data vulnerability in the
download file ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48337 (Missing Authorization vulnerability in QuickcabWP
QuickCab.This issue ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48335 (Missing Authorization vulnerability in CyberChimps Responsive
Plus all ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24473e1c5a2f4ef1121762cbddcfef263d3a81a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24473e1c5a2f4ef1121762cbddcfef263d3a81a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
