Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
08c6e981 by Moritz Muehlenhoff at 2025-06-12T12:46:35+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,9 +41,9 @@ CVE-2023-36636
CVE-2022-4976 (Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains
a bundl ...)
TODO: check
CVE-2025-6002 (An unrestricted file upload vulnerability exists in the Product
Image ...)
- TODO: check
+ NOT-FOR-US: VirtueMart
CVE-2025-6001 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
produc ...)
- TODO: check
+ NOT-FOR-US: VirtueMart
CVE-2025-5687 (A vulnerability in Mozilla VPN on macOS allows privilege
escalation fr ...)
NOT-FOR-US: Mozilla VPN on macOS
CVE-2025-5144 (The The Events Calendar plugin for WordPress is vulnerable to
Stored C ...)
@@ -59,9 +59,9 @@ CVE-2025-4315 (The CubeWP \u2013 All-in-One Dynamic Content
Framework plugin for
CVE-2025-4128 (Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to
proper ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-49150 (Cursor is a code editor built for programming with AI. Prior
to 0.51.0 ...)
- TODO: check
+ NOT-FOR-US: Cursor
CVE-2025-49148 (ClipShare is a lightweight and cross-platform tool for
clipboard shari ...)
- TODO: check
+ NOT-FOR-US: ClipShare
CVE-2025-49146 (pgjdbc is an open source postgresql JDBC Driver. From 42.7.4
and until ...)
- libpgjava <unfixed> (bug #1107696)
NOTE:
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54
@@ -79,11 +79,11 @@ CVE-2025-48444 (Missing Authorization vulnerability in
Drupal Quick Node Block a
CVE-2025-48013 (Missing Authorization vulnerability in Drupal Quick Node Block
allows ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-41663 (An unauthenticated remote attacker in a man-in-the-middle
position can ...)
- TODO: check
+ NOT-FOR-US: Weidmueller
CVE-2025-41662 (An unauthenticated remote attacker can execute arbitrary
commands with ...)
- TODO: check
+ NOT-FOR-US: Weidmueller
CVE-2025-41661 (An unauthenticated remote attacker can execute arbitrary
commands with ...)
- TODO: check
+ NOT-FOR-US: Weidmueller
CVE-2025-40915 (Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random
number sour ...)
NOT-FOR-US: Mojolicious::Plugin::CSRF Perl module
CVE-2025-40914 (Perl CryptX before version 0.087 contains a dependency that
may be sus ...)
@@ -106,7 +106,7 @@ CVE-2025-3473 (IBM Security Guardium 12.1 could allow a
local privileged user to
CVE-2025-3302 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-35941 (A password is exposed locally.)
- TODO: check
+ NOT-FOR-US: mySCADA
CVE-2025-32711 (Ai command injection in M365 Copilot allows an unauthorized
attacker t ...)
NOT-FOR-US: Microsoft
CVE-2025-32466 (A SQL injection vulnerability in RSMediaGallery! component
1.7.4 - 2.1 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08c6e9815883ec9a7b84c767e64c17ad56522185
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08c6e9815883ec9a7b84c767e64c17ad56522185
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
