Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5f3c2f0 by Salvatore Bonaccorso at 2025-06-18T22:37:28+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,15 +15,15 @@ CVE-2025-4820 (Impact Cloudflare quiche was discovered to
be vulnerable to inco
CVE-2025-49015 (The Couchbase .NET SDK (client library) before 3.7.1 does not
properly ...)
- libcouchbase <itp> (bug #691903)
CVE-2025-46157 (An issue in EfroTech Time Trax v.1.0 allows a remote attacker
to execu ...)
- TODO: check
+ NOT-FOR-US: EfroTech Time Trax
CVE-2025-46109 (SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10
allows a ...)
- TODO: check
+ NOT-FOR-US: pbootCMS
CVE-2025-45786 (Real Estate Management 1.0 is vulnerable to Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Real Estate Management
CVE-2025-45784 (D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded
provisioning va ...)
NOT-FOR-US: D-Link
CVE-2025-45661 (A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1
beta allo ...)
- TODO: check
+ NOT-FOR-US: miniTCG
CVE-2025-44952 (A missing length check in `ogs_pfcp_subnet_add` function from
PFCP lib ...)
TODO: check
CVE-2025-44951 (A missing length check in `ogs_pfcp_dev_add` function from
PFCP librar ...)
@@ -35,13 +35,13 @@ CVE-2025-36048 (IBM webMethods Integration Server 10.5,
10.7, 10.11, and 10.15 c
CVE-2025-29646 (An issue in upf in open5gs 2.7.2 and earlier allows a remote
attacker ...)
TODO: check
CVE-2025-26199 (An issue in CloudClassroom PHP Project v.1.0 allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: CloudClassroom PHP Project
CVE-2025-26198 (CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL
Injection in log ...)
- TODO: check
+ NOT-FOR-US: CloudClassroom PHP Project
CVE-2025-23999 (Missing Authorization vulnerability in Cloudways Breeze allows
Exploit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-20271 (A vulnerability in the Cisco AnyConnect VPN server of Cisco
Meraki MX ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20260 (A vulnerability in the PDF scanning processes of ClamAV could
allow an ...)
TODO: check
CVE-2025-20234 (A vulnerability in Universal Disk Format (UDF) processing of
ClamAV co ...)
@@ -1574,7 +1574,7 @@ CVE-2025-5141 (A binary in the BoKS Server Agent
component of Fortra's Core Priv
CVE-2025-4879 (Local Privilege escalation allows a low-privileged user to gain
SYSTEM ...)
NOT-FOR-US: Citrix
CVE-2025-4754 (Insufficient Session Expiration vulnerability in ash-project
ash_authe ...)
- TODO: check
+ NOT-FOR-US: ash-project ash_authentication_phoenix
CVE-2025-4404 (A privilege escalation from host to domain vulnerability was
found in ...)
TODO: check
CVE-2025-4365 (Arbitrary file read inNetScaler Console and NetScaler SDX (SVM))
@@ -1728,13 +1728,13 @@ CVE-2025-45880 (A cross-site scripting (XSS)
vulnerability in the data resource
CVE-2025-45879 (A cross-site scripting (XSS) vulnerability in the e-mail
manager funct ...)
NOT-FOR-US: Miliaris Amigdala
CVE-2025-45878 (A cross-site scripting (XSS) vulnerability in the report
manager funct ...)
- TODO: check
+ NOT-FOR-US: Miliaris Amigdala
CVE-2025-45526 (A denial of service (DoS) vulnerability has been identified in
the Jav ...)
- TODO: check
+ NOT-FOR-US: microlight
CVE-2025-45525 (A null pointer dereference vulnerability was discovered in
microlight. ...)
- TODO: check
+ NOT-FOR-US: microlight
CVE-2025-40674 (Reflected Cross-Site Scripting (XSS) in osCommerce v4. This
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2025-3880 (The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin
for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3515 (The Drag and Drop Multiple File Upload for Contact Form 7
plugin for W ...)
@@ -1774,15 +1774,15 @@ CVE-2025-30618 (Deserialization of Untrusted Data
vulnerability in yuliaz Rapyd
CVE-2025-30562 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-29002 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2025-28991 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2025-28972 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2025-24773 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2025-24761 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2025-0320 (Local Privilege escalation allows a low-privileged user to gain
SYSTEM ...)
NOT-FOR-US: Citrix
CVE-2024-40570 (SQL Injection vulnerability in SeaCMS v.12.9 allows a remote
attacker ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f3c2f07a55471027fc52895d200808b57f4c61
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f3c2f07a55471027fc52895d200808b57f4c61
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
