Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9352c338 by Salvatore Bonaccorso at 2025-08-22T22:41:38+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-9341 (Uncontrolled Resource Consumption vulnerability in Legion of
the Bounc ...)
- TODO: check
+ NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian
package for Bouncycastle
CVE-2025-9340 (Out-of-bounds Write vulnerability in Legion of the Bouncy
Castle Inc. ...)
- TODO: check
+ NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian
package for Bouncycastle
CVE-2025-9331 (The Spacious theme for WordPress is vulnerable to unauthorized
modific ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9259 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
@@ -111,31 +111,31 @@ CVE-2025-54813 (Improper Output Neutralization for Logs
vulnerability in Apache
CVE-2025-54812 (Improper Output Neutralization for Logs vulnerability in
Apache Log4cx ...)
TODO: check
CVE-2025-53363 (dpanel is an open source server management panel written in
Go. In ver ...)
- TODO: check
+ NOT-FOR-US: Dpanel
CVE-2025-52287 (OperaMasks SDK ELite Script Engine v0.5.0 was discovered to
contain a ...)
- TODO: check
+ NOT-FOR-US: OperaMasks SDK ELite Script Engine
CVE-2025-52095 (An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to
escalate ...)
- TODO: check
+ NOT-FOR-US: PDQ Smart Deploy
CVE-2025-52094 (Insecure Permissions vulnerability in PDQ Smart Deploy
V.3.0.2040 allo ...)
- TODO: check
+ NOT-FOR-US: PDQ Smart Deploy
CVE-2025-52085 (An SQL injection vulnerability in Yoosee application v6.32.4
allows au ...)
- TODO: check
+ NOT-FOR-US: Yoosee application
CVE-2025-51825 (JeecgBoot versions from 3.4.3 up to 3.8.0 were found to
contain a SQL ...)
- TODO: check
+ NOT-FOR-US: JeecgBoot
CVE-2025-51605 (An issue was discovered in Shopizer 3.2.7. The server's CORS
implement ...)
- TODO: check
+ NOT-FOR-US: Shopizer
CVE-2025-51092 (The LogIn-SignUp project by VishnuSivadasVS is vulnerable to
SQL Injec ...)
- TODO: check
+ NOT-FOR-US: LogIn-SignUp project
CVE-2025-50859 (Reflected Cross-Site Scripting in the Change Template function
in Easy ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2025-50858 (Reflected Cross-Site Scripting in the List MySQL Databases
function in ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2025-50733 (NextChat contains a cross-site scripting (XSS) vulnerability
in the HT ...)
TODO: check
CVE-2025-50691 (MCSManager 10.5.3 daemon process runs as a root account by
default, an ...)
- TODO: check
+ NOT-FOR-US: MCSManager
CVE-2025-50674 (An issue was discovered in the changePassword method in file
/usr/shar ...)
- TODO: check
+ NOT-FOR-US: OpenMediaVault
CVE-2025-4650 (User with high privileges is able to introduce a SQLi using the
Meta S ...)
NOT-FOR-US: Centreon
CVE-2025-43762 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0 thro ...)
@@ -157,19 +157,19 @@ CVE-2025-29366 (In mupen64plus v2.6.0 there is an array
overflow vulnerability i
CVE-2025-29365 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer
Overflow ...)
TODO: check
CVE-2024-56179 (In MindManager Windows versions prior to 24.1.150, attackers
could pot ...)
- TODO: check
+ NOT-FOR-US: MindManager Windows
CVE-2024-53499 (Jeewms v3.7 was discovered to contain a SQL injection
vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: Jeewms
CVE-2024-53496 (Incorrect access control in the doFilter function of my-site
v1.0.2.RE ...)
- TODO: check
+ NOT-FOR-US: my-site
CVE-2024-53494 (Incorrect access control in the preHandle function of
SpringBootBlog v ...)
- TODO: check
+ NOT-FOR-US: SpringBootBlog
CVE-2024-52786 (An authentication bypass vulnerability in anji-plus AJ-Report
up to v1 ...)
- TODO: check
+ NOT-FOR-US: anji-plus AJ-Report
CVE-2024-50645 (MallChat v1.0-SNAPSHOT has an authentication bypass
vulnerability. An ...)
- TODO: check
+ NOT-FOR-US: MallChat
CVE-2024-50644 (zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: zhisheng17 blog
CVE-2024-48988 (SQL Injection vulnerability in Apache StreamPark. This issue
affects ...)
TODO: check
CVE-2009-10006 (UFO: Alien Invasion versions up to and including 2.2.1 contain
a buffe ...)
@@ -259592,7 +259592,7 @@ CVE-2022-43112
CVE-2022-43111
RESERVED
CVE-2022-43110 (Voltronic Power ViewPower through 1.04-21353 and PowerShield
Netguard ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower
CVE-2022-43109 (D-Link DIR-823G v1.0.2 was found to contain a command
injection vulner ...)
NOT-FOR-US: D-Link
CVE-2022-43108 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack
overflow ...)
@@ -291883,7 +291883,7 @@ CVE-2022-31493 (LibreHealth EHR Base 2.0.0 allows
gacl/admin/acl_admin.php acl_i
CVE-2022-31492 (Cross Site scripting (XSS) vulnerability inLibreHealth EHR
Base 2.0.0 ...)
NOT-FOR-US: LibreHealth EHR Base
CVE-2022-31491 (Voltronic Power ViewPower through 1.04-24215, ViewPower Pro
through 2. ...)
- TODO: check
+ NOT-FOR-US: Voltronic Power ViewPower
CVE-2022-31490
RESERVED
CVE-2022-31489 (Inout Blockchain AltExchanger 1.2.1 allows
index.php/home/about inouti ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9352c338a591067f6275d3a08704d7403b5d86ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9352c338a591067f6275d3a08704d7403b5d86ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
