Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6a4c0c6 by Salvatore Bonaccorso at 2025-02-12T15:18:23+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,7 +85,7 @@ CVE-2025-25203 (CtrlPanel is open-source billing software for
hosting providers.
CVE-2025-23359 (NVIDIA Container Toolkit for Linux contains a Time-of-Check
Time-of-Us ...)
NOT-FOR-US: NVIDIA Container Toolkit
CVE-2025-1243 (The Temporal api-go library prior to version 1.44.1 did not
send `upda ...)
- TODO: check
+ NOT-FOR-US: Temporal api-go library
CVE-2025-1240 (WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code
Execution Vulne ...)
NOT-FOR-US: WinZip
CVE-2025-1186 (A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It
has been ...)
@@ -486,7 +486,7 @@ CVE-2025-1126 (A Reliance on Untrusted Inputs in a Security
Decision vulnerabili
CVE-2025-1052 (Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote
Code Exec ...)
NOT-FOR-US: Mintty
CVE-2025-1044 (Logsign Unified SecOps Platform Authentication Bypass
Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Logsign
CVE-2025-0911 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read
Information Dis ...)
NOT-FOR-US: PDF-XChange Editor
CVE-2025-0910 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote
Code Ex ...)
@@ -734,7 +734,7 @@ CVE-2025-1144 (School Affairs System from Quanxun has an
Exposure of Sensitive I
CVE-2025-1143 (Certain models of routers from Billion Electric has hard-coded
embedde ...)
NOT-FOR-US: Billion Electric
CVE-2025-1002 (MicroDicom DICOM Viewerversion 2024.03 fails to adequately
verify the ...)
- TODO: check
+ NOT-FOR-US: MicroDicom
CVE-2025-0499
REJECTED
CVE-2025-0181 (The WP Foodbakery plugin for WordPress is vulnerable to
privilege esca ...)
@@ -1475,7 +1475,7 @@ CVE-2025-24531 [Possible Authentication Bypass in Error
Situations]
NOTE: Introduced with:
https://github.com/OpenSC/pam_pkcs11/commit/bac6cf8e0b242e508e8b715e7f78d52f1227840a
(pam_pkcs11-0.6.12)
NOTE: Fixed by:
https://github.com/OpenSC/pam_pkcs11/commit/2ecba68d404c3112546a9e802e3776b9f6c50a6a
(pam_pkcs11-0.6.13)
CVE-2025-24981 (MDC is a tool to take regular Markdown and write documents
interacting ...)
- TODO: check
+ NOT-FOR-US: MDC
CVE-2025-24787 (WhoDB is an open source database management tool. In affected
versions ...)
NOT-FOR-US: WhoDB
CVE-2025-24786 (WhoDB is an open source database management tool. While the
applicatio ...)
@@ -1513,7 +1513,7 @@ CVE-2025-1074 (A vulnerability, which was classified as
problematic, was found i
CVE-2025-0994 (Trimble Cityworks versions prior to 15.8.9 and Cityworks with
office c ...)
NOT-FOR-US: Trimble Cityworks
CVE-2025-0982 (Sandbox escape in the JavaScript Task feature of Google Cloud
Applicat ...)
- TODO: check
+ NOT-FOR-US: JavaScript Task feature of Google Cloud Application
Integration
CVE-2025-0859 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and
Drop Edit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-57962 (Vulnerability of incomplete verification information in the
VPN servic ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6a4c0c67f50cb0ddc3772cba28580fd6fa92025
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6a4c0c67f50cb0ddc3772cba28580fd6fa92025
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
