Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
16a2c37d by Moritz Muehlenhoff at 2025-03-11T11:58:03+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -195,7 +195,7 @@ CVE-2025-27254 (Improper Authentication vulnerability in GE
Vernova EnerVista UR
CVE-2025-27253 (An improper input validation in GE Vernova UR IED family
devices from ...)
NOT-FOR-US: GE Vernova UR IED family devices
CVE-2025-27136 (LocalS3 is an Amazon S3 mock service for testing and local
development ...)
- TODO: check
+ NOT-FOR-US: LocalS3
CVE-2025-26936 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-26933 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -213,7 +213,7 @@ CVE-2025-26695 (When requesting an OpenPGP key from a WKD
server, an incorrect p
- thunderbird 1:128.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-26695
CVE-2025-25977 (An issue in canvg v.4.0.2 allows an attacker to execute
arbitrary code ...)
- TODO: check
+ NOT-FOR-US: canvg
CVE-2025-25940 (VisiCut 2.1 allows code execution via Insecure XML
Deserialization in ...)
NOT-FOR-US: VisiCut
CVE-2025-25620 (Unifiedtransform 2.0 is vulnerable to Cross Site Scripting
(XSS) in th ...)
@@ -234,7 +234,8 @@ CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal
Dot) leading toRemote Co
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq
CVE-2025-24387 (A vulnerability in OTRS Application Server allows session
hijacking du ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure
it out
CVE-2025-22603 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
NOT-FOR-US: AutoGPT
CVE-2025-1945 (picklescan before 0.0.23 fails to detect malicious pickle files
inside ...)
@@ -246,7 +247,7 @@ CVE-2025-1497 (A vulnerability, that could result in Remote
Code Execution (RCE)
CVE-2025-1296 (Nomad Community and Nomad Enterprise (\u201cNomad\u201d) are
vulnerabl ...)
- nomad <removed>
CVE-2024-57492 (An issue in redoxOS relibc before commit 98aa4ea5 allows a
local attac ...)
- TODO: check
+ NOT-FOR-US: redoxOS relibc
CVE-2024-56188 (there is a possible way to crash the modem due to a missing
null check ...)
NOT-FOR-US: Google devices
CVE-2024-56187 (In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible
arbitrar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a2c37df035c82868b48ff3955b3f7028fbe0e4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a2c37df035c82868b48ff3955b3f7028fbe0e4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
