Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e617000 by security tracker role at 2025-04-21T20:12:57+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-43922 (The FileWave Windows client before 16.0.0, in
some non-default c
CVE-2025-43916 (Sonos api.sonos.com through 2025-04-21, when the
/login/v3/oauth endpo ...)
TODO: check
CVE-2025-3857 (When reading binary Ion data through Amazon.IonDotnet using the
RawBin ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-3841 (A vulnerability, which was classified as problematic, was found
in wix ...)
TODO: check
CVE-2025-3840 (An improper neutralization of input vulnerability was
identified in th ...)
@@ -19,7 +19,7 @@ CVE-2025-32431 (Traefik (pronounced traffic) is an HTTP
reverse proxy and load b
CVE-2025-32408 (In Soffid Console 3.6.31 before 3.6.32, authorization to use
the pam s ...)
TODO: check
CVE-2025-2517 (Reference to Expired Domain Vulnerability in OpenText\u2122
ArcSight E ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-2298 (An improper authorization vulnerability in Dremio Software
allows auth ...)
TODO: check
CVE-2025-29660 (A vulnerability exists in the daemon process of the Yi IOT
XY-3820 v6. ...)
@@ -33,7 +33,7 @@ CVE-2025-29287 (An arbitrary file upload vulnerability in the
ueditor component
CVE-2025-28367 (mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via
BetterIm ...)
TODO: check
CVE-2025-28121 (code-projects Online Exam Mastering System 1.0 is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-28104 (Incorrect access control in laskBlog v2.6.1 allows attackers
to access ...)
TODO: check
CVE-2025-28103 (Incorrect access control in laskBlog v2.6.1 allows attackers
to arbitr ...)
@@ -43,7 +43,7 @@ CVE-2025-28102 (A cross-site scripting (XSS) vulnerability in
flaskBlog v2.6.1 a
CVE-2025-28099 (opencms V2.3 is vulnerable to Arbitrary file read in
src/main/webapp/v ...)
TODO: check
CVE-2025-27086 (A vulnerability in the HPE Performance Cluster Manager (HPCM)
GUI coul ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-23174 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor)
TODO: check
CVE-2024-57394 (The quarantine - restore function in Qi-ANXIN Tianqing
Endpoint Securi ...)
@@ -53,11 +53,11 @@ CVE-2024-42699 (Cross Site Scripting vulnerability in
Create/Modify article func
CVE-2024-41446 (A stored cross-site scripting (XSS) vulnerability in Alkacon
OpenCMS v ...)
TODO: check
CVE-2024-12863 (Stored XSS in Discussions in OpenText Content Management CE
20.2 to 25 ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-12862 (Incorrect Authorization vulnerability in the OpenText Content
Server R ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-12543 (User Enumeration and Data Integrity in Barcode functionality
in OpenTe ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-40446
- mimetex <unfixed> (bug #1103801)
NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6170003a18a7024b1f976579fd9936051679fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6170003a18a7024b1f976579fd9936051679fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
