Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2248162c by security tracker role at 2025-04-23T20:13:05+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR
archive can have filenam
CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before
7.1.1-44, ...)
TODO: check
CVE-2025-45429 (In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi,
there i ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-45428 (In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the
rebootTime par ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the
security param ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image
depth i ...)
TODO: check
CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk
Managemen ...)
@@ -25,17 +25,17 @@ CVE-2025-42601 (This vulnerability exists in Meon KYC
solutions due to insuffici
CVE-2025-42600 (This vulnerability exists in Meon KYC solutions due to missing
restric ...)
TODO: check
CVE-2025-3907 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Search API S ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3904 (Vulnerability in Drupal Sportsleague.This issue affects
Sportsleague: ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3903 (Vulnerability in Drupal UEditor -
\u767e\u5ea6\u7f16\u8f91\u5668.This ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3902 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3901 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3900 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-3673
REJECTED
CVE-2025-32969 (XWiki is a generic wiki platform. In versions starting from
1.8 and pr ...)
@@ -45,7 +45,7 @@ CVE-2025-32968 (XWiki is a generic wiki platform. In versions
starting from 1.6-
CVE-2025-32966 (DataEase is an open-source BI tool alternative to Tableau.
Prior to ve ...)
TODO: check
CVE-2025-32818 (A Null Pointer Dereference vulnerability in the SonicOS SSLVPN
Virtual ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-2773 (BEC Technologies Multiple Routers sys ping Command Injection
Remote Co ...)
TODO: check
CVE-2025-2772 (BEC Technologies Multiple Routers Insufficiently Protected
Credentials ...)
@@ -99,7 +99,7 @@ CVE-2025-1521 (PostHog slack_incoming_webhook Server-Side
Request Forgery Inform
CVE-2025-1520 (PostHog ClickHouse Table Functions SQL Injection Remote Code
Execution ...)
TODO: check
CVE-2025-1054 (The UiCore Elements \u2013 Free Elementor widgets and templates
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-1050 (Sonos Era 300 Out-of-Bounds Write Remote Code Execution
Vulnerability. ...)
TODO: check
CVE-2025-1049 (Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution
Vulnera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2248162c586f7638208ee5ee2307b947e0c862ff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2248162c586f7638208ee5ee2307b947e0c862ff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
