Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
17cb0326 by Salvatore Bonaccorso at 2025-04-30T22:43:09+02:00
Process some NFUs
- - - - -
7d7f4e14 by Salvatore Bonaccorso at 2025-04-30T22:43:26+02:00
Add two new CVEs for joplin, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-4136 (A vulnerability was found in Weitong Mall 1.0.0. It has been
classifie ...)
- TODO: check
+ NOT-FOR-US: Weitong Mall
CVE-2025-4135 (A vulnerability was found in Netgear WG302v2 up to 5.2.9 and
classifie ...)
NOT-FOR-US: Netgear
CVE-2025-4125 (Delta Electronics ISPSoft version 3.20 is vulnerable to
anOut-Of-Bound ...)
@@ -13,9 +13,9 @@ CVE-2025-4121 (A vulnerability was found in Netgear
JWNR2000v2 1.0.0.11. It has
CVE-2025-4120 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It
has been ...)
NOT-FOR-US: Netgear
CVE-2025-4119 (A vulnerability classified as critical was found in Weitong
Mall 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: Weitong Mall
CVE-2025-4118 (A vulnerability classified as critical has been found in
Weitong Mall ...)
- TODO: check
+ NOT-FOR-US: Weitong Mall
CVE-2025-4117 (A vulnerability, which was classified as critical, was found in
Netgea ...)
NOT-FOR-US: Netgear
CVE-2025-4116 (A vulnerability, which was classified as critical, has been
found in N ...)
@@ -37,17 +37,17 @@ CVE-2025-4109 (A vulnerability has been found in PHPGurukul
Pre-School Enrollmen
CVE-2025-4108 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
NOT-FOR-US: PHPGurukul
CVE-2025-46619 (A security issue has been discovered in Couchbase Server
before 7.6.4 ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2025-46558 (XWiki Contrib's Syntax Markdown allows importing Markdown
content into ...)
- TODO: check
+ NOT-FOR-US: XWiki Contrib's Syntax Markdown
CVE-2025-46557 (XWiki is a generic wiki platform. In versions starting from
15.3-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-46554 (XWiki is a generic wiki platform. In versions starting from
1.8.1 to b ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-46342 (Kyverno is a policy engine designed for cloud native platform
engineer ...)
- TODO: check
+ NOT-FOR-US: Kyverno
CVE-2025-46331 (OpenFGA is a high-performance and flexible
authorization/permission en ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2025-45021 (A SQL Injection vulnerability was identified in the
admin/edit-directo ...)
NOT-FOR-US: PHPGurukul
CVE-2025-45020 (A SQL Injection vulnerability was discovered in the
normal-bwdates-rep ...)
@@ -75,9 +75,9 @@ CVE-2025-44193 (SourceCodester Simple Barangay Management
System v1.0 has a SQL
CVE-2025-44192 (SourceCodester Simple Barangay Management System v1.0 has a
SQL inject ...)
NOT-FOR-US: SourceCodester
CVE-2025-3859 (Websites directing users to long URLs that caused eliding to
occur in ...)
- TODO: check
+ NOT-FOR-US: Firefox Focus for iOS
CVE-2025-3599 (Symantec Endpoint Protection Windows Agent, running an ERASER
Engine p ...)
- TODO: check
+ NOT-FOR-US: Symantec Endpoint Protection Windows Agent
CVE-2025-3395 (Incorrect Permission Assignment for Critical Resource,
Cleartext Stora ...)
NOT-FOR-US: ABB group
CVE-2025-3394 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
@@ -87,29 +87,29 @@ CVE-2025-3269
CVE-2025-39413 (Missing Authorization vulnerability in David Gwyer Simple
Sitemap \u20 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-33074 (Improper verification of cryptographic signature in Microsoft
Azure Fu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32974 (XWiki is a generic wiki platform. In versions starting from
15.9-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32973 (XWiki is a generic wiki platform. In versions starting from
15.9-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32972 (XWiki is a generic wiki platform. In versions starting from
6.1-milest ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32971 (XWiki is a generic wiki platform. In versions starting from
4.5.1 to b ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32970 (XWiki is a generic wiki platform. In versions starting from
13.5-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32777 (Volcano is a Kubernetes-native batch scheduling system. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Volcano (Kubernetes-native batch scheduling system)
CVE-2025-32376 (Discourse is an open-source discussion platform. Prior to
versions 3.4 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-30392 (Improper authorization in Azure Bot Framework SDK allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-30391 (Improper input validation in Microsoft Dynamics allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-30390 (Improper authorization in Azure allows an authorized attacker
to eleva ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-30389 (Improper authorization in Azure Bot Framework SDK allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-2890 (The tagDiv Opt-In Builder plugin for WordPress is vulnerable to
time-b ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2170 (A Server-side request forgery (SSRF) vulnerability has been
identified ...)
@@ -117,65 +117,65 @@ CVE-2025-2170 (A Server-side request forgery (SSRF)
vulnerability has been ident
CVE-2025-2156
REJECTED
CVE-2025-2082 (Tesla Model 3 VCSEC Integer Overflow Remote Code Execution
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2025-27611 (base-x is a base encoder and decoder of any given alphabet
using bitco ...)
TODO: check
CVE-2025-27532 (A vulnerability in the \u201cBackup & Restore\u201d
functionality of t ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-27409 (Joplin is a free, open source note taking and to-do
application, which ...)
- TODO: check
+ - joplin <itp> (bug #931306)
CVE-2025-27134 (Joplin is a free, open source note taking and to-do
application, which ...)
- TODO: check
+ - joplin <itp> (bug #931306)
CVE-2025-24887 (OpenCTI is an open-source cyber threat intelligence platform.
In versi ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2025-24351 (A vulnerability in the \u201cRemote Logging\u201d
functionality of the ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24350 (A vulnerability in the \u201cCertificates and Keys\u201d
functionality ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24349 (A vulnerability in the \u201cNetwork Interfaces\u201d
functionality of ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24348 (A vulnerability in the \u201cNetwork Interfaces\u201d
functionality of ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24347 (A vulnerability in the \u201cNetwork Interfaces\u201d
functionality of ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24346 (A vulnerability in the \u201cProxy\u201d functionality of the
web appl ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24345 (A vulnerability in the \u201cHosts\u201d functionality of the
web appl ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24344 (A vulnerability in the error notification messages of the web
applicat ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24343 (A vulnerability in the \u201cManages app data\u201d
functionality of t ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24342 (A vulnerability in the login functionality of the web
application of c ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24341 (A vulnerability in the web application of ctrlX OS allows a
remote aut ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24340 (A vulnerability in the users configuration file of ctrlX OS
may allow ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24339 (A vulnerability in the web application of ctrlX OS allows a
remote una ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24338 (A vulnerability in the \u201cManages app data\u201d
functionality of t ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24091 (An app could impersonate system notifications. Sensitive
notifications ...)
NOT-FOR-US: Apple
CVE-2025-21416 (Missing authorization in Azure Virtual Desktop allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-9877 (: Use of GET Request Method With Sensitive Query Strings
vulnerability ...)
NOT-FOR-US: ABB group
CVE-2024-9876 (: Modification of Assumed-Immutable Data (MAID) vulnerability
in ABB A ...)
NOT-FOR-US: ABB group
CVE-2024-6032 (Tesla Model S Iris Modem ql_atfwd Command Injection Code
Execution Vul ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2024-6031 (Tesla Model S oFono AT Command Heap-based Buffer Overflow Code
Executi ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2024-6030 (Tesla Model S oFono Unnecessary Privileges Sandbox Escape
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2024-6029 (Tesla Model S Iris Modem Race Condition Firewall Bypass
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2024-47784 (Unverified Password Change for ANC software that allows an
authenticat ...)
NOT-FOR-US: ABB group
CVE-2024-13943 (Tesla Model S Iris Modem QCMAP_ConnectionManager Improper
Input Valida ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2025-4096
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/230b923e5857ef5907c91c03129c16d14659a2ab...7d7f4e147e97d51af26a17ef0fca0b30ca27e261
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/230b923e5857ef5907c91c03129c16d14659a2ab...7d7f4e147e97d51af26a17ef0fca0b30ca27e261
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
