Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a92d8f76 by Moritz Muehlenhoff at 2025-05-16T08:45:32+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -64,23 +64,23 @@ CVE-2025-48050 (In DOMPurify through 3.2.5 before 6bc6d60,
scripts/server.js doe
NOTE: https://github.com/cure53/DOMPurify/pull/1101
NOTE:
https://github.com/cure53/DOMPurify/commit/6bc6d60e49256f27a4022181b7d8a5b0721fd534
CVE-2025-47789 (Horilla is a free and open source Human Resource Management
System (HR ...)
- TODO: check
+ NOT-FOR-US: Horilla
CVE-2025-47788 (Atheos is a self-hosted browser-based cloud IDE. Prior to
v602, simila ...)
- TODO: check
+ NOT-FOR-US: Atheos
CVE-2025-47787 (Emlog is an open source website building system. Emlog Pro
prior to ve ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2025-47786 (Emlog is an open source website building system. Version
2.5.13 has a ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2025-47785 (Emlog is an open source website building system. In versions
up to and ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2025-47784 (Emlog is an open source website building system. Versions
2.5.13 and p ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2025-47774 (Vyper is the Pythonic Programming Language for the Ethereum
Virtual Ma ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2025-47580 (Missing Authorization vulnerability in Rustaurius Front End
Users allo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47285 (Vyper is the Pythonic Programming Language for the Ethereum
Virtual Ma ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2025-47279 (Undici is an HTTP/1.1 client for Node.js. Prior to versions
5.29.0, 6. ...)
- node-undici <unfixed>
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3
@@ -91,7 +91,7 @@ CVE-2025-47161 (Microsoft Defender for Endpoint Elevation of
Privilege Vulnerabi
CVE-2025-46834 (Alchemy's Modular Account is a smart contract account that is
compatib ...)
NOT-FOR-US: Microsoft
CVE-2025-46053 (A SQL Injection vulnerability in WebERP v4.15.2 allows
attackers to ex ...)
- TODO: check
+ NOT-FOR-US: WebERP
CVE-2025-46052 (An error-based SQL Injection (SQLi) vulnerability in WebERP
v4.15.2 al ...)
NOT-FOR-US: WebERP
CVE-2025-44185 (SourceCodester Best Employee Management System V1.0 is
vulnerable to C ...)
@@ -107,7 +107,7 @@ CVE-2025-44180 (Phpgurukul Vehicle Record Management System
v1.0 is vulnerable t
CVE-2025-44110 (FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in
via the F ...)
NOT-FOR-US: FluxBB
CVE-2025-43853 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the
executable ...)
- TODO: check
+ NOT-FOR-US: WebAssembly Micro Runtime's (WAMR)
CVE-2025-3446 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x
<= 10.4 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-3440 (IBM Security Guardium 11.5 is vulnerable to stored cross-site
scriptin ...)
@@ -115,9 +115,9 @@ CVE-2025-3440 (IBM Security Guardium 11.5 is vulnerable to
stored cross-site scr
CVE-2025-32922 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias
WP2LEADS all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32738 (Missing authentication for critical function issue exists in
I-O DATA ...)
- TODO: check
+ NOT-FOR-US: I-O DATA
CVE-2025-32002 (Improper neutralization of special elements used in an OS
command ('OS ...)
- TODO: check
+ NOT-FOR-US: I-O DATA
CVE-2025-31947 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x
<= 10.4 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-30476 (Dell PowerScale InsightIQ, version 5.2, contains an
uncontrolled resou ...)
@@ -594,7 +594,7 @@ CVE-2025-20004 (Insufficient control flow management in the
Alias Checking Trust
CVE-2025-20003 (Improper link resolution before file access ('Link Following')
for som ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality,
Incorrect ...)
- TODO: check
+ NOT-FOR-US: ArcGIS
CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data
analyti ...)
NOT-FOR-US: LF Edge eKuiper
CVE-2024-48869 (Improper restriction of software interfaces to hardware
features for s ...)
@@ -602,9 +602,9 @@ CVE-2024-48869 (Improper restriction of software interfaces
to hardware features
CVE-2024-47800 (Uncontrolled search path for some Intel(R) Graphics Driver
software ma ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-47795 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++
Compiler s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-47550 (Incorrect default permissions for some Endurance Gaming Mode
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-46895 (Uncontrolled search path for some Intel(R) Arc\u2122 &
Iris(R) Xe ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-45371 (Improper access control for some Intel(R) Arc\u2122 &
Iris(R) Xe g ...)
@@ -629,7 +629,7 @@ CVE-2024-29222 (Out-of-bounds write for some Intel(R)
Graphics Driver software m
CVE-2024-28954 (Incorrect default permissions for some Intel(R) Graphics
Driver instal ...)
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-28036 (Improper conditions check for some Intel(R) Arc\u2122 GPU may
allow an ...)
- TODO: check
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2025-26864 (Exposure of Sensitive Information to an Unauthorized Actor,
Insertion ...)
NOT-FOR-US: Apache IoTDB
CVE-2025-26795 (Exposure of Sensitive Information to an Unauthorized Actor,
Insertion ...)
@@ -992,15 +992,15 @@ CVE-2024-36340 (A junction point vulnerability within
AMD uProf can allow a loc
CVE-2024-36339 (A DLL hijacking vulnerability in the AMD Optimizing CPU
Libraries coul ...)
NOT-FOR-US: AMD
CVE-2024-36321 (Unquoted search path within AIM-T Manageability Service can
allow a lo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-35281 (An improper isolation or compartmentalization vulnerability
[CWE-653] ...)
NOT-FOR-US: Fortinet
CVE-2024-23815 (A vulnerability has been identified in Desigo CC (All versions
if acce ...)
NOT-FOR-US: Siemens
CVE-2024-21960 (Incorrect default permissions in the AMD Optimizing CPU
Libraries (AOC ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-12533 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2023-31359 (Incorrect default permissions in the AMD Manageability API
could allow ...)
NOT-FOR-US: AMD
CVE-2023-31358 (A DLL hijacking vulnerability in the AMD Manageability API
could allow ...)
@@ -1267,7 +1267,7 @@ CVE-2025-47274 (ToolHive is a utility designed to
simplify the deployment and ma
CVE-2025-47271 (The OZI action is a GitHub Action that publishes releases to
PyPI and ...)
NOT-FOR-US: OZI action GitHub Action
CVE-2025-47270 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq
Proof-of ...)
- TODO: check
+ NOT-FOR-US: nimiq/core-rs-albatross
CVE-2025-46750 (SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow
a local ...)
NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
CVE-2025-46749 (An authenticated user could submit scripting to fields that
lack prope ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92d8f7622781d47ab7ef7be8d91445e3e28d72b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92d8f7622781d47ab7ef7be8d91445e3e28d72b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
