Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: b8268298 by Moritz Muehlenhoff at 2025-05-22T17:17:27+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -41,7 +41,7 @@ CVE-2025-3882 (eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection R CVE-2025-3881 (eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Co ...) NOT-FOR-US: eCharge Hardy Barth cPH2 CVE-2025-3486 (Allegra isZipEntryValide Directory Traversal Remote Code Execution Vul ...) - TODO: check + NOT-FOR-US: Allegra CVE-2025-3484 (MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Re ...) NOT-FOR-US: MedDream PACS Server CVE-2025-3483 (MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Re ...) @@ -97,15 +97,15 @@ CVE-2025-4105 (The Splitit plugin for WordPress is vulnerable to unauthorized mo CVE-2025-4008 (The Meteobridge web interface let meteobridge administrator manage the ...) TODO: check CVE-2025-48417 (The certificate and private key used for providing transport layer sec ...) - TODO: check + NOT-FOR-US: eCharge Hardy Barth charging stations CVE-2025-48416 (An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry ...) - TODO: check + NOT-FOR-US: eCharge Hardy Barth charging stations CVE-2025-48415 (A USB backdoor feature can be triggered by attaching a USB drive that ...) - TODO: check + NOT-FOR-US: eCharge Hardy Barth charging stations CVE-2025-48414 (There are several scripts in the web interface that are accessible via ...) - TODO: check + NOT-FOR-US: eCharge Hardy Barth charging stations CVE-2025-48413 (The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password h ...) - TODO: check + NOT-FOR-US: eCharge Hardy Barth charging stations CVE-2025-48207 (The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Ins ...) NOT-FOR-US: TYPO3 extension CVE-2025-48206 (The ns_backup extension through 13.0.0 for TYPO3 allows XSS.) @@ -123,7 +123,7 @@ CVE-2025-48201 (The ns_backup extension through 13.0.0 for TYPO3 has a Predictab CVE-2025-48200 (The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remot ...) NOT-FOR-US: TYPO3 extension CVE-2025-48069 (ejson2env allows users to decrypt EJSON secrets and export them as env ...) - TODO: check + NOT-FOR-US: ejson2env CVE-2025-48064 (GitHub Desktop is an open-source, Electron-based GitHub app designed f ...) NOT-FOR-US: GitHub Desktop CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required rights we ...) @@ -143,9 +143,9 @@ CVE-2025-47291 (containerd is an open-source container runtime. A bug was found - containerd <not-affected> (Vulnerable code not present) NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff CVE-2025-46822 (OsamaTaher/Java-springboot-codebase is a collection of Java and Spring ...) - TODO: check + NOT-FOR-US: OsamaTaher/Java-springboot-codebase CVE-2025-46412 (Affected Vertiv products do not properly protect webserver functions t ...) - TODO: check + NOT-FOR-US: Vertiv CVE-2025-45755 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM ...) NOT-FOR-US: Vtiger CRM CVE-2025-45754 (A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6. ...) @@ -159,7 +159,7 @@ CVE-2025-44892 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack ov CVE-2025-44083 (An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypa ...) NOT-FOR-US: D-Link CVE-2025-41426 (Affected Vertiv products contain a stack based buffer overflow vulnera ...) - TODO: check + NOT-FOR-US: Vertiv CVE-2025-41232 (Spring Security Aspects may not correctly locate method security annot ...) - libspring-security-2.0-java <removed> CVE-2025-3781 (The Raisely Donation Form plugin for WordPress is vulnerable to Stored ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8268298e7352e173d49cac89d7b2682f90bcda3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8268298e7352e173d49cac89d7b2682f90bcda3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits