Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79246d0a by Moritz Muehlenhoff at 2025-05-23T11:28:04+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -336,7 +336,7 @@ CVE-2025-4217 (The WP YouTube Video Optimizer plugin for
WordPress is vulnerable
CVE-2025-4105 (The Splitit plugin for WordPress is vulnerable to unauthorized
modific ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4008 (The Meteobridge web interface let meteobridge administrator
manage the ...)
- TODO: check
+ NOT-FOR-US: Meteobridge
CVE-2025-48417 (The certificate and private key used for providing transport
layer sec ...)
NOT-FOR-US: eCharge Hardy Barth charging stations
CVE-2025-48416 (An OpenSSH daemon listens on TCP port 22. There is a
hard-coded entry ...)
@@ -454,9 +454,9 @@ CVE-2025-20113 (A vulnerability in Cisco Unified
Intelligence Center could allow
CVE-2025-20112 (A vulnerability in multiple Cisco Unified Communications and
Contact C ...)
TODO: check
CVE-2025-1712 (Argument injection in special agent configuration in Checkmk
<2.4.0p1, ...)
- TODO: check
+ - check-mk <removed>
CVE-2025-1421 (Data provided in a request performed to the server while
activating a ...)
- TODO: check
+ NOT-FOR-US: Proget
CVE-2025-1420 (Input provided in a field containing "activationMessage"in
Konsola Pro ...)
NOT-FOR-US: Proget
CVE-2025-1419 (Input provided in comment section of Konsola Proget is not
sanitized c ...)
@@ -478,7 +478,7 @@ CVE-2024-56429 (itech iLabClient 3.7.1 relies on the
hard-coded YngAYdgAE/kKZYu2
CVE-2024-56428 (The local iLabClient database in itech iLabClient 3.7.1 allows
local a ...)
NOT-FOR-US: itech iLabClient
CVE-2024-42922 (AAPanel v7.0.7 was discovered to contain an OS command
injection vulne ...)
- TODO: check
+ NOT-FOR-US: AAPanel
CVE-2024-23337 (jq is a command-line JSON processor. In versions up to and
including 1 ...)
- jq <unfixed> (bug #1106289)
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46
@@ -501,7 +501,7 @@ CVE-2025-5010 (A vulnerability classified as problematic
has been found in moonl
CVE-2025-5008 (A vulnerability was found in projectworlds Online Time Table
Generator ...)
NOT-FOR-US: projectworlds Online Time Table Generator
CVE-2025-5007 (A vulnerability was found in Part-DB up to 1.17.0. It has been
declare ...)
- TODO: check
+ NOT-FOR-US: Part-DB
CVE-2025-5006 (A vulnerability was found in Campcodes Online Shopping Portal
1.0. It ...)
NOT-FOR-US: Campcodes
CVE-2025-5004 (A vulnerability was found in projectworlds Online Time Table
Generator ...)
@@ -596,7 +596,7 @@ CVE-2025-4364 (The affected products could allow an
unauthenticated attacker to
CVE-2025-48391 (In JetBrains YouTrack before 2025.1.76253 deletion of issues
was possi ...)
NOT-FOR-US: JetBrains
CVE-2025-48056 (Hubble is a fully distributed networking and security
observability pl ...)
- TODO: check
+ NOT-FOR-US: Hubble
CVE-2025-48018 (An authenticated user can modify application state data.)
NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
CVE-2025-48017 (Improper limitation of pathname in Circuit Provisioning and
File Impor ...)
@@ -637,9 +637,9 @@ CVE-2025-47290 (containerd is a container runtime. A
time-of-check to time-of-us
CVE-2025-47277 (vLLM, an inference and serving engine for large language
models (LLMs) ...)
- vllm <itp> (bug #1095237)
CVE-2025-46725 (Langroid is a Python framework to build large language model
(LLM)-pow ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2025-46724 (Langroid is a Python framework to build large language model
(LLM)-pow ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2025-45862 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to
contain a buff ...)
NOT-FOR-US: TOTOLINK
CVE-2025-44893 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
@@ -669,7 +669,7 @@ CVE-2025-40635 (SQL injection vulnerability in Comerzzia
Backoffice: Sales Orche
CVE-2025-40634 (Stack-based buffer overflow vulnerability in the
'conn-indicator' bina ...)
NOT-FOR-US: TP-Link
CVE-2025-40633 (A Stored Cross-Site Scripting (XSS) vulnerability has been
found in K ...)
- TODO: check
+ NOT-FOR-US: Koibox
CVE-2025-30193 (In some circumstances, when DNSdist is configured to allow an
unlimite ...)
- dnsdist 1.9.10-1 (bug #1106207)
NOTE:
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html
@@ -681,7 +681,7 @@ CVE-2025-26086 (An unauthenticated blind SQL injection
vulnerability exists in R
CVE-2025-22157 (This High severity PrivEsc (Privilege Escalation)
vulnerability was in ...)
NOT-FOR-US: Atlassian
CVE-2024-53359 (An issue in Zalo v23.09.01 allows attackers to obtain
sensitive user i ...)
- TODO: check
+ NOT-FOR-US: Zalo
CVE-2024-45641 (IBM Security ReaQta EDR 3.12 could allow an attacker to
perform unauth ...)
NOT-FOR-US: IBM
CVE-2023-33861 (IBM Security ReaQta EDR 3.12 could allow an attacker to spoof
a truste ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79246d0a3d4ac29a8f72643be08bdc165e5cf217
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79246d0a3d4ac29a8f72643be08bdc165e5cf217
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
