Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aefe71a4 by Salvatore Bonaccorso at 2025-05-29T22:33:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
CVE-2025-5334 (Exposure of private personal information to an unauthorized
actor in t ...)
NOT-FOR-US: Devolutions
CVE-2025-5326 (A vulnerability was found in zhilink
\u667a\u4e92\u8054(\u6df1\u5733)\ ...)
- TODO: check
+ NOT-FOR-US: zhilink ADP Application Developer Platform
CVE-2025-5325 (A vulnerability has been found in zhilink
\u667a\u4e92\u8054(\u6df1\u5 ...)
- TODO: check
+ NOT-FOR-US: zhilink ADP Application Developer Platform
CVE-2025-5324 (A vulnerability, which was classified as problematic, was found
in Tec ...)
- TODO: check
+ NOT-FOR-US: TechPowerUp GPU-Z
CVE-2025-5323 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: fossasia open-event-server
CVE-2025-5321 (A vulnerability classified as critical was found in aimhubio
aim up to ...)
- TODO: check
+ NOT-FOR-US: aimhubio aim
CVE-2025-5320 (A vulnerability classified as problematic has been found in
gradio-app ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2025-5286 (The Bold Page Builder plugin for WordPress is vulnerable to
Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5122 (The Map Block Leaflet plugin for WordPress is vulnerable to
Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4967 (Esri Portal for ArcGIS 11.4 and prior allows a remote,
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Esri Portal for ArcGIS
CVE-2025-4687 (In Teltonika Networks Remote Management System (RMS), it is
possible t ...)
- TODO: check
+ NOT-FOR-US: Teltonika Networks Remote Management System (RMS)
CVE-2025-4670 (The Easy Digital Downloads \u2013 eCommerce Payments and
Subscriptions ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4081 (Use of entitlement
"com.apple.security.cs.disable-library-validation" ...)
TODO: check
CVE-2025-48748 (Netwrix Directory Manager (formerly Imanami GroupID) through
v.10.0.77 ...)
- TODO: check
+ NOT-FOR-US: Netwrix
CVE-2025-48475 (FreeScout is a free self-hosted help desk and shared mailbox.
Prior to ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2025-48474 (FreeScout is a free self-hosted help desk and shared mailbox.
Prior to ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2025-48473 (FreeScout is a free self-hosted help desk and shared mailbox.
Prior to ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2025-48472 (FreeScout is a free self-hosted help desk and shared mailbox.
Prior to ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2025-48471 (FreeScout is a free self-hosted help desk and shared mailbox.
Prior to ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2025-48390 (FreeScout is a free self-hosted help desk and shared mailbox.
Prior to ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2025-48389 (FreeScout is a free self-hosted help desk and shared mailbox.
Prior to ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2025-48388 (FreeScout is a free self-hosted help desk and shared mailbox.
Prior to ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2025-48336 (Deserialization of Untrusted Data vulnerability in ThimPress
Course Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48047 (An authenticated user can perform command injection via
unsanitized in ...)
- TODO: check
+ NOT-FOR-US: NetFax Server
CVE-2025-48046 (An authenticated user can disclose the cleartext password of a
configu ...)
- TODO: check
+ NOT-FOR-US: NetFax Server
CVE-2025-48045 (An unauthenticated HTTP GET request to the /client.php
endpoint will d ...)
- TODO: check
+ NOT-FOR-US: NetFax Server
CVE-2025-47933 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2025-47288 (Discourse Policy plugin gives the ability to confirm users
have seen o ...)
- TODO: check
+ NOT-FOR-US: Discourse Policy plugin
CVE-2025-46823 (openmrs-module-fhir2 provides the FHIR REST API and related
services f ...)
- TODO: check
+ NOT-FOR-US: openmrs-module-fhir2
CVE-2025-46722 (vLLM is an inference and serving engine for large language
models (LLM ...)
TODO: check
CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache
Tomcat's ...)
@@ -63,11 +63,11 @@ CVE-2025-46701 (Improper Handling of Case Sensitivity
vulnerability in Apache To
CVE-2025-46570 (vLLM is an inference and serving engine for large language
models (LLM ...)
TODO: check
CVE-2025-46080 (HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can
exploit ...)
- TODO: check
+ NOT-FOR-US: HuoCMS
CVE-2025-46078 (HuoCMS V3.5.1 and before is vulnerable to file upload, which
allows at ...)
- TODO: check
+ NOT-FOR-US: HuoCMS
CVE-2025-45474 (maccms10 v2025.1000.4047 is vulnerable to Server-side request
forgery ...)
- TODO: check
+ NOT-FOR-US: maccms10
CVE-2025-3913 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x
<= 10.5 ...)
TODO: check
CVE-2025-3050 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
@@ -83,13 +83,13 @@ CVE-2025-29632 (Buffer Overflow vulnerability in Free5gc
v.4.0.0 allows a remote
CVE-2025-27151 (Redis is an open source, in-memory database that persists on
disk. In ...)
TODO: check
CVE-2024-54952 (MikroTik RouterOS 6.40.5, the SMB service contains a memory
corruption ...)
- TODO: check
+ NOT-FOR-US: MikroTik RouterOS
CVE-2024-53423 (An issue in Open Network Foundation ONOS v2.7.0 allows
attackers to ca ...)
- TODO: check
+ NOT-FOR-US: Open Network Foundation ONOS
CVE-2024-52588 (Strapi is an open-source content management system. Prior to
version 4 ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2024-51392 (An issue in OpenKnowledgeMaps Headstart v7 allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: OpenKnowledgeMaps Headstart
CVE-2024-49350 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2024-22654 (tcpreplay v4.4.4 was discovered to contain an infinite loop
via the tc ...)
@@ -97,7 +97,7 @@ CVE-2024-22654 (tcpreplay v4.4.4 was discovered to contain an
infinite loop via
CVE-2024-22653 (yasm commit 9defefae was discovered to contain a NULL pointer
derefere ...)
TODO: check
CVE-2023-41591 (An issue in Open Network Foundation ONOS v2.7.0 allows
attackers to cr ...)
- TODO: check
+ NOT-FOR-US: Open Network Foundation ONOS
CVE-2025-37999 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aefe71a42bc424904b4f839c197d2f38c2765cd3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aefe71a42bc424904b4f839c197d2f38c2765cd3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
