Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
078515b3 by Salvatore Bonaccorso at 2025-05-30T10:24:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -77,9 +77,9 @@ CVE-2025-48068 (Next.js is a React framework for building
full-stack web applica
CVE-2025-47952 (Traefik (pronounced traffic) is an HTTP reverse proxy and load
balance ...)
- traefik <itp> (bug #983289)
CVE-2025-47697 (Client-side enforcement of server-side security issue exists
in wivia ...)
- TODO: check
+ NOT-FOR-US: wivia
CVE-2025-46352 (The CS5000 Fire Panel is vulnerable due to a hard-coded
password that ...)
- TODO: check
+ NOT-FOR-US: CS5000 Fire Panel
CVE-2025-44906 (jhead v3.08 was discovered to contain a heap-use-after-free
via the Pr ...)
TODO: check
CVE-2025-44905 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow
via the ...)
@@ -87,17 +87,17 @@ CVE-2025-44905 (hdf5 v1.14.6 was discovered to contain a
heap buffer overflow vi
CVE-2025-44904 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow
via the ...)
TODO: check
CVE-2025-44619 (Tinxy WiFi Lock Controller v1 RF was discovered to be
configured to tr ...)
- TODO: check
+ NOT-FOR-US: Tinxy
CVE-2025-44614 (Tinxy WiFi Lock Controller v1 RF was discovered to store
users' sensit ...)
- TODO: check
+ NOT-FOR-US: Tinxy
CVE-2025-44612 (Tinxy WiFi Lock Controller v1 RF was discovered to transmit
sensitive ...)
- TODO: check
+ NOT-FOR-US: Tinxy
CVE-2025-41438 (The CS5000 Fire Panel is vulnerable due to a default account
that exis ...)
- TODO: check
+ NOT-FOR-US: CS5000 Fire Panel
CVE-2025-41406 (Cross-site scripting vulnerability exists in wivia 5 all
versions. If ...)
- TODO: check
+ NOT-FOR-US: wivia
CVE-2025-41385 (An OS Command Injection issue exists in wivia 5 all versions.
If this ...)
- TODO: check
+ NOT-FOR-US: wivia
CVE-2025-41235 (Spring Cloud Gateway Server forwards the X-Forwarded-Forand
Forwardedh ...)
TODO: check
CVE-2025-31264 (An authentication issue was addressed with improved state
management. ...)
@@ -117,7 +117,7 @@ CVE-2025-31189 (A file quarantine bypass was addressed with
additional checks. T
CVE-2025-30466 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2025-1907 (Instantel Micromate lacks authentication on a configuration
port which ...)
- TODO: check
+ NOT-FOR-US: Instantel Micromate
CVE-2020-36846 (A buffer overflow, as described in CVE-2020-8927, exists in
the embedd ...)
- libio-compress-brotli-perl <not-affected> (Debian package uses the
system library from the initial packaging)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/30005245/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/078515b3ca7a957b3331c1bf381bbe7e60ba1c49
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/078515b3ca7a957b3331c1bf381bbe7e60ba1c49
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
