Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c7be63e by Salvatore Bonaccorso at 2025-06-10T22:27:31+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-5970 (A vulnerability was found in PHPGurukul
Restaurant Table Booking
CVE-2025-5969 (A vulnerability has been found in D-Link DIR-632 FW103B08 and
classifi ...)
NOT-FOR-US: D-Link
CVE-2025-5943 (MicroDicom DICOM Viewer suffers from an out-of-bounds write
vulnerab ...)
- TODO: check
+ NOT-FOR-US: MicroDicom DICOM Viewer
CVE-2025-5743 (CWE-78: I Improper Neutralization of Special Elements used in
an OS Co ...)
NOT-FOR-US: Schneider Electric
CVE-2025-5742 (CWE-79: Improper Neutralization of Input During Web Page
Generation (\ ...)
@@ -35,9 +35,9 @@ CVE-2025-4801
CVE-2025-4774 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4681 (Improper Privilege Management vulnerability in upKeeper
Solutions upKe ...)
- TODO: check
+ NOT-FOR-US: upKeeper
CVE-2025-4680 (Improper Input Validation vulnerability in upKeeper Solutions
upKeeper ...)
- TODO: check
+ NOT-FOR-US: upKeeper
CVE-2025-4678 (Improper Neutralization of Special Elements in the
chromium_path varia ...)
NOT-FOR-US: Pandora FMS
CVE-2025-4653 (Improper Neutralization of Special Elements in the backup name
field m ...)
@@ -51,15 +51,15 @@ CVE-2025-49510 (Cross-Site Request Forgery (CSRF)
vulnerability in WPFactory Min
CVE-2025-49509 (Missing Authorization vulnerability in Roland Beaussant Audio
Editor & ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49507 (Deserialization of Untrusted Data vulnerability in LoftOcean
CozyStay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49455 (Deserialization of Untrusted Data vulnerability in LoftOcean
TinySalt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49454 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49143 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2025-49142 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2025-48937 (matrix-rust-sdk is an implementation of a Matrix client-server
library ...)
TODO: check
CVE-2025-48879 (OctoPrint versions up until and including 1.11.1 contain a
vulnerabili ...)
@@ -67,53 +67,53 @@ CVE-2025-48879 (OctoPrint versions up until and including
1.11.1 contain a vulne
CVE-2025-48067 (OctoPrint provides a web interface for controlling consumer 3D
printer ...)
TODO: check
CVE-2025-47977 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47969 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47968 (Improper input validation in Microsoft AutoUpdate (MAU) allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47962 (Improper access control in Windows SDK allows an authorized
attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47957 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47956 (External control of file name or path in Windows Security App
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47955 (Improper privilege management in Windows Remote Access
Connection Mana ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47953 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47176 ('.../...//' in Microsoft Office Outlook allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47175 (Use after free in Microsoft Office PowerPoint allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47174 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47173 (Improper input validation in Microsoft Office allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47172 (Improper neutralization of special elements used in an sql
command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47171 (Improper input validation in Microsoft Office Outlook allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47170 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47169 (Heap-based buffer overflow in Microsoft Office Word allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47168 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47167 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47166 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47165 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47164 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47163 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47162 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47160 (Protection mechanism failure in Windows Shell allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47112 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
NOT-FOR-US: Adobe
CVE-2025-47111 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
@@ -131,21 +131,21 @@ CVE-2025-47105 (InDesign Desktop versions ID20.2,
ID19.5.3 and earlier are affec
CVE-2025-47104 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
NOT-FOR-US: Adobe
CVE-2025-46612 (The Panel Designer dashboard in Airleader Master and Easy
before 6.36 ...)
- TODO: check
+ NOT-FOR-US: Airleader Master and Easy
CVE-2025-44044 (Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML
External Entity ...)
- TODO: check
+ NOT-FOR-US: Keyoti SearchUnit
CVE-2025-44043 (Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side
Request ...)
- TODO: check
+ NOT-FOR-US: Keyoti SearchUnit
CVE-2025-43701 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43700 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43699 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43698 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43697 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43593 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
NOT-FOR-US: Adobe
CVE-2025-43590 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
@@ -181,23 +181,23 @@ CVE-2025-43550 (Acrobat Reader versions 24.001.30235,
20.005.30763, 25.001.20521
CVE-2025-41657 (Due to an undocumented active bluetooth stack on products
delivered wi ...)
TODO: check
CVE-2025-40662 (Absolute path disclosure vulnerability in DM Corporative CMS.
This vul ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40661 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40660 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40659 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40658 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40657 (A SQL injection vulnerability has been found in DM Corporative
CMS. Th ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40656 (A SQL injection vulnerability has been found in DM Corporative
CMS. Th ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40655 (A SQL injection vulnerability has been found in DM Corporative
CMS. Th ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40654 (A SQL injection vulnerability has been found in DM Corporative
CMS. Th ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40591 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
NOT-FOR-US: Siemens
CVE-2025-40585 (A vulnerability has been identified in Energy Services (All
versions w ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7be63e96dcd00cf91138edb3699367ec9248a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7be63e96dcd00cf91138edb3699367ec9248a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
