Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fcc9cdd9 by Moritz Muehlenhoff at 2025-06-18T10:17:40+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2025-51381 (An authentication bypass vulnerability exists in KCM3100
Ver1.4.2 and ...)
- TODO: check
+ NOT-FOR-US: KCM3100
CVE-2025-50202 (Lychee is a free photo-management tool. In versions starting
from 6.6. ...)
- TODO: check
+ NOT-FOR-US: Lychee
CVE-2025-4955 (The tarteaucitron.io WordPress plugin before 1.9.5 uses query
paramete ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4413 (The Pixabay Images plugin for WordPress is vulnerable to
arbitrary fil ...)
NOT-FOR-US: WordPress plugin
CVE-2025-49843 (conda-smithy is a tool for combining a conda recipe with
configuration ...)
- TODO: check
+ NOT-FOR-US: conda-smithy
CVE-2025-49825 (Teleport provides connectivity, authentication, access
controls and au ...)
- TODO: check
+ NOT-FOR-US: Teleport
CVE-2025-49824 (conda-smithy is a tool for combining a conda recipe with
configuration ...)
- TODO: check
+ NOT-FOR-US: conda-smithy
CVE-2025-49593 (Portainer Community Edition is a lightweight service delivery
platform ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2025-49385 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link
following ...)
NOT-FOR-US: Trend Micro
CVE-2025-49384 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link
following ...)
@@ -35,15 +35,15 @@ CVE-2025-49212 (An insecure deserialization operation in
the Trend Micro Endpoin
CVE-2025-49211 (A SQL injection vulnerability in the Trend Micro Endpoint
Encryption P ...)
NOT-FOR-US: Trend Micro
CVE-2025-49149 (Dify is an open-source LLM app development platform. In
version 1.2.0, ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-48443 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and
below i ...)
NOT-FOR-US: Trend Micro
CVE-2025-41413 (Fuji Electric Smart Editoris vulnerable to an out-of-bounds
write, whi ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2025-41388 (Fuji Electric Smart Editor is vulnerable to a stack-based
buffer overf ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2025-32412 (Fuji Electric Smart Editoris vulnerable to an out-of-bounds
read, whic ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2025-30642 (A link following vulnerability in Trend Micro Deep Security
20.0 agent ...)
NOT-FOR-US: Trend Micro
CVE-2025-30641 (A link following vulnerability in the anti-malware solution
portion of ...)
@@ -82,7 +82,7 @@ CVE-2025-6069 (The html.parser.HTMLParser class had
worse-case quadratic complex
NOTE:
https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b
(v3.14.0b3)
NOTE:
https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949
(3.13-branch)
CVE-2025-6050 (Mezzanine CMS, in versions prior to 6.1.1, contains a Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: Mezzanine CMS
CVE-2025-5777 (Insufficient input validation leading to memory overreadon the
NetScal ...)
NOT-FOR-US: Citrix
CVE-2025-5700 (The Simple Logo Carousel plugin for WordPress is vulnerable to
Stored ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcc9cdd927a1dd9f95ff9f8e52514cb551a46799
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcc9cdd927a1dd9f95ff9f8e52514cb551a46799
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
