Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
845ca0e5 by Moritz Muehlenhoff at 2025-06-25T16:57:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -242,13 +242,13 @@ CVE-2025-23260 (NVIDIA AIStore contains a vulnerability
in the AIS Operator wher
CVE-2025-1718 (An authenticated user with file access privilege via FTP access
can ca ...)
NOT-FOR-US: Hitachi Energy
CVE-2024-56918 (In Netbox Community 4.1.7, the login page is vulnerable to
cross-site ...)
- TODO: check
+ - netbox <itp> (bug #1017079)
CVE-2024-56917 (Netbox Community 4.1.7 is vulnerable to Cross Site Scripting
(XSS) via ...)
- TODO: check
+ - netbox <itp> (bug #1017079)
CVE-2024-56916 (In Netbox Community 4.1.7, once authenticated, Configuration
History > ...)
- TODO: check
+ - netbox <itp> (bug #1017079)
CVE-2024-37743 (An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote
attacker to ex ...)
- TODO: check
+ NOT-FOR-US: KnowledgeGPT
CVE-2025-6436 (Memory safety bugs present in Firefox 139 and Thunderbird 139.
Some of ...)
- firefox 140.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6436
@@ -367,7 +367,7 @@ CVE-2025-52566 (llama.cpp is an inference of several LLM
models in C/C++. Prior
CVE-2025-52562 (Convoy is a KVM server management panel for hosting
businesses. In ver ...)
NOT-FOR-US: Convoy
CVE-2025-52561 (HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: HTMLSanitizer.jl
CVE-2025-52560 (Kanboard is project management software that focuses on the
Kanban met ...)
- kanboard <removed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92
@@ -375,7 +375,7 @@ CVE-2025-52560 (Kanboard is project management software
that focuses on the Kanb
CVE-2025-52558 (changedetection.io is a free open source web page change
detection, we ...)
NOT-FOR-US: changedetection.io
CVE-2025-50213 (Failure to Sanitize Special Elements into a Different Plane
(Special E ...)
- TODO: check
+ NOT-FOR-US: Airflow provider for Snowflake
CVE-2025-48890 (WRH-733GBK and WRH-733GWH contain an improper neutralization
of specia ...)
NOT-FOR-US: ELECOM
CVE-2025-48470 (Successful exploitation of the stored cross-site scripting
vulnerabili ...)
@@ -403,35 +403,35 @@ CVE-2025-43877 (WRC-1167GHBK2-S contains a stored
cross-site scripting vulnerabi
CVE-2025-41427 (WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an
improper neutra ...)
NOT-FOR-US: ELECOM
CVE-2025-3090 (An unauthenticated remote attacker can obtain limited sensitive
inform ...)
- TODO: check
+ NOT-FOR-US: mbCONNECT24
CVE-2025-36519 (Unrestricted upload of file with dangerous type issue exists
in WRC-25 ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2025-34041 (An OS command injection vulnerability exists in the Chinese
versions o ...)
- TODO: check
+ NOT-FOR-US: Sangfor Endpoint Detection and Response
CVE-2025-34040 (An arbitrary file upload vulnerability exists in the Zhiyuan
OA platfo ...)
- TODO: check
+ NOT-FOR-US: Zhiyuan OA
CVE-2025-34039 (A code injection vulnerability exists in Yonyou UFIDA NC v6.5
and prio ...)
- TODO: check
+ NOT-FOR-US: Yonyou UFIDA NC
CVE-2025-34038 (A SQL injection vulnerability exists in Fanwei e-cology 8.0
via the ge ...)
- TODO: check
+ NOT-FOR-US: Fanwei e-cology
CVE-2025-34037 (An OS command injection vulnerability exists in various models
of E-Se ...)
NOT-FOR-US: Linksys
CVE-2025-34036 (An OS command injection vulnerability exists in white-labeled
DVRs man ...)
- TODO: check
+ NOT-FOR-US: Shenzhen TVT
CVE-2025-34035 (An OS command injection vulnerability exists in EnGenius
EnShare Cloud ...)
- TODO: check
+ NOT-FOR-US: EnGenius
CVE-2025-34034 (A hardcoded credential vulnerability exists in the Blue Angel
Software ...)
- TODO: check
+ NOT-FOR-US: Blue Angel
CVE-2025-34033 (An OS command injection vulnerability exists in the Blue Angel
Softwar ...)
- TODO: check
+ NOT-FOR-US: Blue Angel
CVE-2025-34032 (A reflected cross-site scripting (XSS) vulnerability exists in
the Moo ...)
- TODO: check
+ NOT-FOR-US: Moodle plugin
CVE-2025-34031 (A path traversal vulnerability exists in the Moodle LMS Jmol
plugin ve ...)
- TODO: check
+ NOT-FOR-US: Moodle plugin
CVE-2025-2962 (A denial-of-service issue in the dns implemenation could cause
an infi ...)
TODO: check
CVE-2025-23092 (Mitel OpenScape Accounting Management through V5 R1.1.0 could
allow an ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2024-56731 (Gogs is an open source self-hosted Git service. Prior to
version 0.13. ...)
NOT-FOR-US: Go Git Service
CVE-2025-2828 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the Reque ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/845ca0e5007b517f5e615cb7e6eafb958ff79956
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/845ca0e5007b517f5e615cb7e6eafb958ff79956
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
