Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
47944fd8 by Moritz Muehlenhoff at 2025-06-27T09:47:21+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -120,13 +120,13 @@ CVE-2025-3722 (A path traversal vulnerability in System
Information Reporter (SI
CVE-2025-36034 (IBM InfoSphere DataStage Flow Designer in IBM InfoSphere
Information S ...)
NOT-FOR-US: IBM
CVE-2025-34049 (An OS command injection vulnerability exists in the OptiLink
ONT1GEW G ...)
- TODO: check
+ NOT-FOR-US: OptiLink
CVE-2025-34048 (A path traversal vulnerability exists in the web management
interface ...)
NOT-FOR-US: D-Link
CVE-2025-34047 (A path traversal vulnerability exists in the Leadsec SSL VPN
(formerly ...)
- TODO: check
+ NOT-FOR-US: Leadsec SSL VPN
CVE-2025-34046 (An unauthenticated file upload vulnerability exists in the
Fanwei E-Of ...)
- TODO: check
+ NOT-FOR-US: Fanwei E-Office
CVE-2025-34045 (A path traversal vulnerability exists in WeiPHP 5.0, an open
source We ...)
NOT-FOR-US: WeiPHP
CVE-2025-34044 (A remote command injection vulnerability exists in the
confirm.php int ...)
@@ -138,7 +138,7 @@ CVE-2025-34042 (An authenticated command injection
vulnerability exists in the B
CVE-2025-30131 (An issue was discovered on IROAD Dashcam FX2 devices. An
unauthenticat ...)
NOT-FOR-US: IROAD Dashcam FX2
CVE-2025-29331 (An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: MHSanaei 3x-ui
CVE-2024-6174 (When a non-x86 platform is detected, cloud-init grants root
access to ...)
- cloud-init <unfixed>
NOTE:
https://github.com/canonical/cloud-init/commit/f43937f0b462734eb9c76700491c18fe4133c8e1
@@ -146,7 +146,7 @@ CVE-2024-6174 (When a non-x86 platform is detected,
cloud-init grants root acces
CVE-2024-56915 (Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to
Cross Si ...)
- netbox <itp> (bug #1017079)
CVE-2024-52928 (Arc before 1.26.1 on Windows has a bypass issue in the site
settings t ...)
- TODO: check
+ NOT-FOR-US: Arc Browser
CVE-2024-11584 (cloud-initthrough 25.1.2 includes the systemd socket
unitcloud-init-ho ...)
- cloud-init <unfixed>
NOTE:
https://github.com/canonical/cloud-init/commit/8b45006c4765fd75f20ce244571b563dbc49d4f2
@@ -412,7 +412,7 @@ CVE-2025-45332 (vkoskiv c-ray 1.1 contains a Null Pointer
Dereference (NPD) vuln
CVE-2025-44206 (Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264
and Hex ...)
NOT-FOR-US: Hexagon HxGN OnCall Dispatch Advantag
CVE-2025-41647 (A local, low-privileged attacker can learn the password of the
connect ...)
- TODO: check
+ NOT-FOR-US: PLC Designer
CVE-2025-41256 (Cyberduck and Mountain Duck improper handle TLS certificate
pinning fo ...)
NOT-FOR-US: Cyberduck and Mountain Duck
CVE-2025-41255 (Cyberduck and Mountain Duck improperly handle TLS certificate
pinning ...)
@@ -430,9 +430,9 @@ CVE-2025-20264 (A vulnerability in the web-based management
interface of Cisco I
CVE-2024-57708 (An issue in OneTrust SDK v.6.33.0 allows a local attacker to
cause a d ...)
NOT-FOR-US: OneTrust SDK
CVE-2024-27685 (SQL Injection vulnerability in Student Record system Using PHP
and MyS ...)
- TODO: check
+ NOT-FOR-US: Student Record system Using PHP and MySQL
CVE-2023-44915 (A cross-site scripting (XSS) vulnerability in the component
/Login.php ...)
- TODO: check
+ NOT-FOR-US: c3crm
CVE-2021-4457 (The ZoomSounds plugin before 6.05 contains a PHP file allowing
unauthe ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5846 (An issue has been discovered in GitLab EE affecting all
versions from ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47944fd879d7b4f5d3b56da32aa1b986b055213b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47944fd879d7b4f5d3b56da32aa1b986b055213b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
