Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
03ab30eb by Moritz Mühlenhoff at 2025-10-15T12:32:13+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -697,13 +697,13 @@ CVE-2025-49708 (Use after free in Microsoft Graphics
Component allows an authori
CVE-2025-49201 (A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0
through 1.4.2, ...)
NOT-FOR-US: Fortinet
CVE-2025-48813 (Use of a key past its expiration date in Virtual Secure Mode
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-48004 (Use after free in Microsoft Brokering File System allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47989 (Improper access control in Azure Connected Machine Agent
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47979 (Insertion of sensitive information into log file in Windows
Failover C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47890 (An URL Redirection to Untrusted Site vulnerabilities [CWE-601]
in Fort ...)
NOT-FOR-US: Fortinet
CVE-2025-47856 (Two improper neutralization of special elements used in an OS
command ...)
@@ -713,19 +713,19 @@ CVE-2025-46774 (An Improper Verification of Cryptographic
Signature vulnerabilit
CVE-2025-46581 (ZTE's ZXCDN product is affected by a Struts remote code
execution (RC ...)
NOT-FOR-US: ZTE
CVE-2025-41718 (A cleartext transmission of sensitive information
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Murrelektronik
CVE-2025-41707 (The websocket handler is vulnerable to a denial of service
condition. ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41706 (The webserver is vulnerable to a denial of service condition.
An unaut ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41705 (An unauthenticated remote attacker (MITM) can intercept the
websocket ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41704 (An unauthanticated remote attacker can perform a DoS of the
Modbus ser ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41703 (An unauthenticated remote attacker can cause a Denial of
Service by tu ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41699 (An low privileged remote attacker with an account for the
Web-based ma ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-40812 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2025-40811 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
@@ -783,13 +783,13 @@ CVE-2025-37133 (An authenticated command injection
vulnerability exists in the C
CVE-2025-37132 (An arbitrary file write vulnerability exists in the web-based
manageme ...)
NOT-FOR-US: HPE
CVE-2025-36730 (A prompt injection vulnerability exists in Windsurft version
1.10.7 in ...)
- TODO: check
+ NOT-FOR-US: Windsurft
CVE-2025-34267 (Flowise v3.0.1 < 3.0.8 and all versions after with
'ALLOW_BUILTIN_DEP' ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-33182 (NVIDIA Jetson Linux contains a vulnerability in UEFI, where
improper a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33177 (NVIDIA Jetson Linux and IGX OS contain a vulnerability in
NvMap, where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33044 (APTIOV contains a vulnerability in BIOS where an attacker may
cause an ...)
NOT-FOR-US: AMI
CVE-2025-31514 (An Insertion of Sensitive Information into Log File
vulnerability [CWE ...)
@@ -807,11 +807,11 @@ CVE-2025-25253 (An Improper Validation of Certificate
with Host Mismatch vulnera
CVE-2025-25252 (An Insufficient Session Expiration vulnerability [CWE-613] in
FortiOS ...)
NOT-FOR-US: Fortinet
CVE-2025-25004 (Improper access control in Microsoft PowerShell allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24990 (Microsoft is aware of vulnerabilities in the third party Agere
Modem d ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24052 (Microsoft is aware of vulnerabilities in the third party Agere
Modem d ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-23356 (NVIDIA Isaac Lab contains a vulnerability in SB3 configuration
parsing ...)
TODO: check
CVE-2025-22833 (APTIOV contains a vulnerability in BIOS where an attacker may
cause a ...)
@@ -857,7 +857,7 @@ CVE-2025-20709 (In wlan AP driver, there is a possible out
of bounds write due t
CVE-2025-11736 (A flaw has been found in itsourcecode Online Examination
System 1.0. A ...)
NOT-FOR-US: itsourcecode System
CVE-2025-11577 (Clevo\u2019s UEFI firmware update packages, including
B10717.exe, inad ...)
- TODO: check
+ NOT-FOR-US: Clevo
CVE-2025-11548 (A remote, unauthenticated privilege escalation in ibi WebFOCUS
allows ...)
NOT-FOR-US: TIBCO
CVE-2025-11498 (An Improper Neutralization of Formula Elements in a CSV File
vulnerabi ...)
@@ -867,7 +867,7 @@ CVE-2025-10986 (Path traversal in the admin panel of Ivanti
EPMM before version
CVE-2025-10985 (OS command injection in the admin panel of Ivanti EPMM before
version ...)
NOT-FOR-US: Ivanti
CVE-2025-10610 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Winsure
CVE-2025-10243 (OS command injection in the admin panel of Ivanti EPMM before
version ...)
NOT-FOR-US: Ivanti
CVE-2025-10242 (OS command injection in the admin panel of Ivanti EPMM before
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ab30eb10b586fdee2d1ba52808d960a24ddd4c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ab30eb10b586fdee2d1ba52808d960a24ddd4c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
