Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1b076d8 by Salvatore Bonaccorso at 2025-11-18T21:59:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -144,7 +144,7 @@ CVE-2025-56526 (Cross site scripting (XSS) vulnerability in
Kotaemon 0.11.0 allo
CVE-2025-56499 (Incorrect access control in mihomo v1.19.11 allows
authenticated attac ...)
NOT-FOR-US: mihomo
CVE-2025-55796 (The openml/openml.org web application version v2.0.20241110
uses predi ...)
- TODO: check
+ NOT-FOR-US: openml/openml.org web application
CVE-2025-55179 (Incomplete validation of rich response messages in WhatsApp
for iOS pr ...)
NOT-FOR-US: WhatsApp
CVE-2025-55074 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail
to enfo ...)
@@ -188,25 +188,25 @@ CVE-2025-46373 (A Heap-based Buffer Overflow
vulnerability [CWE-122] in Fortinet
CVE-2025-46215 (An Improper Isolation or Compartmentalization vulnerability
[CWE-653] ...)
NOT-FOR-US: Fortinet
CVE-2025-41737 (Due to webserver misconfiguration an unauthenticated remote
attacker i ...)
- TODO: check
+ NOT-FOR-US: METZ CONNECT
CVE-2025-41736 (A low privileged remote attacker can upload a new or overwrite
an exis ...)
- TODO: check
+ NOT-FOR-US: METZ CONNECT
CVE-2025-41735 (A low privileged remote attacker can upload any file to an
arbitrary l ...)
- TODO: check
+ NOT-FOR-US: METZ CONNECT
CVE-2025-41734 (An unauthenticated remote attacker can execute arbitrary php
files and ...)
- TODO: check
+ NOT-FOR-US: METZ CONNECT
CVE-2025-41733 (The commissioning wizard on the affected devices does not
validate if ...)
- TODO: check
+ NOT-FOR-US: METZ CONNECT
CVE-2025-41350 (Stored Cross-site Scripting (XSS)vylnerability type in WinPlus
v24.11. ...)
- TODO: check
+ NOT-FOR-US: WinPlus
CVE-2025-41349 (Stored Cross-site Scripting (XSS)vylnerability type in WinPlus
v24.11. ...)
- TODO: check
+ NOT-FOR-US: WinPlus
CVE-2025-41348 (SQL injection vulnerability in WinPlus v24.11.27 by
Inform\xe1tica del ...)
- TODO: check
+ NOT-FOR-US: WinPlus
CVE-2025-41347 (Unlimited upload vulnerability for dangerous file types in
WinPlus v24 ...)
- TODO: check
+ NOT-FOR-US: WinPlus
CVE-2025-41346 (Faulty authorization control in software WinPlus v24.11.27 by
Inform\x ...)
- TODO: check
+ NOT-FOR-US: WinPlus
CVE-2025-40549 (A Path Restriction Bypass vulnerability exists in Serv-U that
when abu ...)
NOT-FOR-US: SolarWinds
CVE-2025-40548 (A missing validation process exists in Serv U when abused,
could give ...)
@@ -234,7 +234,7 @@ CVE-2025-37156 (A platform-level denial-of-service (DoS)
vulnerability exists in
CVE-2025-37155 (A vulnerability in the SSH restricted shell interface of the
network m ...)
NOT-FOR-US: HPE
CVE-2025-34324 (GoSign Desktop versions 2.4.0 and earlier use an unsigned
update manif ...)
- TODO: check
+ NOT-FOR-US: GoSign Desktop
CVE-2025-33184 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability
in a Pyt ...)
TODO: check
CVE-2025-33183 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability
in a Pyt ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1b076d850cc4495e545b14e5f6fb113b847dd5b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1b076d850cc4495e545b14e5f6fb113b847dd5b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
