[Git][security-tracker-team/security-tracker][master] NFUs / new k8s issue

Tue, 16 Dec 2025 01:09:33 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
934ac869 by Moritz Muehlenhoff at 2025-12-16T09:11:22+01:00
NFUs / new k8s issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-14439
+       NOT-FOR-US: OpenUSD
 CVE-2025-XXXX [Malicious remote can overwrite and exfiltrate local files]
        - ckermit <unfixed> (bug #1123025)
        [trixie] - ckermit <no-dsa> (Minor issue; documented; can be fixed via 
point release)
@@ -118,7 +120,7 @@ CVE-2025-12035 (An integer overflow condition exists in 
Bluetooth Host stack, wi
 CVE-2025-11670 (Zohocorp ManageEngine ADManager Plus versions before 8025 are 
vulnerab ...)
        NOT-FOR-US: Zoho
 CVE-2025-11393 (A flaw was found in runtimes-inventory-rhel8-operator. An 
internal pro ...)
-       TODO: check
+       NOT-FOR-US: Red Hat Runtimes Inventory Operator
 CVE-2024-44599 (FNT Command 13.4.0 is vulnerable to Directory Traversal.)
        NOT-FOR-US: FNT Command
 CVE-2024-44598 (FNT Command 13.4.0 is vulnerable to Code Execution via the C 
Base Modu ...)
@@ -196,7 +198,10 @@ CVE-2025-13740 (The Lightweight Accordion plugin for 
WordPress is vulnerable to
 CVE-2025-13355 (The URL Shortify  WordPress plugin before 1.11.4 does not 
sanitise and ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-13281 (A half-blind Server Side Request Forgery (SSRF) vulnerability 
exists i ...)
-       TODO: check
+       - kubernetes 1.20.5+really1.20.2-1
+       NOTE: Server components no longer built since 1.20.5+really1.20.2-1, 
marking that as fixed version
+       NOTE: The source package itself it still vulnerable, but custom 
rebuilds are not really a usecase here
+       NOTE: 
https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
 CVE-2025-12684 (The URL Shortify  WordPress plugin before 1.11.3 does not 
sanitize and ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-11363 (The Royal Addons for Elementor  WordPress plugin before 
1.7.1037 does  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934ac869b88c12e5f23e8df516888c3b894acf51

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934ac869b88c12e5f23e8df516888c3b894acf51
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to