Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3b91312b by Salvatore Bonaccorso at 2025-04-23T22:41:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,19 +15,19 @@ CVE-2025-43965 (In MIFF image processing in ImageMagick
before 7.1.1-44, image d
- imagemagick 8:7.1.1.46+dfsg1-1
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9
(7.1.1-44)
CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk
Managemen ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-42605 (This vulnerability exists in Meon Bidding Solutions due to
improper au ...)
- TODO: check
+ NOT-FOR-US: Meon Bidding Solutions
CVE-2025-42604 (This vulnerability exists in Meon KYC solutions due to debug
mode is e ...)
- TODO: check
+ NOT-FOR-US: Meon KYC solutions
CVE-2025-42603 (This vulnerability exists in the Meon KYC solutions due to
transmissio ...)
- TODO: check
+ NOT-FOR-US: Meon KYC solutions
CVE-2025-42602 (This vulnerability exists in Meon KYC solutions due to
improper handli ...)
- TODO: check
+ NOT-FOR-US: Meon KYC solutions
CVE-2025-42601 (This vulnerability exists in Meon KYC solutions due to
insufficient se ...)
- TODO: check
+ NOT-FOR-US: Meon KYC solutions
CVE-2025-42600 (This vulnerability exists in Meon KYC solutions due to missing
restric ...)
- TODO: check
+ NOT-FOR-US: Meon KYC solutions
CVE-2025-3907 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Search API S ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-3904 (Vulnerability in Drupal Sportsleague.This issue affects
Sportsleague: ...)
@@ -43,57 +43,57 @@ CVE-2025-3900 (Improper Neutralization of Input During Web
Page Generation ('Cro
CVE-2025-3673
REJECTED
CVE-2025-32969 (XWiki is a generic wiki platform. In versions starting from
1.8 and pr ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32968 (XWiki is a generic wiki platform. In versions starting from
1.6-milest ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32966 (DataEase is an open-source BI tool alternative to Tableau.
Prior to ve ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2025-32818 (A Null Pointer Dereference vulnerability in the SonicOS SSLVPN
Virtual ...)
NOT-FOR-US: SonicWall
CVE-2025-2773 (BEC Technologies Multiple Routers sys ping Command Injection
Remote Co ...)
- TODO: check
+ NOT-FOR-US: EC Technologies Routers
CVE-2025-2772 (BEC Technologies Multiple Routers Insufficiently Protected
Credentials ...)
- TODO: check
+ NOT-FOR-US: EC Technologies Routers
CVE-2025-2771 (BEC Technologies Multiple Routers Authentication Bypass
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: EC Technologies Routers
CVE-2025-2770 (BEC Technologies Multiple Routers Cleartext Password Storage
Informati ...)
- TODO: check
+ NOT-FOR-US: EC Technologies Routers
CVE-2025-2769 (Bdrive NetDrive Uncontrolled Search Path Element Local
Privilege Escal ...)
- TODO: check
+ NOT-FOR-US: Bdrive NetDrive
CVE-2025-2768 (Bdrive NetDrive Uncontrolled Search Path Element Local
Privilege Escal ...)
- TODO: check
+ NOT-FOR-US: Bdrive NetDrive
CVE-2025-2767 (Arista NG Firewall User-Agent Cross-Site Scripting Remote Code
Executi ...)
- TODO: check
+ NOT-FOR-US: Arista NG Firewall User-Agent
CVE-2025-2765 (CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials
Authenti ...)
- TODO: check
+ NOT-FOR-US: CarlinKit CPC200-CCPA Wireless Hotspot
CVE-2025-2764 (CarlinKit CPC200-CCPA update.cgi Improper Verification of
Cryptographi ...)
- TODO: check
+ NOT-FOR-US: CarlinKit CPC200-CCPA
CVE-2025-2763 (CarlinKit CPC200-CCPA Improper Verification of Cryptographic
Signature ...)
- TODO: check
+ NOT-FOR-US: CarlinKit CPC200-CCPA
CVE-2025-2762 (CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege
Escalation ...)
- TODO: check
+ NOT-FOR-US: CarlinKit CPC200-CCPA
CVE-2025-2703 (The built-in XY Chart plugin is vulnerable to a DOM XSS
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Grafana plugin
CVE-2025-29526 (A Cross-Site Scripting (XSS) vulnerability in the search
function of Q ...)
- TODO: check
+ NOT-FOR-US: Q4 Inc Investor Relations Platform
CVE-2025-28169 (BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to
v3.0_13.1.7.23122 ...)
- TODO: check
+ NOT-FOR-US: BYD QIN PLUS DM-i Dilink OS
CVE-2025-28028 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28025 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28022 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a
buffer o ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28021 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a
buffer o ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28020 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a
buffer o ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28019 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a
buffer o ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28018 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a
buffer o ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-28017 (TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to
Command Inject ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-21605 (Redis is an open source, in-memory database that persists on
disk. In ...)
TODO: check
CVE-2025-1522 (PostHog database_schema Server-Side Request Forgery Information
Disclo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b91312bc5c88717babda0c09ecede98e8534b7e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b91312bc5c88717babda0c09ecede98e8534b7e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
