Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fce0e3fe by Salvatore Bonaccorso at 2025-04-25T05:51:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -187,9 +187,9 @@ CVE-2025-43859 (h11 is a Python implementation of HTTP/1.1.
Prior to version 0.1
NOTE:
https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
NOTE: Fixed by:
https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f
(v0.16.0)
CVE-2025-43858 (YoutubeDLSharp is a wrapper for the command-line video
downloaders you ...)
- TODO: check
+ NOT-FOR-US: YoutubeDLSharp
CVE-2025-43855 (tRPC allows users to build & consume fully typesafe APIs
without schem ...)
- TODO: check
+ NOT-FOR-US: tRPC
CVE-2025-3872 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-3832 (The FuseDesk plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
@@ -267,7 +267,7 @@ CVE-2025-29568 (A vulnerability has been discovered in the
code-projects Online
CVE-2025-27820 (A bug in PSL validation logic in Apache HttpClient 5.4.x
disables doma ...)
TODO: check
CVE-2025-26382 (Under certain circumstances the iSTAR Configuration Utility
(ICU) tool ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2025-1284 (The Woocommerce Automatic Order Printing | ( Formerly
WooCommerce Goog ...)
NOT-FOR-US: WordPress plugin
CVE-2024-30148 (Improper access control of endpoint in HCL Leap allows certain
admin u ...)
@@ -285,11 +285,11 @@ CVE-2023-45720 (Insufficient default configuration in HCL
Leap allows anonymous
CVE-2023-37534 (Insufficient URI protocol whitelist in HCL Leap allows script
injectio ...)
NOT-FOR-US: HCL
CVE-2021-47664 (Due to improper authentication mechanism an unauthenticated
remote att ...)
- TODO: check
+ NOT-FOR-US: Franka Robotics
CVE-2021-47663 (Due to improperJSON Web Tokens implementation an
unauthenticated remot ...)
- TODO: check
+ NOT-FOR-US: Franka Robotics
CVE-2021-47662 (Due to missing authorization an unauthenticated remote
attackercan cau ...)
- TODO: check
+ NOT-FOR-US: Franka Robotics
CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed
ESP pac ...)
NOT-FOR-US: Westermo WeOS
CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include
ssl. Con ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fce0e3fe41be76e132912abd00617c5327ec2301
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fce0e3fe41be76e132912abd00617c5327ec2301
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
