Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e49d9b27 by security tracker role at 2025-05-13T20:13:57+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,9 +11,9 @@ CVE-2025-4647 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2025-4646 (Improper Privilege Management vulnerability in Centreon web
(API Token ...)
TODO: check
CVE-2025-4428 (Remote Code Execution in API component in Ivanti Endpoint
Manager Mobi ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-4427 (An authentication bypass in the API component of Ivanti
Endpoint Manag ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-47280 (Umbraco Forms is a form builder that integrates with the
Umbraco conte ...)
TODO: check
CVE-2025-47278 (Flask is a web server gateway interface (WSGI) web application
framewo ...)
@@ -49,67 +49,67 @@ CVE-2025-44831 (EngineerCMS v1.02 through v2.0.5 has a SQL
injection vulnerabili
CVE-2025-44039 (CP-XR-DE21-S -4G Router Firmware version 1.031.022 was
discovered to c ...)
TODO: check
CVE-2025-43557 (Animate versions 24.0.8, 23.0.11 and earlier are affected by
an Access ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43556 (Animate versions 24.0.8, 23.0.11 and earlier are affected by
an Intege ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43555 (Animate versions 24.0.8, 23.0.11 and earlier are affected by
an Intege ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43547 (Bridge versions 15.0.3, 14.1.6 and earlier are affected by an
Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43546 (Bridge versions 15.0.3, 14.1.6 and earlier are affected by an
Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43545 (Bridge versions 15.0.3, 14.1.6 and earlier are affected by an
Access o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-41645 (An unauthenticated remote attacker could use a demo account of
the por ...)
TODO: check
CVE-2025-40628 (SQL injection vulnerability in DomainsPRO 1.2. This
vulnerability coul ...)
TODO: check
CVE-2025-40583 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40582 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40581 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40580 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40579 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40578 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40577 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40576 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40575 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40574 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40573 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40572 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40571 (A vulnerability has been identified in Mendix OIDC SSO (Mendix
10 comp ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40566 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40556 (A vulnerability has been identified in BACnet ATEC 550-440
(All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40555 (A vulnerability has been identified in APOGEE PXC+TALON TC
Series (BAC ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-3916 (CWE-121: Stack-based Buffer Overflowvulnerability existsthat
could cau ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-3757 (Versions of OpenPubkey library prior to 0.10.0 contained a
vulnerabil ...)
TODO: check
CVE-2025-3744 (Nomad Enterprise (\u201cNomad\u201d) jobs using the policy
override op ...)
TODO: check
CVE-2025-33025 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-33024 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32917 (Privilege escalation in jar_signature agent plugin in Checkmk
versions ...)
TODO: check
CVE-2025-32756 (A stack-based buffer overflow vulnerability [CWE-121] in
Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-32709 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
TODO: check
CVE-2025-32707 (Out-of-bounds read in Windows NTFS allows an unauthorized
attacker to ...)
@@ -127,13 +127,13 @@ CVE-2025-32702 (Improper neutralization of special
elements used in a command ('
CVE-2025-32701 (Use after free in Windows Common Log File System Driver allows
an auth ...)
TODO: check
CVE-2025-32469 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32454 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31930 (A vulnerability has been identified in IEC 1Ph 7.4kW Child
socket (8EM ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31929 (A vulnerability has been identified in IEC 1Ph 7.4kW Child
socket (8EM ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31493 (Kirby is an open-source content management system. A
vulnerability in ...)
TODO: check
CVE-2025-30400 (Use after free in Windows DWM allows an authorized attacker to
elevate ...)
@@ -171,35 +171,35 @@ CVE-2025-30376 (Heap-based buffer overflow in Microsoft
Office Excel allows an u
CVE-2025-30375 (Access of resource using incompatible type ('type confusion')
in Micro ...)
TODO: check
CVE-2025-30330 (Illustrator versions 29.3, 28.7.5 and earlier are affected by
a Heap-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30329 (Animate versions 24.0.8, 23.0.11 and earlier are affected by a
NULL Po ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30328 (Animate versions 24.0.8, 23.0.11 and earlier are affected by
an out-of ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30326 (Photoshop Desktop versions 26.5, 25.12.2 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30325 (Photoshop Desktop versions 26.5, 25.12.2 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30324 (Photoshop Desktop versions 26.5, 25.12.2 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30322 (Substance3D - Painter versions 11.0 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30320 (InDesign Desktop versions ID19.5.2, ID20.2 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30319 (InDesign Desktop versions ID19.5.2, ID20.2 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30318 (InDesign Desktop versions ID19.5.2, ID20.2 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30310 (Dreamweaver Desktop versions 21.4 and earlier are affected by
an Acces ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30207 (Kirby is an open-source content management system. A
vulnerability in ...)
TODO: check
CVE-2025-30176 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30175 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30174 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30159 (Kirby is an open-source content management system. A
vulnerability in ...)
TODO: check
CVE-2025-29979 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
@@ -277,7 +277,7 @@ CVE-2025-29830 (Use of uninitialized resource in Windows
Routing and Remote Acce
CVE-2025-29829 (Use of uninitialized resource in Windows Trusted Runtime
Interface Dri ...)
TODO: check
CVE-2025-29826 (Improper handling of insufficient permissions or privileges in
Microso ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-28057 (owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in
/admin- ...)
TODO: check
CVE-2025-28056 (rebuild v3.9.0 through v3.9.3 has a SQL injection
vulnerability in /ad ...)
@@ -291,7 +291,7 @@ CVE-2025-27488 (Use of hard-coded credentials in Windows
Hardware Lab Kit allows
CVE-2025-27468 (Improper privilege management in Windows Secure Kernel Mode
allows an ...)
TODO: check
CVE-2025-27197 (Lightroom Desktop versions 8.2 and earlier are affected by an
out-of-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-26685 (Improper authentication in Microsoft Defender for Identity
allows an u ...)
TODO: check
CVE-2025-26684 (External control of file name or path in Microsoft Defender
for Endpoi ...)
@@ -299,25 +299,25 @@ CVE-2025-26684 (External control of file name or path in
Microsoft Defender for
CVE-2025-26677 (Uncontrolled resource consumption in Remote Desktop Gateway
Service al ...)
TODO: check
CVE-2025-26390 (A vulnerability has been identified in OZW672 (All versions <
V6.0), O ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-26389 (A vulnerability has been identified in OZW672 (All versions <
V8.0), O ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-24510 (A vulnerability has been identified in MS/TP Point Pickup
Module (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-24063 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
TODO: check
CVE-2025-24009 (A vulnerability has been identified in SIRIUS 3RK3 Modular
Safety Syst ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-24008 (A vulnerability has been identified in SIRIUS 3RK3 Modular
Safety Syst ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-24007 (A vulnerability has been identified in SIRIUS 3RK3 Modular
Safety Syst ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-22859 (ARelative Path Traversal vulnerability [CWE-23] in
FortiClientEMS 7.4. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-22462 (An authentication bypass in Ivanti Neurons for ITSM (on-prem
only) bef ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22460 (Default credentials in Ivanti Cloud Services Application
before versio ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22248 (The bitnami/pgpoolDocker image, and the bitnami/postgres-hak8s
chart, ...)
TODO: check
CVE-2025-21264 (Files or directories accessible to external parties in Visual
Studio C ...)
@@ -325,23 +325,23 @@ CVE-2025-21264 (Files or directories accessible to
external parties in Visual St
CVE-2025-0035 (Unquoted search path within AMD Cloud Manageability Service can
allow ...)
TODO: check
CVE-2024-6364 (A vulnerability in Absolute Persistence\xae versions before 2.8
exists ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2024-56526 (An issue was discovered in OXID eShop before 7. CMS pages in
combinati ...)
TODO: check
CVE-2024-51447 (A vulnerability has been identified in Polarion V2310 (All
versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-51446 (A vulnerability has been identified in Polarion V2310 (All
versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-51445 (A vulnerability has been identified in Polarion V2310 (All
versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-51444 (A vulnerability has been identified in Polarion V2310 (All
versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-48766 (NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file
reading ...)
TODO: check
CVE-2024-46506 (NetAlertX 23.01.14 through 24.x before 24.10.12 allows
unauthenticated ...)
TODO: check
CVE-2024-42446 (APTIOV contains a vulnerability in BIOS where an attacker may
cause a ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2024-36340 (A junction point vulnerability within AMD uProf can allow a
local low ...)
TODO: check
CVE-2024-36339 (A DLL hijacking vulnerability in the AMD Optimizing CPU
Libraries coul ...)
@@ -349,9 +349,9 @@ CVE-2024-36339 (A DLL hijacking vulnerability in the AMD
Optimizing CPU Librarie
CVE-2024-36321 (Unquoted search path within AIM-T Manageability Service can
allow a lo ...)
TODO: check
CVE-2024-35281 (An improper isolation or compartmentalization vulnerability
[CWE-653] ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-23815 (A vulnerability has been identified in Desigo CC (All versions
if acce ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-21960 (Incorrect default permissions in the AMD Optimizing CPU
Libraries (AOC ...)
TODO: check
CVE-2024-12533 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
@@ -418,7 +418,7 @@ CVE-2025-42999 (SAP NetWeaver Visual Composer Metadata
Uploader is vulnerable wh
CVE-2025-42997 (Under certain conditions, SAP Gateway Client allows a
high-privileged ...)
NOT-FOR-US: SAP
CVE-2025-3659 (Improper authentication handling was identified in a set of
HTTP POST ...)
- TODO: check
+ NOT-FOR-US: Digi
CVE-2025-3107 (The Newsletters plugin for WordPress is vulnerable to
time-based SQL I ...)
NOT-FOR-US: WordPress plugin
CVE-2025-35471 (conda-forge openssl-feedstock before 066e83c (2024-05-20), on
Microsof ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d9b27f4a2f88146a7ff55b5e4d5290fcbc7d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d9b27f4a2f88146a7ff55b5e4d5290fcbc7d1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
