Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
997c3a36 by Moritz Muehlenhoff at 2025-05-23T09:42:51+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2025-4419 (The Hot Random Image plugin for WordPress is
vulnerable to Path T
CVE-2025-4405 (The Hot Random Image plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4366 (A request smuggling vulnerability identified within
Pingora\u2019s pro ...)
- TODO: check
+ NOT-FOR-US: Pingora
CVE-2025-4280 (MacOS version of Poedit bundles aPython interpreter that
inherits the ...)
- poedit <not-affected> (Specific to MacOS package)
NOTE:
https://github.com/vslavik/poedit/security/advisories/GHSA-8fcw-v6gr-hp34
@@ -34,11 +34,11 @@ CVE-2025-48368 (Group-Office is an enterprise customer
relationship management a
CVE-2025-48366 (Group-Office is an enterprise customer relationship management
and gro ...)
NOT-FOR-US: Group-Office
CVE-2025-48075 (Fiber is an Express-inspired web framework written in Go.
Starting in ...)
- TODO: check
+ NOT-FOR-US: Fiber
CVE-2025-48066 (wire-webapp is the web application for the open-source
messaging servi ...)
- TODO: check
+ NOT-FOR-US: wire-webapp
CVE-2025-48061 (wire-webapp is the web application for the open-source
messaging servi ...)
- TODO: check
+ NOT-FOR-US: wire-webapp
CVE-2025-47780 (Asterisk is an open-source private branch exchange (PBX).
Prior to ver ...)
- asterisk <unfixed>
NOTE:
https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
@@ -48,21 +48,21 @@ CVE-2025-47779 (Asterisk is an open-source private branch
exchange (PBX). Prior
NOTE:
https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
TODO: check details
CVE-2025-46716 (Sandboxie is a sandbox-based isolation software for 32-bit and
64-bit ...)
- TODO: check
+ NOT-FOR-US: Sandboxie
CVE-2025-46715 (Sandboxie is a sandbox-based isolation software for 32-bit and
64-bit ...)
- TODO: check
+ NOT-FOR-US: Sandboxie
CVE-2025-46714 (Sandboxie is a sandbox-based isolation software for 32-bit and
64-bit ...)
- TODO: check
+ NOT-FOR-US: Sandboxie
CVE-2025-46713 (Sandboxie is a sandbox-based isolation software for 32-bit and
64-bit ...)
- TODO: check
+ NOT-FOR-US: Sandboxie
CVE-2025-45472 (Insecure permissions in autodeploy-layer v1.2.0 allows
attackers to es ...)
- TODO: check
+ NOT-FOR-US: SAR-AutoDeploy-Layer
CVE-2025-45471 (Insecure permissions in measure-cold-start v1.4.1 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: measure-cold-start
CVE-2025-45468 (Insecure permissions in fc-stable-diffusion-plus v1.0.18
allows attack ...)
- TODO: check
+ NOT-FOR-US: fc-stable-diffusion-plus
CVE-2025-43596 (An insecure file system permissions vulnerability in MSP360
Backup 8.0 ...)
- TODO: check
+ NOT-FOR-US: MSP360 Backup
CVE-2025-41403 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are
vulnerab ...)
NOT-FOR-US: Zoho
CVE-2025-3945 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
@@ -98,13 +98,13 @@ CVE-2025-33137 (IBM Aspera Faspex 5.0.0 through 5.0.12
could allow an authentica
CVE-2025-33136 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an
authenticated us ...)
NOT-FOR-US: IBM
CVE-2025-32915 (Packages downloaded by Checkmk's automatic agent updates on
Linux and ...)
- TODO: check
+ - check-mk <removed>
CVE-2025-32815 (An issue was discovered in Infoblox NETMRI before 7.6.1.
Authenticatio ...)
- TODO: check
+ NOT-FOR-US: Infoblox NETMRI
CVE-2025-32814 (An issue was discovered in Infoblox NETMRI before 7.6.1.
Unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Infoblox NETMRI
CVE-2025-32813 (An issue was discovered in Infoblox NETMRI before 7.6.1.
Remote Unauth ...)
- TODO: check
+ NOT-FOR-US: Infoblox NETMRI
CVE-2025-30173 (File upload vulnerabilities are present in ASPECT if session
administr ...)
NOT-FOR-US: ABB group
CVE-2025-30172 (Remote Code Execution vulnerabilities are present in ASPECT if
session ...)
@@ -126,9 +126,9 @@ CVE-2025-2409 (File corruption vulnerabilities in ASPECT
provide attackers acces
CVE-2025-2272 (Uncontrolled Search Path Element vulnerability in Forcepoint
FIE Endpo ...)
TODO: check
CVE-2025-23183 (CWE-601: URL Redirection to Untrusted Site ('Open Redirect'))
- TODO: check
+ NOT-FOR-US: UBtech FreePass
CVE-2025-23182 (CWE-203: Observable Discrepancy)
- TODO: check
+ NOT-FOR-US: UBtech FreePass
CVE-2025-1110 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2025-0993 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
@@ -150,9 +150,9 @@ CVE-2024-6914 (An incorrect authorization vulnerability
exists in multiple WSO2
CVE-2024-5962 (A reflected cross-site scripting (XSS) vulnerability exists in
the aut ...)
TODO: check
CVE-2024-54188 (Infoblox NETMRI before 7.6.1 has a vulnerability allowing
remote authe ...)
- TODO: check
+ NOT-FOR-US: Infoblox NETMRI
CVE-2024-52874 (In Infoblox NETMRI before 7.6.1, authenticated users can
perform SQL i ...)
- TODO: check
+ NOT-FOR-US: Infoblox NETMRI
CVE-2024-51553 (Predictable filename vulnerabilities in ASPECT may expose
sensitive in ...)
NOT-FOR-US: ABB group
CVE-2024-51552 (Weak password storage vulnerabilities exist in ASPECT if
administrator ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997c3a361a39c01fefa4f3e9e4eac8b23071261c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997c3a361a39c01fefa4f3e9e4eac8b23071261c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
