Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e59a7b89 by Salvatore Bonaccorso at 2025-06-04T22:38:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,67 +1,67 @@
CVE-2025-5688 (We have identified a buffer overflow issue allowing
out-of-bounds writ ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-5609 (A vulnerability classified as critical was found in Tenda AC18
15.03.0 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5608 (A vulnerability classified as critical has been found in Tenda
AC18 15 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5607 (A vulnerability was found in Tenda AC18 15.03.05.05. It has
been rated ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5606 (A vulnerability was found in Tenda AC18 15.03.05.05. It has
been decla ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5604 (A vulnerability was found in Campcodes Hospital Management
System 1.0 ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5603 (A vulnerability has been found in Campcodes Hospital Management
System ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5602 (A vulnerability, which was classified as critical, was found in
Campco ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5601 (Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0
to 4.2.1 ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-02.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20509
CVE-2025-5600 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5599 (A vulnerability classified as critical was found in PHPGurukul
Student ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5598 (Path Traversal vulnerability in WF Steuerungstechnik GmbH
airleader MA ...)
- TODO: check
+ NOT-FOR-US: WF Steuerungstechnik GmbH airleader MASTER
CVE-2025-5597 (Improper Authentication vulnerability in WF Steuerungstechnik
GmbH air ...)
- TODO: check
+ NOT-FOR-US: WF Steuerungstechnik GmbH airleader MASTER
CVE-2025-5596 (A vulnerability was found in FreeFloat FTP Server 1.0. It has
been cla ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-5595 (A vulnerability was found in FreeFloat FTP Server 1.0 and
classified a ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-5594 (A vulnerability has been found in FreeFloat FTP Server 1.0 and
classif ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-5593 (A vulnerability, which was classified as critical, was found in
FreeFl ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-5592 (A vulnerability, which was classified as critical, has been
found in F ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-5584 (A vulnerability was found in PHPGurukul Hospital Management
System 4.0 ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5583 (A vulnerability classified as critical has been found in
CodeAstro Rea ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-5582 (A vulnerability was found in CodeAstro Real Estate Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-5581 (A vulnerability was found in CodeAstro Real Estate Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-5580 (A vulnerability was found in CodeAstro Real Estate Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-48962 (Sensitive information disclosure due to SSRF. The following
products a ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-48961 (Local privilege escalation due to insecure folder permissions.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-48960 (Weak server key used for TLS encryption. The following
products are af ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-48959 (Local privilege escalation due to insecure file permissions.
The follo ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-48935 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Starting in ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2025-48934 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to ve ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2025-48888 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Starting in ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2025-47728 (Delta Electronics CNCSoft-G2lacks proper validation of the
user-suppli ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2025-46339 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
TODO: check
CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to
escalate ...)
@@ -69,7 +69,7 @@ CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a
remote attacker to es
CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to
escalate ...)
TODO: check
CVE-2025-46011 (Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection
in the Q ...)
- TODO: check
+ NOT-FOR-US: Listmonk
CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
TODO: check
CVE-2025-31482 (FreshRSS is a self-hosted RSS feed aggregator. A vulnerability
in vers ...)
@@ -79,41 +79,41 @@ CVE-2025-31136 (FreshRSS is a self-hosted RSS feed
aggregator. Prior to version
CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
TODO: check
CVE-2025-30415 (Denial of service due to improper handling of malformed input.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-2336 (Improper sanitization of the value of the 'href' and
'xlink:href' attr ...)
TODO: check
CVE-2025-29094 (Cross Site Scripting vulnerability in Motivian Content
Mangment System ...)
- TODO: check
+ NOT-FOR-US: Motivian Content Mangment System
CVE-2025-29093 (File Upload vulnerability in Motivian Content Mangment System
v.41.0.0 ...)
- TODO: check
+ NOT-FOR-US: Motivian Content Mangment System
CVE-2025-27811 (A local privilege escalation in the
razer_elevation_service.exe in Raz ...)
TODO: check
CVE-2025-23106 (An issue was discovered in Samsung Mobile Processor Exynos
2200, 1480, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-23101 (An issue was discovered in Samsung Mobile Processor Exynos
1380. A Use ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-23096 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-23095 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-22245 (VMware NSX contains a stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22244 (VMware NSX contains a stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-22243 (VMware NSX Manager UI is vulnerable to a stored Cross-Site
Scripting ( ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-20286 (A vulnerability in Amazon Web Services (AWS), Microsoft Azure,
and Ora ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20279 (A vulnerability in the web-based management interface of Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20278 (A vulnerability in the CLI of multiple Cisco Unified
Communications pr ...)
TODO: check
CVE-2025-20277 (A vulnerability in the web-based management interface of Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20276 (A vulnerability in the web-based management interface of Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20275 (A vulnerability in the file opening process of Cisco Unified
Contact C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20273 (A vulnerability in the web-based management interface of Cisco
Unified ...)
TODO: check
CVE-2025-20261 (A vulnerability in the SSH connection handling of Cisco
Integrated Man ...)
@@ -123,13 +123,13 @@ CVE-2025-20259 (Multiple vulnerabilities in the update
process of Cisco Thousand
CVE-2025-20163 (A vulnerability in the SSH implementation of Cisco Nexus
Dashboard Fab ...)
TODO: check
CVE-2025-20130 (A vulnerability in the API of Cisco Identity Services Engine
(ISE) and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20129 (A vulnerability in the web-based chat interface of Cisco
Customer Coll ...)
TODO: check
CVE-2025-1701 (CVE-2025-1701 is a high-severity vulnerability in the MIM Admin
servic ...)
TODO: check
CVE-2024-13967 (This vulnerability allows the successful attacker to gain
unauthorized ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled
resource co ...)
TODO: check
CVE-2025-48432 [Potential log injection via unescaped request path]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e59a7b89653c9176917b5bbfa76e30a2c52a93d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e59a7b89653c9176917b5bbfa76e30a2c52a93d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
