[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 05 Jun 2025 01:04:15 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0e2a5e38 by Moritz Muehlenhoff at 2025-06-05T10:03:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,21 +67,21 @@ CVE-2025-48888 (Deno is a JavaScript, TypeScript, and 
WebAssembly runtime. Start
 CVE-2025-47728 (Delta Electronics CNCSoft-G2lacks proper validation of the 
user-suppli ...)
        NOT-FOR-US: Delta Electronics
 CVE-2025-46339 (FreshRSS is a self-hosted RSS feed aggregator. Prior to 
version 1.26.2 ...)
-       TODO: check
+       NOT-FOR-US: FreshRSS
 CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to 
escalate ...)
-       TODO: check
+       NOT-FOR-US: Unifiedtransform
 CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to 
escalate ...)
-       TODO: check
+       NOT-FOR-US: Unifiedtransform
 CVE-2025-46011 (Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection 
in the Q ...)
        NOT-FOR-US: Listmonk
 CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to 
version 1.26.2 ...)
-       TODO: check
+       NOT-FOR-US: FreshRSS
 CVE-2025-31482 (FreshRSS is a self-hosted RSS feed aggregator. A vulnerability 
in vers ...)
-       TODO: check
+       NOT-FOR-US: FreshRSS
 CVE-2025-31136 (FreshRSS is a self-hosted RSS feed aggregator. Prior to 
version 1.26.2 ...)
-       TODO: check
+       NOT-FOR-US: FreshRSS
 CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to 
version 1.26.2 ...)
-       TODO: check
+       NOT-FOR-US: FreshRSS
 CVE-2025-30415 (Denial of service due to improper handling of malformed input. 
The fol ...)
        NOT-FOR-US: Acronis
 CVE-2025-2336 (Improper sanitization of the value of the 'href' and 
'xlink:href' attr ...)
@@ -91,7 +91,7 @@ CVE-2025-29094 (Cross Site Scripting vulnerability in 
Motivian Content Mangment
 CVE-2025-29093 (File Upload vulnerability in Motivian Content Mangment System 
v.41.0.0 ...)
        NOT-FOR-US: Motivian Content Mangment System
 CVE-2025-27811 (A local privilege escalation in the 
razer_elevation_service.exe in Raz ...)
-       TODO: check
+       NOT-FOR-US: Razer Synapse 4
 CVE-2025-23106 (An issue was discovered in Samsung Mobile Processor Exynos 
2200, 1480, ...)
        NOT-FOR-US: Samsung
 CVE-2025-23101 (An issue was discovered in Samsung Mobile Processor Exynos 
1380. A Use ...)
@@ -111,7 +111,7 @@ CVE-2025-20286 (A vulnerability in Amazon Web Services 
(AWS), Microsoft Azure, a
 CVE-2025-20279 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
        NOT-FOR-US: Cisco
 CVE-2025-20278 (A vulnerability in the CLI of multiple Cisco Unified 
Communications pr ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20277 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
        NOT-FOR-US: Cisco
 CVE-2025-20276 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
@@ -119,23 +119,23 @@ CVE-2025-20276 (A vulnerability in the web-based 
management interface of Cisco U
 CVE-2025-20275 (A vulnerability in the file opening process of Cisco Unified 
Contact C ...)
        NOT-FOR-US: Cisco
 CVE-2025-20273 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20261 (A vulnerability in the SSH connection handling of Cisco 
Integrated Man ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20259 (Multiple vulnerabilities in the update process of Cisco 
ThousandEyes E ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20163 (A vulnerability in the SSH implementation of Cisco Nexus 
Dashboard Fab ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20130 (A vulnerability in the API of Cisco Identity Services Engine 
(ISE) and ...)
        NOT-FOR-US: Cisco
 CVE-2025-20129 (A vulnerability in the web-based chat interface of Cisco 
Customer Coll ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-1701 (CVE-2025-1701 is a high-severity vulnerability in the MIM Admin 
servic ...)
        TODO: check
 CVE-2024-13967 (This vulnerability allows the successful attacker to gain 
unauthorized ...)
        NOT-FOR-US: ABB group
 CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled 
resource co ...)
-       TODO: check
+       NOT-FOR-US: IEC 61131
 CVE-2025-48432 [Potential log injection via unescaped request path]
        - python-django 3:4.2.22-1 (bug #1107282)
        NOTE: 
https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
@@ -215,7 +215,7 @@ CVE-2025-4580 (The File Provider WordPress plugin through 
1.2.3 does not have CS
 CVE-2025-4578 (The File Provider WordPress plugin through 1.2.3 does not 
properly san ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-49223 (billboard.js before 3.15.1 was discovered to contain a 
prototype pollu ...)
-       TODO: check
+       NOT-FOR-US: billboard.js
 CVE-2025-49210
        REJECTED
 CVE-2025-49209



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e2a5e385861fe1599bfb8e0cc8dad545280845d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e2a5e385861fe1599bfb8e0cc8dad545280845d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to