[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 28 21:28:18 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
985f58ce by Salvatore Bonaccorso at 2025-04-28T22:28:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -66,9 +66,9 @@ CVE-2025-43854 (DIFY is an open-source LLM app development platform. Prior to ve
CVE-2025-42598 (Multiple SEIKO EPSON printer drivers for Windows OS are configured wit ...)
NOT-FOR-US: EPSON
CVE-2025-3224 (A vulnerability in the update process of Docker Desktop for Windows ve ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop for Windows
CVE-2025-3200 (An unauthenticated remote attacker could exploit the used, insecure TL ...)
- TODO: check
+ NOT-FOR-US: Wiesemann & Theis GmbH
CVE-2025-39367 (Missing Authorization vulnerability in SeventhQueen Kleo.This issue af ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-34491 (GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deser ...)
@@ -96,19 +96,19 @@ CVE-2025-23376 (Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.1
CVE-2025-23375 (Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) ...)
NOT-FOR-US: Dell / EMC
CVE-2024-32499 (Newforma Project Center Server through 2023.3.0.32259 allows remote co ...)
- TODO: check
+ NOT-FOR-US: Newforma Project Center Server
CVE-2024-12706 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: OpenText
CVE-2023-42404 (OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary ...)
- TODO: check
+ NOT-FOR-US: OneVision Workspace
CVE-2023-35817 (DevExpress before 23.1.3 allows AsyncDownloader SSRF.)
- TODO: check
+ NOT-FOR-US: DevExpress
CVE-2023-35816 (DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.)
- TODO: check
+ NOT-FOR-US: DevExpress
CVE-2023-35815 (DevExpress before 23.1.3 has a data-source protection mechanism bypass ...)
- TODO: check
+ NOT-FOR-US: DevExpress
CVE-2023-35814 (DevExpress before 23.1.3 does not properly protect XtraReport serializ ...)
- TODO: check
+ NOT-FOR-US: DevExpress
CVE-2025-4007 (A vulnerability classified as critical was found in Tenda W12 and i24 ...)
NOT-FOR-US: Tenda
CVE-2025-4006 (A vulnerability classified as critical has been found in youyiio Beyon ...)
@@ -226348,7 +226348,7 @@ CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system fo
CVE-2022-41872
RESERVED
CVE-2022-41871 (SEPPmail through 12.1.17 allows command injection within the Admin Por ...)
- TODO: check
+ NOT-FOR-US: SEPPmail
CVE-2022-41870 (AP Manager in Innovaphone before 13r2 Service Release 17 allows comman ...)
NOT-FOR-US: Innovaphone
CVE-2022-41869
@@ -644340,7 +644340,7 @@ CVE-2015-4584
CVE-2015-4583
RESERVED
CVE-2015-4582 (The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2015-4581
RESERVED
CVE-2015-4580
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/985f58ce97ad82892414321b94994fdb1cc65888
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/985f58ce97ad82892414321b94994fdb1cc65888
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250428/d6adf15b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list