[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 30 21:44:14 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17cb0326 by Salvatore Bonaccorso at 2025-04-30T22:43:09+02:00
Process some NFUs
- - - - -
7d7f4e14 by Salvatore Bonaccorso at 2025-04-30T22:43:26+02:00
Add two new CVEs for joplin, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-4136 (A vulnerability was found in Weitong Mall 1.0.0. It has been classifie ...)
- TODO: check
+ NOT-FOR-US: Weitong Mall
CVE-2025-4135 (A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classifie ...)
NOT-FOR-US: Netgear
CVE-2025-4125 (Delta Electronics ISPSoft version 3.20 is vulnerable to anOut-Of-Bound ...)
@@ -13,9 +13,9 @@ CVE-2025-4121 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has
CVE-2025-4120 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been ...)
NOT-FOR-US: Netgear
CVE-2025-4119 (A vulnerability classified as critical was found in Weitong Mall 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: Weitong Mall
CVE-2025-4118 (A vulnerability classified as critical has been found in Weitong Mall ...)
- TODO: check
+ NOT-FOR-US: Weitong Mall
CVE-2025-4117 (A vulnerability, which was classified as critical, was found in Netgea ...)
NOT-FOR-US: Netgear
CVE-2025-4116 (A vulnerability, which was classified as critical, has been found in N ...)
@@ -37,17 +37,17 @@ CVE-2025-4109 (A vulnerability has been found in PHPGurukul Pre-School Enrollmen
CVE-2025-4108 (A vulnerability, which was classified as critical, was found in PHPGur ...)
NOT-FOR-US: PHPGurukul
CVE-2025-46619 (A security issue has been discovered in Couchbase Server before 7.6.4 ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2025-46558 (XWiki Contrib's Syntax Markdown allows importing Markdown content into ...)
- TODO: check
+ NOT-FOR-US: XWiki Contrib's Syntax Markdown
CVE-2025-46557 (XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-46554 (XWiki is a generic wiki platform. In versions starting from 1.8.1 to b ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-46342 (Kyverno is a policy engine designed for cloud native platform engineer ...)
- TODO: check
+ NOT-FOR-US: Kyverno
CVE-2025-46331 (OpenFGA is a high-performance and flexible authorization/permission en ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2025-45021 (A SQL Injection vulnerability was identified in the admin/edit-directo ...)
NOT-FOR-US: PHPGurukul
CVE-2025-45020 (A SQL Injection vulnerability was discovered in the normal-bwdates-rep ...)
@@ -75,9 +75,9 @@ CVE-2025-44193 (SourceCodester Simple Barangay Management System v1.0 has a SQL
CVE-2025-44192 (SourceCodester Simple Barangay Management System v1.0 has a SQL inject ...)
NOT-FOR-US: SourceCodester
CVE-2025-3859 (Websites directing users to long URLs that caused eliding to occur in ...)
- TODO: check
+ NOT-FOR-US: Firefox Focus for iOS
CVE-2025-3599 (Symantec Endpoint Protection Windows Agent, running an ERASER Engine p ...)
- TODO: check
+ NOT-FOR-US: Symantec Endpoint Protection Windows Agent
CVE-2025-3395 (Incorrect Permission Assignment for Critical Resource, Cleartext Stora ...)
NOT-FOR-US: ABB group
CVE-2025-3394 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
@@ -87,29 +87,29 @@ CVE-2025-3269
CVE-2025-39413 (Missing Authorization vulnerability in David Gwyer Simple Sitemap \u20 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-33074 (Improper verification of cryptographic signature in Microsoft Azure Fu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-32974 (XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32973 (XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32972 (XWiki is a generic wiki platform. In versions starting from 6.1-milest ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32971 (XWiki is a generic wiki platform. In versions starting from 4.5.1 to b ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32970 (XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-32777 (Volcano is a Kubernetes-native batch scheduling system. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: Volcano (Kubernetes-native batch scheduling system)
CVE-2025-32376 (Discourse is an open-source discussion platform. Prior to versions 3.4 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-30392 (Improper authorization in Azure Bot Framework SDK allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-30391 (Improper input validation in Microsoft Dynamics allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-30390 (Improper authorization in Azure allows an authorized attacker to eleva ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-30389 (Improper authorization in Azure Bot Framework SDK allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-2890 (The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-b ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2170 (A Server-side request forgery (SSRF) vulnerability has been identified ...)
@@ -117,65 +117,65 @@ CVE-2025-2170 (A Server-side request forgery (SSRF) vulnerability has been ident
CVE-2025-2156
REJECTED
CVE-2025-2082 (Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2025-27611 (base-x is a base encoder and decoder of any given alphabet using bitco ...)
TODO: check
CVE-2025-27532 (A vulnerability in the \u201cBackup & Restore\u201d functionality of t ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-27409 (Joplin is a free, open source note taking and to-do application, which ...)
- TODO: check
+ - joplin <itp> (bug #931306)
CVE-2025-27134 (Joplin is a free, open source note taking and to-do application, which ...)
- TODO: check
+ - joplin <itp> (bug #931306)
CVE-2025-24887 (OpenCTI is an open-source cyber threat intelligence platform. In versi ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2025-24351 (A vulnerability in the \u201cRemote Logging\u201d functionality of the ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24350 (A vulnerability in the \u201cCertificates and Keys\u201d functionality ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24349 (A vulnerability in the \u201cNetwork Interfaces\u201d functionality of ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24348 (A vulnerability in the \u201cNetwork Interfaces\u201d functionality of ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24347 (A vulnerability in the \u201cNetwork Interfaces\u201d functionality of ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24346 (A vulnerability in the \u201cProxy\u201d functionality of the web appl ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24345 (A vulnerability in the \u201cHosts\u201d functionality of the web appl ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24344 (A vulnerability in the error notification messages of the web applicat ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24343 (A vulnerability in the \u201cManages app data\u201d functionality of t ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24342 (A vulnerability in the login functionality of the web application of c ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24341 (A vulnerability in the web application of ctrlX OS allows a remote aut ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24340 (A vulnerability in the users configuration file of ctrlX OS may allow ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24339 (A vulnerability in the web application of ctrlX OS allows a remote una ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24338 (A vulnerability in the \u201cManages app data\u201d functionality of t ...)
- TODO: check
+ NOT-FOR-US: ctrlX OS
CVE-2025-24091 (An app could impersonate system notifications. Sensitive notifications ...)
NOT-FOR-US: Apple
CVE-2025-21416 (Missing authorization in Azure Virtual Desktop allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-9877 (: Use of GET Request Method With Sensitive Query Strings vulnerability ...)
NOT-FOR-US: ABB group
CVE-2024-9876 (: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB A ...)
NOT-FOR-US: ABB group
CVE-2024-6032 (Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vul ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2024-6031 (Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Executi ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2024-6030 (Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2024-6029 (Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2024-47784 (Unverified Password Change for ANC software that allows an authenticat ...)
NOT-FOR-US: ABB group
CVE-2024-13943 (Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Valida ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2025-4096
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/230b923e5857ef5907c91c03129c16d14659a2ab...7d7f4e147e97d51af26a17ef0fca0b30ca27e261
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/230b923e5857ef5907c91c03129c16d14659a2ab...7d7f4e147e97d51af26a17ef0fca0b30ca27e261
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/3b5129d4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list