[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 2 21:13:04 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4eb29eba by security tracker role at 2025-06-02T20:12:57+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
CVE-2025-5455 (An issue was found in the private API function qDecodeDataUrl() in QtC ...)
TODO: check
CVE-2025-5447 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5446 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5445 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5444 (A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE63 ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5443 (A vulnerability, which was classified as critical, was found in Linksy ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5442 (A vulnerability, which was classified as critical, has been found in L ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5441 (A vulnerability classified as critical was found in Linksys RE6500, RE ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5440 (A vulnerability classified as critical has been found in Linksys RE650 ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5439 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5438 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-5437 (A vulnerability classified as critical has been found in Multilaser Si ...)
TODO: check
CVE-2025-5086 (A deserialization of untrusted data vulnerability affecting DELMIA Apr ...)
- TODO: check
+ NOT-FOR-US: Dassault Systemes
CVE-2025-5036 (A maliciously crafted RFA file, when linked or imported into Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-49069 (Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48996 (HAX open-apis provides microservice apis for HAX webcomponents repo th ...)
TODO: check
CVE-2025-48995 (SignXML is an implementation of the W3C XML Signature standard in Pyth ...)
@@ -43,9 +43,9 @@ CVE-2025-48957 (AstrBot is a large language model chatbot and development framew
CVE-2025-48955 (Para is a multitenant backend server/framework for object persistence ...)
TODO: check
CVE-2025-48941 (MyBB is free and open source forum software. Prior to version 1.8.39, ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2025-48940 (MyBB is free and open source forum software. Prior to version 1.8.39, ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2025-48866 (ModSecurity is an open source, cross platform web application firewall ...)
TODO: check
CVE-2025-48745
@@ -71,25 +71,25 @@ CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint of
CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access ...)
TODO: check
CVE-2025-44172 (Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-44115 (A vulnerability has been found in Cotonti Siena v0.9.25. Affected by t ...)
TODO: check
CVE-2025-37096 (A command injection remote code execution vulnerability exists in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37095 (A directory traversal information disclosure vulnerabilityexists in HP ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37094 (A directory traversal arbitrary file deletion vulnerabilityexists in H ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37093 (An authentication bypass vulnerabilityexists in HPE StoreOnce Software ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37092 (A command injection remote code execution vulnerability exists in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37091 (A command injection remote code execution vulnerabilityexists in HPE S ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37090 (A server-side request forgery vulnerabilityexists in HPE StoreOnce Sof ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37089 (A command injection remote code execution vulnerability exists in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-29785 (quic-go is an implementation of the QUIC protocol in Go. The loss reco ...)
TODO: check
CVE-2025-27956 (Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remo ...)
@@ -101,7 +101,7 @@ CVE-2025-27954 (An issue in Clinical Collaboration Platform 12.2.1.5 allows a re
CVE-2025-27953 (An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote a ...)
TODO: check
CVE-2025-26396 (The SolarWinds Dameware Mini Remote Control was determined to be affec ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-23105 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
TODO: check
CVE-2025-23104 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
@@ -111,7 +111,7 @@ CVE-2025-23099 (An issue was discovered in Samsung Mobile Processor Exynos 1480
CVE-2025-20298 (In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, ...)
TODO: check
CVE-2025-20297 (In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20001 (An out-of-bounds read vulnerability exists in High-Logic FontCreator 1 ...)
TODO: check
CVE-2025-1750 (An SQL injection vulnerability exists in the delete function of DuckDB ...)
@@ -125,11 +125,11 @@ CVE-2025-0819 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver
CVE-2025-0073 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
TODO: check
CVE-2024-8008 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2024-7074 (An arbitrary file upload vulnerability exists in multiple WSO2 product ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2024-7073 (A server-side request forgery (SSRF) vulnerability exists in multiple ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2024-57783 (The desktop application in Dot through 0.9.3 allows XSS and resultant ...)
TODO: check
CVE-2024-57459 (A time-based SQL injection vulnerability exists in mydetailsstudent.ph ...)
@@ -141,9 +141,9 @@ CVE-2024-40113 (Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before
CVE-2024-40112 (A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 ...)
TODO: check
CVE-2024-3509 (A stored cross-site scripting (XSS) vulnerability exists in the Manage ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2024-1440 (An open redirection vulnerability exists in multiple WSO2 products due ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2024-12168 (Yandex Telemost for Desktop before 2.7.0has a DLL Hijacking Vulnerabil ...)
TODO: check
CVE-2024-52035 (An integer overflow vulnerability exists in the OLE Document File Allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eb29ebaa56ed4af9071c67f267ecf3d74b9e295
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eb29ebaa56ed4af9071c67f267ecf3d74b9e295
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/f80e9056/attachment.htm>
More information about the debian-security-tracker-commits
mailing list