[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 10 21:27:54 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c7be63e by Salvatore Bonaccorso at 2025-06-10T22:27:31+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-5970 (A vulnerability was found in PHPGurukul Restaurant Table Booking
CVE-2025-5969 (A vulnerability has been found in D-Link DIR-632 FW103B08 and classifi ...)
NOT-FOR-US: D-Link
CVE-2025-5943 (MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerab ...)
- TODO: check
+ NOT-FOR-US: MicroDicom DICOM Viewer
CVE-2025-5743 (CWE-78: I Improper Neutralization of Special Elements used in an OS Co ...)
NOT-FOR-US: Schneider Electric
CVE-2025-5742 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...)
@@ -35,9 +35,9 @@ CVE-2025-4801
CVE-2025-4774 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4681 (Improper Privilege Management vulnerability in upKeeper Solutions upKe ...)
- TODO: check
+ NOT-FOR-US: upKeeper
CVE-2025-4680 (Improper Input Validation vulnerability in upKeeper Solutions upKeeper ...)
- TODO: check
+ NOT-FOR-US: upKeeper
CVE-2025-4678 (Improper Neutralization of Special Elements in the chromium_path varia ...)
NOT-FOR-US: Pandora FMS
CVE-2025-4653 (Improper Neutralization of Special Elements in the backup name field m ...)
@@ -51,15 +51,15 @@ CVE-2025-49510 (Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min
CVE-2025-49509 (Missing Authorization vulnerability in Roland Beaussant Audio Editor & ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49507 (Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49455 (Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49454 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49143 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2025-49142 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2025-48937 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
TODO: check
CVE-2025-48879 (OctoPrint versions up until and including 1.11.1 contain a vulnerabili ...)
@@ -67,53 +67,53 @@ CVE-2025-48879 (OctoPrint versions up until and including 1.11.1 contain a vulne
CVE-2025-48067 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
TODO: check
CVE-2025-47977 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47969 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47968 (Improper input validation in Microsoft AutoUpdate (MAU) allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47962 (Improper access control in Windows SDK allows an authorized attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47957 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47956 (External control of file name or path in Windows Security App allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47955 (Improper privilege management in Windows Remote Access Connection Mana ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47953 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47176 ('.../...//' in Microsoft Office Outlook allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47175 (Use after free in Microsoft Office PowerPoint allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47174 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47173 (Improper input validation in Microsoft Office allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47172 (Improper neutralization of special elements used in an sql command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47171 (Improper input validation in Microsoft Office Outlook allows an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47170 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47169 (Heap-based buffer overflow in Microsoft Office Word allows an unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47168 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47167 (Access of resource using incompatible type ('type confusion') in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47166 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47165 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47164 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47163 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47162 (Heap-based buffer overflow in Microsoft Office allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47160 (Protection mechanism failure in Windows Shell allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47112 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
NOT-FOR-US: Adobe
CVE-2025-47111 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
@@ -131,21 +131,21 @@ CVE-2025-47105 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affec
CVE-2025-47104 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
NOT-FOR-US: Adobe
CVE-2025-46612 (The Panel Designer dashboard in Airleader Master and Easy before 6.36 ...)
- TODO: check
+ NOT-FOR-US: Airleader Master and Easy
CVE-2025-44044 (Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity ...)
- TODO: check
+ NOT-FOR-US: Keyoti SearchUnit
CVE-2025-44043 (Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request ...)
- TODO: check
+ NOT-FOR-US: Keyoti SearchUnit
CVE-2025-43701 (Improper Preservation of Permissions vulnerability in Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43700 (Improper Preservation of Permissions vulnerability in Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43699 (Improper Preservation of Permissions vulnerability in Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43698 (Improper Preservation of Permissions vulnerability in Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43697 (Improper Preservation of Permissions vulnerability in Salesforce OmniS ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2025-43593 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
NOT-FOR-US: Adobe
CVE-2025-43590 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
@@ -181,23 +181,23 @@ CVE-2025-43550 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521
CVE-2025-41657 (Due to an undocumented active bluetooth stack on products delivered wi ...)
TODO: check
CVE-2025-40662 (Absolute path disclosure vulnerability in DM Corporative CMS. This vul ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40661 (An Insecure Direct Object Reference (IDOR) vulnerability has been foun ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40660 (An Insecure Direct Object Reference (IDOR) vulnerability has been foun ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40659 (An Insecure Direct Object Reference (IDOR) vulnerability has been foun ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40658 (An Insecure Direct Object Reference (IDOR) vulnerability has been foun ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40657 (A SQL injection vulnerability has been found in DM Corporative CMS. Th ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40656 (A SQL injection vulnerability has been found in DM Corporative CMS. Th ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40655 (A SQL injection vulnerability has been found in DM Corporative CMS. Th ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40654 (A SQL injection vulnerability has been found in DM Corporative CMS. Th ...)
- TODO: check
+ NOT-FOR-US: DM Corporative CMS
CVE-2025-40591 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
NOT-FOR-US: Siemens
CVE-2025-40585 (A vulnerability has been identified in Energy Services (All versions w ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7be63e96dcd00cf91138edb3699367ec9248a4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7be63e96dcd00cf91138edb3699367ec9248a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250610/56382290/attachment.htm>
More information about the debian-security-tracker-commits
mailing list