[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 12 21:13:56 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54806e86 by security tracker role at 2025-06-12T20:13:49+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-6031 (Amazon Cloud Cam is a home security camera that was deprecated on Dece ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-6021 (A flaw was found in libxml2's xmlBuildQName function, where integer ov ...)
TODO: check
CVE-2025-6003 (The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5996 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
TODO: check
CVE-2025-5982 (An issue has been discovered in GitLab EE affecting all versions from ...)
@@ -33,55 +33,55 @@ CVE-2025-49576 (Citizen is a MediaWiki skin that makes extensions part of the co
CVE-2025-49575 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
TODO: check
CVE-2025-49467 (A SQL injection vulnerability in JEvents component before 3.6.88 and 3 ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-49200 (The created backup files are unencrypted, making the application vulne ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49199 (The backup ZIPs are not signed by the application, leading to the poss ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49198 (The Media Server\u2019s authorization tokens have a poor quality of ra ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49197 (The application uses a weak password hash function, allowing an attack ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49196 (A service supports the use of a deprecated and unsafe TLS version. Thi ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49195 (The FTP server\u2019s login mechanism does not restrict authentication ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49194 (The server supports authentication methods in which credentials are se ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49193 (The application fails to implement several security headers. These hea ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49192 (The web application is vulnerable to clickjacking attacks. The site ca ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49191 (Linked URLs during the creation of iFrame widgets and dashboards are v ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49190 (The application is vulnerable to Server-Side Request Forgery (SSRF). A ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49189 (The HttpOnlyflag of the session cookie \"@@\" is set to false. Since t ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49188 (The application sends user credentials as URL parameters instead of PO ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49187 (For failed login attempts, the application returns different error mes ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49186 (The product does not implement sufficient measures to prevent multiple ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49185 (The web application is susceptible to cross-site-scripting attacks. An ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49184 (A remote unauthorized attacker may gather sensitive information of the ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49183 (All communication with the REST API is unencrypted (HTTP), allowing an ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49182 (Files in the source code contain login credentials for the admin user ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49181 (Due to missing authorization of an API endpoint, unauthorized users ca ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49081 (There is an insufficient input validation vulnerability in the warehou ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2025-49080 (There is a memory management vulnerability in Absolute Secure Access s ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2025-48699
REJECTED
CVE-2025-46035 (Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-44019 (AVEVA PI Data Archive products are vulnerable to an uncaught exception ...)
TODO: check
CVE-2025-43866 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
@@ -89,9 +89,9 @@ CVE-2025-43866 (vantage6 is an open-source infrastructure for privacy preserving
CVE-2025-43863 (vantage6 is an open source framework built to enable, manage and deplo ...)
TODO: check
CVE-2025-40592 (A vulnerability has been identified in Mendix Studio Pro 10 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-36573 (Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an In ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36539 (AVEVA PI Data Archive products are vulnerable to an uncaught exceptio ...)
TODO: check
CVE-2025-2745 (A cross-site scripting vulnerability exists in AVEVAPI Web API version ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54806e867c28a502f3bab72a4bc6440723318861
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54806e867c28a502f3bab72a4bc6440723318861
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/51a55cda/attachment.htm>
More information about the debian-security-tracker-commits
mailing list