[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 19 10:03:36 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5287fcaa by Moritz Muehlenhoff at 2025-03-19T11:03:16+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -133,7 +133,7 @@ CVE-2025-2449 (NI FlexLogger usiReg URI File Parsing Directory Traversal Remote
 CVE-2025-29930 (imFAQ is an advanced questions and answers management system for Impre ...)
 	NOT-FOR-US: ImpressCMS
 CVE-2025-29907 (jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, use ...)
-	TODO: check
+	- jspdf <itp> (bug #998381)
 CVE-2025-29790 (Contao is an Open Source CMS. Users can upload SVG files with maliciou ...)
 	NOT-FOR-US: Contao CMS
 CVE-2025-27688 (Dell ThinOS 2408 and prior, contains an improper permissions vulnerabi ...)
@@ -159,7 +159,7 @@ CVE-2025-25582 (yimioa before v2024.07.04 was discovered to contain a SQL inject
 CVE-2025-25580 (yimioa before v2024.07.04 was discovered to contain a SQL injection vu ...)
 	NOT-FOR-US: yimioa
 CVE-2025-25500 (An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capabi ...)
-	TODO: check
+	NOT-FOR-US: CosmWasm
 CVE-2025-25220 (Improper neutralization of special elements used in an OS command ('OS ...)
 	NOT-FOR-US: +F FS010M
 CVE-2025-25042 (A vulnerability in the AOS-CX REST interface could allow an authentica ...)
@@ -195,11 +195,11 @@ CVE-2024-44314 (TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerab
 CVE-2024-44313 (TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability  ...)
 	NOT-FOR-US: TastyIgniter
 CVE-2024-41975 (An unauthenticated remote attacker can gain limited information of the ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2024-23943 (An unauthenticated remote attacker can gain access to the cloud API du ...)
-	TODO: check
+	NOT-FOR-US: mbCONNECT24
 CVE-2024-23942 (A local user may find a configuration file on the client workstation w ...)
-	TODO: check
+	NOT-FOR-US: mbCONNECT24
 CVE-2024-21760 (An improper control of generation of code ('Code Injection') vulnerabi ...)
 	NOT-FOR-US: Fortinet
 CVE-2023-47539 (An improper access control vulnerability in FortiMail version 7.4.0 co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5287fcaa31a071a22d5da8bfe196ff710b6b9775

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5287fcaa31a071a22d5da8bfe196ff710b6b9775
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250319/7dec0647/attachment.htm>

More information about the debian-security-tracker-commits mailing list