[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 13 21:14:03 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e49d9b27 by security tracker role at 2025-05-13T20:13:57+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,9 +11,9 @@ CVE-2025-4647 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2025-4646 (Improper Privilege Management vulnerability in Centreon web (API Token ...)
TODO: check
CVE-2025-4428 (Remote Code Execution in API component in Ivanti Endpoint Manager Mobi ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-4427 (An authentication bypass in the API component of Ivanti Endpoint Manag ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-47280 (Umbraco Forms is a form builder that integrates with the Umbraco conte ...)
TODO: check
CVE-2025-47278 (Flask is a web server gateway interface (WSGI) web application framewo ...)
@@ -49,67 +49,67 @@ CVE-2025-44831 (EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerabili
CVE-2025-44039 (CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to c ...)
TODO: check
CVE-2025-43557 (Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43556 (Animate versions 24.0.8, 23.0.11 and earlier are affected by an Intege ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43555 (Animate versions 24.0.8, 23.0.11 and earlier are affected by an Intege ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43547 (Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43546 (Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43545 (Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-41645 (An unauthenticated remote attacker could use a demo account of the por ...)
TODO: check
CVE-2025-40628 (SQL injection vulnerability in DomainsPRO 1.2. This vulnerability coul ...)
TODO: check
CVE-2025-40583 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40582 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40581 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40580 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40579 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40578 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40577 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40576 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40575 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40574 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40573 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40572 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40571 (A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 comp ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40566 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40556 (A vulnerability has been identified in BACnet ATEC 550-440 (All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40555 (A vulnerability has been identified in APOGEE PXC+TALON TC Series (BAC ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-3916 (CWE-121: Stack-based Buffer Overflowvulnerability existsthat could cau ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-3757 (Versions of OpenPubkey library prior to 0.10.0 contained a vulnerabil ...)
TODO: check
CVE-2025-3744 (Nomad Enterprise (\u201cNomad\u201d) jobs using the policy override op ...)
TODO: check
CVE-2025-33025 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-33024 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32917 (Privilege escalation in jar_signature agent plugin in Checkmk versions ...)
TODO: check
CVE-2025-32756 (A stack-based buffer overflow vulnerability [CWE-121] in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-32709 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
TODO: check
CVE-2025-32707 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
@@ -127,13 +127,13 @@ CVE-2025-32702 (Improper neutralization of special elements used in a command ('
CVE-2025-32701 (Use after free in Windows Common Log File System Driver allows an auth ...)
TODO: check
CVE-2025-32469 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-32454 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31930 (A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31929 (A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-31493 (Kirby is an open-source content management system. A vulnerability in ...)
TODO: check
CVE-2025-30400 (Use after free in Windows DWM allows an authorized attacker to elevate ...)
@@ -171,35 +171,35 @@ CVE-2025-30376 (Heap-based buffer overflow in Microsoft Office Excel allows an u
CVE-2025-30375 (Access of resource using incompatible type ('type confusion') in Micro ...)
TODO: check
CVE-2025-30330 (Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30329 (Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Po ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30328 (Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30326 (Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30325 (Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30324 (Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30322 (Substance3D - Painter versions 11.0 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30320 (InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30319 (InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30318 (InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30310 (Dreamweaver Desktop versions 21.4 and earlier are affected by an Acces ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30207 (Kirby is an open-source content management system. A vulnerability in ...)
TODO: check
CVE-2025-30176 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30175 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30174 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-30159 (Kirby is an open-source content management system. A vulnerability in ...)
TODO: check
CVE-2025-29979 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
@@ -277,7 +277,7 @@ CVE-2025-29830 (Use of uninitialized resource in Windows Routing and Remote Acce
CVE-2025-29829 (Use of uninitialized resource in Windows Trusted Runtime Interface Dri ...)
TODO: check
CVE-2025-29826 (Improper handling of insufficient permissions or privileges in Microso ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-28057 (owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin- ...)
TODO: check
CVE-2025-28056 (rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /ad ...)
@@ -291,7 +291,7 @@ CVE-2025-27488 (Use of hard-coded credentials in Windows Hardware Lab Kit allows
CVE-2025-27468 (Improper privilege management in Windows Secure Kernel Mode allows an ...)
TODO: check
CVE-2025-27197 (Lightroom Desktop versions 8.2 and earlier are affected by an out-of-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-26685 (Improper authentication in Microsoft Defender for Identity allows an u ...)
TODO: check
CVE-2025-26684 (External control of file name or path in Microsoft Defender for Endpoi ...)
@@ -299,25 +299,25 @@ CVE-2025-26684 (External control of file name or path in Microsoft Defender for
CVE-2025-26677 (Uncontrolled resource consumption in Remote Desktop Gateway Service al ...)
TODO: check
CVE-2025-26390 (A vulnerability has been identified in OZW672 (All versions < V6.0), O ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-26389 (A vulnerability has been identified in OZW672 (All versions < V8.0), O ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-24510 (A vulnerability has been identified in MS/TP Point Pickup Module (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-24063 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
TODO: check
CVE-2025-24009 (A vulnerability has been identified in SIRIUS 3RK3 Modular Safety Syst ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-24008 (A vulnerability has been identified in SIRIUS 3RK3 Modular Safety Syst ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-24007 (A vulnerability has been identified in SIRIUS 3RK3 Modular Safety Syst ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-22859 (ARelative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-22462 (An authentication bypass in Ivanti Neurons for ITSM (on-prem only) bef ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22460 (Default credentials in Ivanti Cloud Services Application before versio ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22248 (The bitnami/pgpoolDocker image, and the bitnami/postgres-hak8s chart, ...)
TODO: check
CVE-2025-21264 (Files or directories accessible to external parties in Visual Studio C ...)
@@ -325,23 +325,23 @@ CVE-2025-21264 (Files or directories accessible to external parties in Visual St
CVE-2025-0035 (Unquoted search path within AMD Cloud Manageability Service can allow ...)
TODO: check
CVE-2024-6364 (A vulnerability in Absolute Persistence\xae versions before 2.8 exists ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2024-56526 (An issue was discovered in OXID eShop before 7. CMS pages in combinati ...)
TODO: check
CVE-2024-51447 (A vulnerability has been identified in Polarion V2310 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-51446 (A vulnerability has been identified in Polarion V2310 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-51445 (A vulnerability has been identified in Polarion V2310 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-51444 (A vulnerability has been identified in Polarion V2310 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-48766 (NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading ...)
TODO: check
CVE-2024-46506 (NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated ...)
TODO: check
CVE-2024-42446 (APTIOV contains a vulnerability in BIOS where an attacker may cause a ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2024-36340 (A junction point vulnerability within AMD uProf can allow a local low ...)
TODO: check
CVE-2024-36339 (A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries coul ...)
@@ -349,9 +349,9 @@ CVE-2024-36339 (A DLL hijacking vulnerability in the AMD Optimizing CPU Librarie
CVE-2024-36321 (Unquoted search path within AIM-T Manageability Service can allow a lo ...)
TODO: check
CVE-2024-35281 (An improper isolation or compartmentalization vulnerability [CWE-653] ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-23815 (A vulnerability has been identified in Desigo CC (All versions if acce ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-21960 (Incorrect default permissions in the AMD Optimizing CPU Libraries (AOC ...)
TODO: check
CVE-2024-12533 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
@@ -418,7 +418,7 @@ CVE-2025-42999 (SAP NetWeaver Visual Composer Metadata Uploader is vulnerable wh
CVE-2025-42997 (Under certain conditions, SAP Gateway Client allows a high-privileged ...)
NOT-FOR-US: SAP
CVE-2025-3659 (Improper authentication handling was identified in a set of HTTP POST ...)
- TODO: check
+ NOT-FOR-US: Digi
CVE-2025-3107 (The Newsletters plugin for WordPress is vulnerable to time-based SQL I ...)
NOT-FOR-US: WordPress plugin
CVE-2025-35471 (conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsof ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d9b27f4a2f88146a7ff55b5e4d5290fcbc7d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d9b27f4a2f88146a7ff55b5e4d5290fcbc7d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250513/61d2c2de/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list