[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 13 22:54:59 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8d13288 by Moritz Muehlenhoff at 2025-05-13T23:54:39+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,11 +23,11 @@ CVE-2025-47278 (Flask is a web server gateway interface (WSGI) web application f
 	NOTE: https://github.com/pallets/flask/security/advisories/GHSA-4grg-w6v8-c28g
 	NOTE: Fixed by: https://github.com/pallets/flask/commit/73d6504063bfa00666a92b07a28aaf906c532f09 (3.1.1)
 CVE-2025-47276 (Actualizer is a single shell script solution to allow developers and e ...)
-	TODO: check
+	NOT-FOR-US: Actualizer
 CVE-2025-47204 (An issue was discovered in post.php in bootstrap-multiselect (aka Boot ...)
-	TODO: check
+	NOT-FOR-US: bootstrap-multiselect
 CVE-2025-46721 (nosurf is cross-site request forgery (CSRF) protection middleware for  ...)
-	TODO: check
+	NOT-FOR-US: nosurf
 CVE-2025-45867 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buff ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-45866 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buff ...)
@@ -65,7 +65,7 @@ CVE-2025-43546 (Bridge versions 15.0.3, 14.1.6 and earlier are affected by an In
 CVE-2025-43545 (Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access o ...)
 	NOT-FOR-US: Adobe
 CVE-2025-41645 (An unauthenticated remote attacker could use a demo account of the por ...)
-	TODO: check
+	NOT-FOR-US: www.sunnyportal.com
 CVE-2025-40628 (SQL injection vulnerability in DomainsPRO 1.2. This vulnerability coul ...)
 	NOT-FOR-US: DomainsPRO
 CVE-2025-40583 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
@@ -103,33 +103,33 @@ CVE-2025-40555 (A vulnerability has been identified in APOGEE PXC+TALON TC Serie
 CVE-2025-3916 (CWE-121: Stack-based Buffer Overflowvulnerability existsthat could cau ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2025-3757 (Versions of OpenPubkey library prior to 0.10.0  contained a vulnerabil ...)
-	TODO: check
+	TODO: seems like a dupe of CVE-2025-4658
 CVE-2025-3744 (Nomad Enterprise (\u201cNomad\u201d) jobs using the policy override op ...)
-	TODO: check
+	- nomad <not-affected> (Specific to Nomad Enterprise)
 CVE-2025-33025 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
 	NOT-FOR-US: Siemens
 CVE-2025-33024 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
 	NOT-FOR-US: Siemens
 CVE-2025-32917 (Privilege escalation in jar_signature agent plugin in Checkmk versions ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2025-32756 (A stack-based buffer overflow vulnerability [CWE-121] in Fortinet Fort ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-32709 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32707 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32706 (Improper input validation in Windows Common Log File System Driver all ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32705 (Out-of-bounds read in Microsoft Office Outlook allows an unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32704 (Buffer over-read in Microsoft Office Excel allows an unauthorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32703 (Insufficient granularity of access control in Visual Studio allows an  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32702 (Improper neutralization of special elements used in a command ('comman ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32701 (Use after free in Windows Common Log File System Driver allows an auth ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-32469 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
 	NOT-FOR-US: Siemens
 CVE-2025-32454 (A vulnerability has been identified in Teamcenter Visualization V14.3  ...)
@@ -151,7 +151,7 @@ CVE-2025-30393 (Use after free in Microsoft Office Excel allows an unauthorized
 CVE-2025-30388 (Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthor ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-30387 (Improper limitation of a pathname to a restricted directory ('path tra ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-30386 (Use after free in Microsoft Office allows an unauthorized attacker to  ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-30385 (Use after free in Windows Common Log File System Driver allows an auth ...)
@@ -257,29 +257,29 @@ CVE-2025-29954 (Uncontrolled resource consumption in Windows LDAP - Lightweight
 CVE-2025-29842 (Acceptance of extraneous untrusted data with trusted data in UrlMon al ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-29841 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29840 (Stack-based buffer overflow in Windows Media allows an unauthorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29839 (Out-of-bounds read in Windows File Server allows an unauthorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29838 (Null pointer dereference in Windows Drivers allows an unauthorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29837 (Improper link resolution before file access ('link following') in Wind ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29836 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29835 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29833 (Time-of-check time-of-use (toctou) race condition in Windows Virtual M ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29832 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29831 (Use after free in Remote Desktop Gateway Service allows an unauthorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29830 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29829 (Use of uninitialized resource in Windows Trusted Runtime Interface Dri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-29826 (Improper handling of insufficient permissions or privileges in Microso ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-28057 (owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d132883d3f17bcdc19d767eb33ea0f91f670ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d132883d3f17bcdc19d767eb33ea0f91f670ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250513/e1a21502/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list