[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 20 21:13:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de5791c8 by security tracker role at 2025-05-20T20:13:10+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,29 +3,29 @@ CVE-2025-4997 (A vulnerability, which was classified as problematic, was found i
CVE-2025-4996 (A vulnerability, which was classified as problematic, has been found i ...)
TODO: check
CVE-2025-4980 (A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4978 (A vulnerability, which was classified as very critical, was found in N ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4977 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-4951 (Editions of Rapid7 AppSpider Pro before version7.5.018 is vulnerable t ...)
TODO: check
CVE-2025-4364 (The affected products could allow an unauthenticated attacker to acces ...)
TODO: check
CVE-2025-48391 (In JetBrains YouTrack before 2025.1.76253 deletion of issues was possi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-48056 (Hubble is a fully distributed networking and security observability pl ...)
TODO: check
CVE-2025-48018 (An authenticated user can modify application state data.)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
CVE-2025-48017 (Improper limitation of pathname in Circuit Provisioning and File Impor ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
CVE-2025-48016 (OpenFlow discovery protocol can exhaust resources because it is not ra ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
CVE-2025-48015 (Failed login response could be different depending on whether the user ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
CVE-2025-48014 (Password guessing limits could be bypassed when using LDAP authenticat ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
CVE-2025-47941 (TYPO3 is an open source, PHP based web content management system. In v ...)
TODO: check
CVE-2025-47940 (TYPO3 is an open source, PHP based web content management system. Star ...)
@@ -39,15 +39,15 @@ CVE-2025-47937 (TYPO3 is an open source, PHP based web content management system
CVE-2025-47936 (TYPO3 is an open source, PHP based web content management system. In v ...)
TODO: check
CVE-2025-47854 (In JetBrains TeamCity before 2025.03.2 open redirect was possible on e ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-47853 (In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-47852 (In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integra ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-47851 (In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks We ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-47850 (In JetBrains YouTrack before 2025.1.74704 restricted attachments could ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-47290 (containerd is a container runtime. A time-of-check to time-of-use (TOC ...)
TODO: check
CVE-2025-47277 (vLLM, an inference and serving engine for large language models (LLMs) ...)
@@ -65,7 +65,7 @@ CVE-2025-44890 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack ov
CVE-2025-44885 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
TODO: check
CVE-2025-44084 (D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attac ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-41231 (VMware Cloud Foundationcontains a missing authorisation vulnerability. ...)
TODO: check
CVE-2025-41230 (VMware Cloud Foundationcontains an information disclosure vulnerabilit ...)
@@ -83,7 +83,7 @@ CVE-2025-41225 (The vCenter Server contains an authenticated command-execution v
CVE-2025-40635 (SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrato ...)
TODO: check
CVE-2025-40634 (Stack-based buffer overflow vulnerability in the 'conn-indicator' bina ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-40633 (A Stored Cross-Site Scripting (XSS) vulnerability has been found in K ...)
TODO: check
CVE-2025-30193 (In some circumstances, when DNSdist is configured to allow an unlimite ...)
@@ -91,13 +91,13 @@ CVE-2025-30193 (In some circumstances, when DNSdist is configured to allow an un
CVE-2025-26086 (An unauthenticated blind SQL injection vulnerability exists in RSI Que ...)
TODO: check
CVE-2025-22157 (This High severity PrivEsc (Privilege Escalation) vulnerability was in ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2024-53359 (An issue in Zalo v23.09.01 allows attackers to obtain sensitive user i ...)
TODO: check
CVE-2024-45641 (IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauth ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-33861 (IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a truste ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-37991 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.29-1
NOTE: https://git.kernel.org/linus/de3629baf5a33af1919dec7136d643b0662e85ef (6.15-rc5)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de5791c8008579710856f0ce62257b4f80604279
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de5791c8008579710856f0ce62257b4f80604279
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/4ac989dc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list