[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu May 22 16:19:41 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8268298 by Moritz Muehlenhoff at 2025-05-22T17:17:27+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2025-3882 (eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection R
 CVE-2025-3881 (eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Co ...)
 	NOT-FOR-US: eCharge Hardy Barth cPH2
 CVE-2025-3486 (Allegra isZipEntryValide Directory Traversal Remote Code Execution Vul ...)
-	TODO: check
+	NOT-FOR-US: Allegra
 CVE-2025-3484 (MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Re ...)
 	NOT-FOR-US: MedDream PACS Server
 CVE-2025-3483 (MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Re ...)
@@ -97,15 +97,15 @@ CVE-2025-4105 (The Splitit plugin for WordPress is vulnerable to unauthorized mo
 CVE-2025-4008 (The Meteobridge web interface let meteobridge administrator manage the ...)
 	TODO: check
 CVE-2025-48417 (The certificate and private key used for providing transport layer sec ...)
-	TODO: check
+	NOT-FOR-US: eCharge Hardy Barth charging stations
 CVE-2025-48416 (An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry  ...)
-	TODO: check
+	NOT-FOR-US: eCharge Hardy Barth charging stations
 CVE-2025-48415 (A USB backdoor feature can be triggered by attaching a USB drive that  ...)
-	TODO: check
+	NOT-FOR-US: eCharge Hardy Barth charging stations
 CVE-2025-48414 (There are several scripts in the web interface that are accessible via ...)
-	TODO: check
+	NOT-FOR-US: eCharge Hardy Barth charging stations
 CVE-2025-48413 (The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password h ...)
-	TODO: check
+	NOT-FOR-US: eCharge Hardy Barth charging stations
 CVE-2025-48207 (The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Ins ...)
 	NOT-FOR-US: TYPO3 extension
 CVE-2025-48206 (The ns_backup extension through 13.0.0 for TYPO3 allows XSS.)
@@ -123,7 +123,7 @@ CVE-2025-48201 (The ns_backup extension through 13.0.0 for TYPO3 has a Predictab
 CVE-2025-48200 (The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remot ...)
 	NOT-FOR-US: TYPO3 extension
 CVE-2025-48069 (ejson2env allows users to decrypt EJSON secrets and export them as env ...)
-	TODO: check
+	NOT-FOR-US: ejson2env
 CVE-2025-48064 (GitHub Desktop is an open-source, Electron-based GitHub app designed f ...)
 	NOT-FOR-US: GitHub Desktop
 CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required rights we ...)
@@ -143,9 +143,9 @@ CVE-2025-47291 (containerd is an open-source container runtime. A bug was found
 	- containerd <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff
 CVE-2025-46822 (OsamaTaher/Java-springboot-codebase is a collection of Java and Spring ...)
-	TODO: check
+	NOT-FOR-US: OsamaTaher/Java-springboot-codebase
 CVE-2025-46412 (Affected Vertiv products do not properly protect webserver functions t ...)
-	TODO: check
+	NOT-FOR-US: Vertiv
 CVE-2025-45755 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM ...)
 	NOT-FOR-US: Vtiger CRM
 CVE-2025-45754 (A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6. ...)
@@ -159,7 +159,7 @@ CVE-2025-44892 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack ov
 CVE-2025-44083 (An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypa ...)
 	NOT-FOR-US: D-Link
 CVE-2025-41426 (Affected Vertiv products contain a stack based buffer overflow vulnera ...)
-	TODO: check
+	NOT-FOR-US: Vertiv
 CVE-2025-41232 (Spring Security Aspects may not correctly locate method security annot ...)
 	- libspring-security-2.0-java <removed>
 CVE-2025-3781 (The Raisely Donation Form plugin for WordPress is vulnerable to Stored ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8268298e7352e173d49cac89d7b2682f90bcda3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8268298e7352e173d49cac89d7b2682f90bcda3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250522/62786e79/attachment.htm>

More information about the debian-security-tracker-commits mailing list