[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 22 21:13:09 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
622a1cf0 by security tracker role at 2025-05-22T20:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,233 @@
-CVE-2025-4575 [OpenSSL: The x509 application adds trusted use instead of rejected use]
+CVE-2025-5081 (A vulnerability classified as critical was found in Campcodes Cybercaf ...)
+ TODO: check
+CVE-2025-5080 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
+ TODO: check
+CVE-2025-5079 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
+ TODO: check
+CVE-2025-5078 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
+ TODO: check
+CVE-2025-5077 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
+ TODO: check
+CVE-2025-5076 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...)
+ TODO: check
+CVE-2025-5075 (A vulnerability has been found in FreeFloat FTP Server 1.0 and classif ...)
+ TODO: check
+CVE-2025-5074 (A vulnerability, which was classified as critical, was found in FreeFl ...)
+ TODO: check
+CVE-2025-5073 (A vulnerability, which was classified as critical, has been found in F ...)
+ TODO: check
+CVE-2025-4979 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
+CVE-2025-4419 (The Hot Random Image plugin for WordPress is vulnerable to Path Traver ...)
+ TODO: check
+CVE-2025-4405 (The Hot Random Image plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-4366 (A request smuggling vulnerability identified within Pingora\u2019s pro ...)
+ TODO: check
+CVE-2025-4280 (MacOS version of Poedit bundles aPython interpreter that inherits the ...)
+ TODO: check
+CVE-2025-48369 (Group-Office is an enterprise customer relationship management and gro ...)
+ TODO: check
+CVE-2025-48368 (Group-Office is an enterprise customer relationship management and gro ...)
+ TODO: check
+CVE-2025-48366 (Group-Office is an enterprise customer relationship management and gro ...)
+ TODO: check
+CVE-2025-48075 (Fiber is an Express-inspired web framework written in Go. Starting in ...)
+ TODO: check
+CVE-2025-48066 (wire-webapp is the web application for the open-source messaging servi ...)
+ TODO: check
+CVE-2025-48061 (wire-webapp is the web application for the open-source messaging servi ...)
+ TODO: check
+CVE-2025-47780 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...)
+ TODO: check
+CVE-2025-47779 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...)
+ TODO: check
+CVE-2025-46716 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit ...)
+ TODO: check
+CVE-2025-46715 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit ...)
+ TODO: check
+CVE-2025-46714 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit ...)
+ TODO: check
+CVE-2025-46713 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit ...)
+ TODO: check
+CVE-2025-45472 (Insecure permissions in autodeploy-layer v1.2.0 allows attackers to es ...)
+ TODO: check
+CVE-2025-45471 (Insecure permissions in measure-cold-start v1.4.1 allows attackers to ...)
+ TODO: check
+CVE-2025-45468 (Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attack ...)
+ TODO: check
+CVE-2025-43596 (An insecure file system permissions vulnerability in MSP360 Backup 8.0 ...)
+ TODO: check
+CVE-2025-41403 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are vulnerab ...)
+ TODO: check
+CVE-2025-3945 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
+ TODO: check
+CVE-2025-3944 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
+CVE-2025-3943 (Use of GET Request Method With Sensitive Query Strings vulnerability i ...)
+ TODO: check
+CVE-2025-3942 (Improper Output Neutralization for Logs vulnerability in Tridium Niaga ...)
+ TODO: check
+CVE-2025-3941 (Improper Handling of Windows ::DATA Alternate Data Stream vulnerabilit ...)
+ TODO: check
+CVE-2025-3940 (Improper Use of Validation Framework vulnerability in Tridium Niagara ...)
+ TODO: check
+CVE-2025-3939 (Observable Response Discrepancy vulnerability in Tridium Niagara Frame ...)
+ TODO: check
+CVE-2025-3938 (Missing Cryptographic Step vulnerability in Tridium Niagara Framework ...)
+ TODO: check
+CVE-2025-3937 (Use of Password Hash With Insufficient Computational Effort vulnerabil ...)
+ TODO: check
+CVE-2025-3936 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
+CVE-2025-3836 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are vulnerab ...)
+ TODO: check
+CVE-2025-3444 (Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus vers ...)
+ TODO: check
+CVE-2025-3111 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-33138 (IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection ...)
+ TODO: check
+CVE-2025-33137 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated us ...)
+ TODO: check
+CVE-2025-33136 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated us ...)
+ TODO: check
+CVE-2025-32915 (Packages downloaded by Checkmk's automatic agent updates on Linux and ...)
+ TODO: check
+CVE-2025-32815 (An issue was discovered in Infoblox NETMRI before 7.6.1. Authenticatio ...)
+ TODO: check
+CVE-2025-32814 (An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticat ...)
+ TODO: check
+CVE-2025-32813 (An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauth ...)
+ TODO: check
+CVE-2025-30173 (File upload vulnerabilities are present in ASPECT if session administr ...)
+ TODO: check
+CVE-2025-30172 (Remote Code Execution vulnerabilities are present in ASPECT if session ...)
+ TODO: check
+CVE-2025-30171 (System File Deletion vulnerabilities in ASPECT provide attackers acces ...)
+ TODO: check
+CVE-2025-30170 (Exposure of file path, file size or file existence vulnerabilities in ...)
+ TODO: check
+CVE-2025-30169 (File upload and execute vulnerabilities in ASPECT allow PHP script inj ...)
+ TODO: check
+CVE-2025-2853 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
+CVE-2025-2506 (When pglogical attempts to replicate data, it does not verify it is us ...)
+ TODO: check
+CVE-2025-2410 (Port manipulation vulnerabilities in ASPECT provide attackers with the ...)
+ TODO: check
+CVE-2025-2409 (File corruption vulnerabilities in ASPECT provide attackers access to ...)
+ TODO: check
+CVE-2025-2272 (Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpo ...)
+ TODO: check
+CVE-2025-23183 (CWE-601: URL Redirection to Untrusted Site ('Open Redirect'))
+ TODO: check
+CVE-2025-23182 (CWE-203: Observable Discrepancy)
+ TODO: check
+CVE-2025-1110 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-0993 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
+CVE-2025-0679 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-0605 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2024-9639 (Remote Code Execution vulnerabilities are present in ASPECT if session ...)
+ TODO: check
+CVE-2024-9544 (The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-7487 (An improper authentication vulnerability exists in WSO2 Identity Serve ...)
+ TODO: check
+CVE-2024-7103 (A reflected cross-site scripting (XSS) vulnerability exists in the sub ...)
+ TODO: check
+CVE-2024-6914 (An incorrect authorization vulnerability exists in multiple WSO2 produ ...)
+ TODO: check
+CVE-2024-5962 (A reflected cross-site scripting (XSS) vulnerability exists in the aut ...)
+ TODO: check
+CVE-2024-54188 (Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authe ...)
+ TODO: check
+CVE-2024-52874 (In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL i ...)
+ TODO: check
+CVE-2024-51553 (Predictable filename vulnerabilities in ASPECT may expose sensitive in ...)
+ TODO: check
+CVE-2024-51552 (Weak password storage vulnerabilities exist in ASPECT if administrator ...)
+ TODO: check
+CVE-2024-48853 (An escalation of privilege vulnerability in ASPECT could provide an at ...)
+ TODO: check
+CVE-2024-48850 (Absolute File Traversal vulnerabilities in ASPECT allows access and mo ...)
+ TODO: check
+CVE-2024-48848 (Large content vulnerabilities are present in ASPECT exposing a device ...)
+ TODO: check
+CVE-2024-41199 (An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attac ...)
+ TODO: check
+CVE-2024-41198 (An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attacker ...)
+ TODO: check
+CVE-2024-41197 (An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attacke ...)
+ TODO: check
+CVE-2024-41196 (An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows att ...)
+ TODO: check
+CVE-2024-41195 (An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allow ...)
+ TODO: check
+CVE-2024-40462 (An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to e ...)
+ TODO: check
+CVE-2024-40461 (An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to e ...)
+ TODO: check
+CVE-2024-40460 (An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to e ...)
+ TODO: check
+CVE-2024-40459 (An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a loca ...)
+ TODO: check
+CVE-2024-40458 (An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local ...)
+ TODO: check
+CVE-2024-25010 (Ericsson RAN Compute and Site Controller 6610 contains in certain conf ...)
+ TODO: check
+CVE-2024-13958 (Stored Cross Site Scripting vulnerabilities exist in ASPECT if adminis ...)
+ TODO: check
+CVE-2024-13957 (SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if ad ...)
+ TODO: check
+CVE-2024-13956 (SSL Verification Bypass vulnerabilities exist in ASPECT if administrat ...)
+ TODO: check
+CVE-2024-13955 (2nd Order SQL injection vulnerabilities in ASPECT allow unintended acc ...)
+ TODO: check
+CVE-2024-13954 (Serialized configuration information may be disclosed during device co ...)
+ TODO: check
+CVE-2024-13953 (Sensitive device logger information in ASPECT may be exposed if admini ...)
+ TODO: check
+CVE-2024-13952 (Predictable filename vulnerabilities in ASPECT may expose sensitive in ...)
+ TODO: check
+CVE-2024-13951 (One way hash with predictable salt vulnerabilities in ASPECT may expos ...)
+ TODO: check
+CVE-2024-13950 (Log injection vulnerabilities in ASPECT provide attacker access to inj ...)
+ TODO: check
+CVE-2024-13949 (Large content vulnerabilities are present in ASPECT exposing a device ...)
+ TODO: check
+CVE-2024-13948 (Windows permissions for ASPECT configuration toolsets are not fully se ...)
+ TODO: check
+CVE-2024-13947 (Device commissioning parameters in ASPECT may be modified by an extern ...)
+ TODO: check
+CVE-2024-13946 (DLL's are not digitally signed when loaded in ASPECT's configuration t ...)
+ TODO: check
+CVE-2024-13931 (Relative Path Traversal vulnerabilities in ASPECT allow access to file ...)
+ TODO: check
+CVE-2024-13930 (An Unchecked Loop Condition in ASPECT provides an attacker the ability ...)
+ TODO: check
+CVE-2024-13929 (Servlet injection vulnerabilities in ASPECT allow remote code executio ...)
+ TODO: check
+CVE-2024-13928 (SQL injection vulnerabilities in ASPECT allow unintended access and ma ...)
+ TODO: check
+CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and application cras ...)
+ TODO: check
+CVE-2003-5004
+ REJECTED
+CVE-2025-4575 (Issue summary: Use of -addreject option with the openssl x509 applicat ...)
- openssl <unfixed> (bug #1106322)
[bookworm] - openssl <not-affected> (Only affects 3.5.x)
[bullseye] - openssl <not-affected> (Only affects 3.5.x)
NOTE: https://openssl-library.org/news/secadv/20250522.txt
NOTE: https://github.com/openssl/openssl/commit/0eb9acc24febb1f3f01f0320cfba9654cf66b0ac (master)
NOTE: https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa (openssl-3.5)
-CVE-2025-5024 [gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs]
+CVE-2025-5024 (A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop li ...)
- gnome-remote-desktop <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2367717
CVE-2025-5062 (The WooCommerce plugin for WordPress is vulnerable to PostMessage-Base ...)
@@ -2437,7 +2659,7 @@ CVE-2025-4476 (A denial-of-service vulnerability has been identified in the libs
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2366513
TODO: check if affects as well libsoup2.4
-CVE-2025-4123
+CVE-2025-4123 (A cross-site scripting (XSS) vulnerability exists in Grafana caused by ...)
- grafana <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2364632
CVE-2025-4762 (Insecure Direct Object Reference (IDOR) vulnerability in the eSignaVie ...)
@@ -6823,7 +7045,7 @@ CVE-2024-13860 (The Buddyboss Platform plugin for WordPress is vulnerable to Sto
NOT-FOR-US: WordPress plugin
CVE-2024-13859 (The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cr ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-13858 (The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cr ...)
+CVE-2024-13858 (The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13420 (Multiple plugins and/or themes for WordPress are vulnerable to unautho ...)
NOT-FOR-US: WordPress plugin
@@ -36421,7 +36643,7 @@ CVE-2024-56470 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 is vulnerable to serv
NOT-FOR-US: IBM
CVE-2024-54853 (A Stored Cross-Site Scripting (XSS) vulnerability was identified affec ...)
NOT-FOR-US: Skybox Change Manager
-CVE-2024-51547 (Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ...)
+CVE-2024-51547 (Credentials/keys may be disclosed in ASPECT exposing sensitive informa ...)
NOT-FOR-US: ABB
CVE-2024-51450 (IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remo ...)
NOT-FOR-US: IBM
@@ -379391,7 +379613,7 @@ CVE-2020-27254 (Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, X
NOT-FOR-US: Emerson
CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...)
NOT-FOR-US: FactoryTalk
-CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race ...)
+CVE-2020-27252 (Medtronic MyCareLink Smart 25000 is vulnerable to a race condition i ...)
NOT-FOR-US: Medtronic MyCareLink Smart 25000
CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
NOT-FOR-US: FactoryTalk
@@ -384566,7 +384788,7 @@ CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer o
NOT-FOR-US: Paradox IP150
CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
NOT-FOR-US: LAquis SCADA
-CVE-2020-25187 (Medtronic MyCareLink Smart 25000 all versions are vulnerable when an a ...)
+CVE-2020-25187 (Medtronic MyCareLink Smart 25000 is vulnerable when an authenticated ...)
NOT-FOR-US: Medtronic MyCareLink Smart 25000
CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
NOT-FOR-US: LeviStudioU Release
@@ -384574,7 +384796,7 @@ CVE-2020-25185 (The affected product is vulnerable to five post-authentication b
NOT-FOR-US: Paradox IP150
CVE-2020-25184 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the pa ...)
NOT-FOR-US: Rockwell Automation
-CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an authenticatio ...)
+CVE-2020-25183 (Medtronic MyCareLink Smart 25000 contains an authentication protocol ...)
NOT-FOR-US: Medtronic MyCareLink Smart 25000
CVE-2020-25182 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for ...)
NOT-FOR-US: Rockwell Automation
@@ -474152,7 +474374,7 @@ CVE-2019-10966 (In GE Aestiva and Aespire versions 7100 and 7900, a vulnerabilit
NOT-FOR-US: GE Aestiva and Aespire
CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based b ...)
NOT-FOR-US: Emerson
-CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, ...)
+CVE-2019-10964 (Medtronic MiniMed Insulin Pumps are designed to communicate using a ...)
NOT-FOR-US: Medtronic
CVE-2019-10963 (Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated at ...)
NOT-FOR-US: Moxa
@@ -506845,7 +507067,7 @@ CVE-2018-18986 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening
NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.1 ...)
NOT-FOR-US: Tridium Niagara Enterprise
-CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Enco ...)
+CVE-2018-18984 (Medtronic CareLink and Encore Programmers do not encrypt or do not s ...)
NOT-FOR-US: Medtronic
CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program reading the ...)
NOT-FOR-US: VT-Designer
@@ -517780,7 +518002,7 @@ CVE-2018-14783 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with
NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14782 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
-CVE-2018-14781 (Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL- ...)
+CVE-2018-14781 (Medtronic MiniMed MMT devices when paired with a remote controller a ...)
NOT-FOR-US: Medtronic
CVE-2018-14780 (An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 sma ...)
- yubico-piv-tool 1.6.1-1 (low; bug #906128)
@@ -529437,7 +529659,7 @@ CVE-2018-10636 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00
NOT-FOR-US: CNCSoft
CVE-2018-10635 (In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5 ...)
NOT-FOR-US: Universal Robots
-CVE-2018-10634 (Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL- ...)
+CVE-2018-10634 (Communications between Medtronic MiniMed MMT pumps and wireless access ...)
NOT-FOR-US: Medtronic
CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-10 ...)
NOT-FOR-US: Universal Robots
@@ -529453,7 +529675,7 @@ CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017
NOT-FOR-US: AVEVA
CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
NOT-FOR-US: Echelon
-CVE-2018-10626 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
+CVE-2018-10626 (Medtronic MyCareLink Patient Monitor\u2019s update service does not su ...)
NOT-FOR-US: Medtronic
CVE-2018-10625
RESERVED
@@ -529461,7 +529683,7 @@ CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BC
NOT-FOR-US: Johnson Controls Metasys System
CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
-CVE-2018-10622 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
+CVE-2018-10622 (Medtronic MyCareLink Patient Monitor uses per-product credentials that ...)
NOT-FOR-US: Medtronic
CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
@@ -529513,7 +529735,7 @@ CVE-2018-10598 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00
NOT-FOR-US: CNCSoft
CVE-2018-10597 (IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70 ...)
NOT-FOR-US: Philips
-CVE-2018-10596 (Medtronic 2090 CareLink Programmer all versions The affected product u ...)
+CVE-2018-10596 (Medtronic 2090 CareLink Programmer uses a virtual private network co ...)
NOT-FOR-US: Medtronic
CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows an author ...)
NOT-FOR-US: BD Kiestra and InoqulA systems
@@ -533887,11 +534109,11 @@ CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware vers
NOT-FOR-US: Schneider
CVE-2018-8871 (In Delta Electronics Automation TPEditor version 1.89 or prior, parsin ...)
NOT-FOR-US: Delta Electronics Automation TPEditor
-CVE-2018-8870 (Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all ve ...)
+CVE-2018-8870 (Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contai ...)
NOT-FOR-US: Medtronic
CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for a ...)
NOT-FOR-US: Lantech
-CVE-2018-8868 (Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all ve ...)
+CVE-2018-8868 (Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contai ...)
NOT-FOR-US: Medtronic
CVE-2018-8867 (In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 v ...)
NOT-FOR-US: GE PACSystems
@@ -544161,11 +544383,11 @@ CVE-2018-5450
RESERVED
CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-H ...)
NOT-FOR-US: Moxa
-CVE-2018-5448 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
+CVE-2018-5448 (Medtronic 2090 CareLink Programmer\u2019s software deployment network ...)
NOT-FOR-US: Medtronic
CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 rel ...)
NOT-FOR-US: Nari PCS-9611 relay
-CVE-2018-5446 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
+CVE-2018-5446 (Medtronic 2090 CareLink Programmer uses a per-product username and p ...)
NOT-FOR-US: Medtronic
CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ver ...)
NOT-FOR-US: Advantech WebAccess/SCADA
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/622a1cf0c864cf5c65a3f517d1508d0930f40be8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/622a1cf0c864cf5c65a3f517d1508d0930f40be8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250522/bce86c15/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list