[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 22 21:14:47 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7656a6e8 by security tracker role at 2025-05-22T20:14:41+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2025-5081 (A vulnerability classified as critical was found in Campcodes Cybercaf ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5080 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5079 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5078 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5077 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5076 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...)
TODO: check
CVE-2025-5075 (A vulnerability has been found in FreeFloat FTP Server 1.0 and classif ...)
@@ -19,9 +19,9 @@ CVE-2025-5073 (A vulnerability, which was classified as critical, has been found
CVE-2025-4979 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
TODO: check
CVE-2025-4419 (The Hot Random Image plugin for WordPress is vulnerable to Path Traver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4405 (The Hot Random Image plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4366 (A request smuggling vulnerability identified within Pingora\u2019s pro ...)
TODO: check
CVE-2025-4280 (MacOS version of Poedit bundles aPython interpreter that inherits the ...)
@@ -59,39 +59,39 @@ CVE-2025-45468 (Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows
CVE-2025-43596 (An insecure file system permissions vulnerability in MSP360 Backup 8.0 ...)
TODO: check
CVE-2025-41403 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are vulnerab ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-3945 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3944 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3943 (Use of GET Request Method With Sensitive Query Strings vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3942 (Improper Output Neutralization for Logs vulnerability in Tridium Niaga ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3941 (Improper Handling of Windows ::DATA Alternate Data Stream vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3940 (Improper Use of Validation Framework vulnerability in Tridium Niagara ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3939 (Observable Response Discrepancy vulnerability in Tridium Niagara Frame ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3938 (Missing Cryptographic Step vulnerability in Tridium Niagara Framework ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3937 (Use of Password Hash With Insufficient Computational Effort vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3936 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3836 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are vulnerab ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-3444 (Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus vers ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-3111 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
TODO: check
CVE-2025-33138 (IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33137 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated us ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33136 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated us ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32915 (Packages downloaded by Checkmk's automatic agent updates on Linux and ...)
TODO: check
CVE-2025-32815 (An issue was discovered in Infoblox NETMRI before 7.6.1. Authenticatio ...)
@@ -101,23 +101,23 @@ CVE-2025-32814 (An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthe
CVE-2025-32813 (An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauth ...)
TODO: check
CVE-2025-30173 (File upload vulnerabilities are present in ASPECT if session administr ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-30172 (Remote Code Execution vulnerabilities are present in ASPECT if session ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-30171 (System File Deletion vulnerabilities in ASPECT provide attackers acces ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-30170 (Exposure of file path, file size or file existence vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-30169 (File upload and execute vulnerabilities in ASPECT allow PHP script inj ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-2853 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
TODO: check
CVE-2025-2506 (When pglogical attempts to replicate data, it does not verify it is us ...)
TODO: check
CVE-2025-2410 (Port manipulation vulnerabilities in ASPECT provide attackers with the ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-2409 (File corruption vulnerabilities in ASPECT provide attackers access to ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-2272 (Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpo ...)
TODO: check
CVE-2025-23183 (CWE-601: URL Redirection to Untrusted Site ('Open Redirect'))
@@ -133,9 +133,9 @@ CVE-2025-0679 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2025-0605 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
TODO: check
CVE-2024-9639 (Remote Code Execution vulnerabilities are present in ASPECT if session ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-9544 (The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7487 (An improper authentication vulnerability exists in WSO2 Identity Serve ...)
TODO: check
CVE-2024-7103 (A reflected cross-site scripting (XSS) vulnerability exists in the sub ...)
@@ -149,15 +149,15 @@ CVE-2024-54188 (Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote
CVE-2024-52874 (In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL i ...)
TODO: check
CVE-2024-51553 (Predictable filename vulnerabilities in ASPECT may expose sensitive in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-51552 (Weak password storage vulnerabilities exist in ASPECT if administrator ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-48853 (An escalation of privilege vulnerability in ASPECT could provide an at ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-48850 (Absolute File Traversal vulnerabilities in ASPECT allows access and mo ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-48848 (Large content vulnerabilities are present in ASPECT exposing a device ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-41199 (An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attac ...)
TODO: check
CVE-2024-41198 (An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attacker ...)
@@ -181,39 +181,39 @@ CVE-2024-40458 (An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a
CVE-2024-25010 (Ericsson RAN Compute and Site Controller 6610 contains in certain conf ...)
TODO: check
CVE-2024-13958 (Stored Cross Site Scripting vulnerabilities exist in ASPECT if adminis ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13957 (SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if ad ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13956 (SSL Verification Bypass vulnerabilities exist in ASPECT if administrat ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13955 (2nd Order SQL injection vulnerabilities in ASPECT allow unintended acc ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13954 (Serialized configuration information may be disclosed during device co ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13953 (Sensitive device logger information in ASPECT may be exposed if admini ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13952 (Predictable filename vulnerabilities in ASPECT may expose sensitive in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13951 (One way hash with predictable salt vulnerabilities in ASPECT may expos ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13950 (Log injection vulnerabilities in ASPECT provide attacker access to inj ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13949 (Large content vulnerabilities are present in ASPECT exposing a device ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13948 (Windows permissions for ASPECT configuration toolsets are not fully se ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13947 (Device commissioning parameters in ASPECT may be modified by an extern ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13946 (DLL's are not digitally signed when loaded in ASPECT's configuration t ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13931 (Relative Path Traversal vulnerabilities in ASPECT allow access to file ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13930 (An Unchecked Loop Condition in ASPECT provides an attacker the ability ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13929 (Servlet injection vulnerabilities in ASPECT allow remote code executio ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13928 (SQL injection vulnerabilities in ASPECT allow unintended access and ma ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
TODO: check
CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and application cras ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7656a6e8712fa7060b94a24a0ca59b4531c1a995
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7656a6e8712fa7060b94a24a0ca59b4531c1a995
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250522/3646b9d0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list