[Git][security-tracker-team/security-tracker][master] NFUs

Fri May 23 08:44:09 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
997c3a36 by Moritz Muehlenhoff at 2025-05-23T09:42:51+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2025-4419 (The Hot Random Image plugin for WordPress is vulnerable to Path T
 CVE-2025-4405 (The Hot Random Image plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4366 (A request smuggling vulnerability identified within Pingora\u2019s pro ...)
-	TODO: check
+	NOT-FOR-US: Pingora
 CVE-2025-4280 (MacOS version of Poedit bundles aPython interpreter that inherits the  ...)
 	- poedit <not-affected> (Specific to MacOS package)
 	NOTE: https://github.com/vslavik/poedit/security/advisories/GHSA-8fcw-v6gr-hp34
@@ -34,11 +34,11 @@ CVE-2025-48368 (Group-Office is an enterprise customer relationship management a
 CVE-2025-48366 (Group-Office is an enterprise customer relationship management and gro ...)
 	NOT-FOR-US: Group-Office
 CVE-2025-48075 (Fiber is an Express-inspired web framework written in Go. Starting in  ...)
-	TODO: check
+	NOT-FOR-US: Fiber
 CVE-2025-48066 (wire-webapp is the web application for the open-source messaging servi ...)
-	TODO: check
+	NOT-FOR-US: wire-webapp
 CVE-2025-48061 (wire-webapp is the web application for the open-source messaging servi ...)
-	TODO: check
+	NOT-FOR-US: wire-webapp
 CVE-2025-47780 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...)
 	- asterisk <unfixed>
 	NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
@@ -48,21 +48,21 @@ CVE-2025-47779 (Asterisk is an open-source private branch exchange (PBX). Prior
 	NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
 	TODO: check details
 CVE-2025-46716 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie
 CVE-2025-46715 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie
 CVE-2025-46714 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie
 CVE-2025-46713 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie
 CVE-2025-45472 (Insecure permissions in autodeploy-layer v1.2.0 allows attackers to es ...)
-	TODO: check
+	NOT-FOR-US: SAR-AutoDeploy-Layer
 CVE-2025-45471 (Insecure permissions in measure-cold-start v1.4.1 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: measure-cold-start
 CVE-2025-45468 (Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attack ...)
-	TODO: check
+	NOT-FOR-US: fc-stable-diffusion-plus
 CVE-2025-43596 (An insecure file system permissions vulnerability in MSP360 Backup 8.0 ...)
-	TODO: check
+	NOT-FOR-US: MSP360 Backup
 CVE-2025-41403 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are vulnerab ...)
 	NOT-FOR-US: Zoho
 CVE-2025-3945 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
@@ -98,13 +98,13 @@ CVE-2025-33137 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authentica
 CVE-2025-33136 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated us ...)
 	NOT-FOR-US: IBM
 CVE-2025-32915 (Packages downloaded by Checkmk's automatic agent updates on Linux and  ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2025-32815 (An issue was discovered in Infoblox NETMRI before 7.6.1. Authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NETMRI
 CVE-2025-32814 (An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NETMRI
 CVE-2025-32813 (An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauth ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NETMRI
 CVE-2025-30173 (File upload vulnerabilities are present in ASPECT if session administr ...)
 	NOT-FOR-US: ABB group
 CVE-2025-30172 (Remote Code Execution vulnerabilities are present in ASPECT if session ...)
@@ -126,9 +126,9 @@ CVE-2025-2409 (File corruption vulnerabilities in ASPECT provide attackers acces
 CVE-2025-2272 (Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpo ...)
 	TODO: check
 CVE-2025-23183 (CWE-601: URL Redirection to Untrusted Site ('Open Redirect'))
-	TODO: check
+	NOT-FOR-US: UBtech FreePass
 CVE-2025-23182 (CWE-203: Observable Discrepancy)
-	TODO: check
+	NOT-FOR-US: UBtech FreePass
 CVE-2025-1110 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2025-0993 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
@@ -150,9 +150,9 @@ CVE-2024-6914 (An incorrect authorization vulnerability exists in multiple WSO2
 CVE-2024-5962 (A reflected cross-site scripting (XSS) vulnerability exists in the aut ...)
 	TODO: check
 CVE-2024-54188 (Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authe ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NETMRI
 CVE-2024-52874 (In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL i ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NETMRI
 CVE-2024-51553 (Predictable filename vulnerabilities in ASPECT may expose sensitive in ...)
 	NOT-FOR-US: ABB group
 CVE-2024-51552 (Weak password storage vulnerabilities exist in ASPECT if administrator ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997c3a361a39c01fefa4f3e9e4eac8b23071261c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997c3a361a39c01fefa4f3e9e4eac8b23071261c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250523/12a415ec/attachment-0001.htm>
