[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 23 10:28:21 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
79246d0a by Moritz Muehlenhoff at 2025-05-23T11:28:04+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -336,7 +336,7 @@ CVE-2025-4217 (The WP YouTube Video Optimizer plugin for WordPress is vulnerable
CVE-2025-4105 (The Splitit plugin for WordPress is vulnerable to unauthorized modific ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4008 (The Meteobridge web interface let meteobridge administrator manage the ...)
- TODO: check
+ NOT-FOR-US: Meteobridge
CVE-2025-48417 (The certificate and private key used for providing transport layer sec ...)
NOT-FOR-US: eCharge Hardy Barth charging stations
CVE-2025-48416 (An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry ...)
@@ -454,9 +454,9 @@ CVE-2025-20113 (A vulnerability in Cisco Unified Intelligence Center could allow
CVE-2025-20112 (A vulnerability in multiple Cisco Unified Communications and Contact C ...)
TODO: check
CVE-2025-1712 (Argument injection in special agent configuration in Checkmk <2.4.0p1, ...)
- TODO: check
+ - check-mk <removed>
CVE-2025-1421 (Data provided in a request performed to the server while activating a ...)
- TODO: check
+ NOT-FOR-US: Proget
CVE-2025-1420 (Input provided in a field containing "activationMessage"in Konsola Pro ...)
NOT-FOR-US: Proget
CVE-2025-1419 (Input provided in comment section of Konsola Proget is not sanitized c ...)
@@ -478,7 +478,7 @@ CVE-2024-56429 (itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2
CVE-2024-56428 (The local iLabClient database in itech iLabClient 3.7.1 allows local a ...)
NOT-FOR-US: itech iLabClient
CVE-2024-42922 (AAPanel v7.0.7 was discovered to contain an OS command injection vulne ...)
- TODO: check
+ NOT-FOR-US: AAPanel
CVE-2024-23337 (jq is a command-line JSON processor. In versions up to and including 1 ...)
- jq <unfixed> (bug #1106289)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46
@@ -501,7 +501,7 @@ CVE-2025-5010 (A vulnerability classified as problematic has been found in moonl
CVE-2025-5008 (A vulnerability was found in projectworlds Online Time Table Generator ...)
NOT-FOR-US: projectworlds Online Time Table Generator
CVE-2025-5007 (A vulnerability was found in Part-DB up to 1.17.0. It has been declare ...)
- TODO: check
+ NOT-FOR-US: Part-DB
CVE-2025-5006 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It ...)
NOT-FOR-US: Campcodes
CVE-2025-5004 (A vulnerability was found in projectworlds Online Time Table Generator ...)
@@ -596,7 +596,7 @@ CVE-2025-4364 (The affected products could allow an unauthenticated attacker to
CVE-2025-48391 (In JetBrains YouTrack before 2025.1.76253 deletion of issues was possi ...)
NOT-FOR-US: JetBrains
CVE-2025-48056 (Hubble is a fully distributed networking and security observability pl ...)
- TODO: check
+ NOT-FOR-US: Hubble
CVE-2025-48018 (An authenticated user can modify application state data.)
NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
CVE-2025-48017 (Improper limitation of pathname in Circuit Provisioning and File Impor ...)
@@ -637,9 +637,9 @@ CVE-2025-47290 (containerd is a container runtime. A time-of-check to time-of-us
CVE-2025-47277 (vLLM, an inference and serving engine for large language models (LLMs) ...)
- vllm <itp> (bug #1095237)
CVE-2025-46725 (Langroid is a Python framework to build large language model (LLM)-pow ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2025-46724 (Langroid is a Python framework to build large language model (LLM)-pow ...)
- TODO: check
+ NOT-FOR-US: Langroid
CVE-2025-45862 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buff ...)
NOT-FOR-US: TOTOLINK
CVE-2025-44893 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
@@ -669,7 +669,7 @@ CVE-2025-40635 (SQL injection vulnerability in Comerzzia Backoffice: Sales Orche
CVE-2025-40634 (Stack-based buffer overflow vulnerability in the 'conn-indicator' bina ...)
NOT-FOR-US: TP-Link
CVE-2025-40633 (A Stored Cross-Site Scripting (XSS) vulnerability has been found in K ...)
- TODO: check
+ NOT-FOR-US: Koibox
CVE-2025-30193 (In some circumstances, when DNSdist is configured to allow an unlimite ...)
- dnsdist 1.9.10-1 (bug #1106207)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html
@@ -681,7 +681,7 @@ CVE-2025-26086 (An unauthenticated blind SQL injection vulnerability exists in R
CVE-2025-22157 (This High severity PrivEsc (Privilege Escalation) vulnerability was in ...)
NOT-FOR-US: Atlassian
CVE-2024-53359 (An issue in Zalo v23.09.01 allows attackers to obtain sensitive user i ...)
- TODO: check
+ NOT-FOR-US: Zalo
CVE-2024-45641 (IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauth ...)
NOT-FOR-US: IBM
CVE-2023-33861 (IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a truste ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79246d0a3d4ac29a8f72643be08bdc165e5cf217
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79246d0a3d4ac29a8f72643be08bdc165e5cf217
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250523/110c7cf5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list