[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 15 11:35:46 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
03ab30eb by Moritz Mühlenhoff at 2025-10-15T12:32:13+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -697,13 +697,13 @@ CVE-2025-49708 (Use after free in Microsoft Graphics Component allows an authori
CVE-2025-49201 (A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, ...)
NOT-FOR-US: Fortinet
CVE-2025-48813 (Use of a key past its expiration date in Virtual Secure Mode allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-48004 (Use after free in Microsoft Brokering File System allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47989 (Improper access control in Azure Connected Machine Agent allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47979 (Insertion of sensitive information into log file in Windows Failover C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-47890 (An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in Fort ...)
NOT-FOR-US: Fortinet
CVE-2025-47856 (Two improper neutralization of special elements used in an OS command ...)
@@ -713,19 +713,19 @@ CVE-2025-46774 (An Improper Verification of Cryptographic Signature vulnerabilit
CVE-2025-46581 (ZTE's ZXCDN product is affected by a Struts remote code execution (RC ...)
NOT-FOR-US: ZTE
CVE-2025-41718 (A cleartext transmission of sensitive information vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Murrelektronik
CVE-2025-41707 (The websocket handler is vulnerable to a denial of service condition. ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41706 (The webserver is vulnerable to a denial of service condition. An unaut ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41705 (An unauthenticated remote attacker (MITM) can intercept the websocket ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41704 (An unauthanticated remote attacker can perform a DoS of the Modbus ser ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41703 (An unauthenticated remote attacker can cause a Denial of Service by tu ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41699 (An low privileged remote attacker with an account for the Web-based ma ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-40812 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
NOT-FOR-US: Siemens
CVE-2025-40811 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
@@ -783,13 +783,13 @@ CVE-2025-37133 (An authenticated command injection vulnerability exists in the C
CVE-2025-37132 (An arbitrary file write vulnerability exists in the web-based manageme ...)
NOT-FOR-US: HPE
CVE-2025-36730 (A prompt injection vulnerability exists in Windsurft version 1.10.7 in ...)
- TODO: check
+ NOT-FOR-US: Windsurft
CVE-2025-34267 (Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-33182 (NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33177 (NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33044 (APTIOV contains a vulnerability in BIOS where an attacker may cause an ...)
NOT-FOR-US: AMI
CVE-2025-31514 (An Insertion of Sensitive Information into Log File vulnerability [CWE ...)
@@ -807,11 +807,11 @@ CVE-2025-25253 (An Improper Validation of Certificate with Host Mismatch vulnera
CVE-2025-25252 (An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS ...)
NOT-FOR-US: Fortinet
CVE-2025-25004 (Improper access control in Microsoft PowerShell allows an authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24990 (Microsoft is aware of vulnerabilities in the third party Agere Modem d ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-24052 (Microsoft is aware of vulnerabilities in the third party Agere Modem d ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-23356 (NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing ...)
TODO: check
CVE-2025-22833 (APTIOV contains a vulnerability in BIOS where an attacker may cause a ...)
@@ -857,7 +857,7 @@ CVE-2025-20709 (In wlan AP driver, there is a possible out of bounds write due t
CVE-2025-11736 (A flaw has been found in itsourcecode Online Examination System 1.0. A ...)
NOT-FOR-US: itsourcecode System
CVE-2025-11577 (Clevo\u2019s UEFI firmware update packages, including B10717.exe, inad ...)
- TODO: check
+ NOT-FOR-US: Clevo
CVE-2025-11548 (A remote, unauthenticated privilege escalation in ibi WebFOCUS allows ...)
NOT-FOR-US: TIBCO
CVE-2025-11498 (An Improper Neutralization of Formula Elements in a CSV File vulnerabi ...)
@@ -867,7 +867,7 @@ CVE-2025-10986 (Path traversal in the admin panel of Ivanti EPMM before version
CVE-2025-10985 (OS command injection in the admin panel of Ivanti EPMM before version ...)
NOT-FOR-US: Ivanti
CVE-2025-10610 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Winsure
CVE-2025-10243 (OS command injection in the admin panel of Ivanti EPMM before version ...)
NOT-FOR-US: Ivanti
CVE-2025-10242 (OS command injection in the admin panel of Ivanti EPMM before version ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ab30eb10b586fdee2d1ba52808d960a24ddd4c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ab30eb10b586fdee2d1ba52808d960a24ddd4c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251015/ad813499/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list