[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 11 Feb 2025 12:35:44 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b56a8cd6 by Salvatore Bonaccorso at 2025-02-11T21:34:45+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,407 +1,407 @@
 CVE-2025-26495 (Cleartext Storage of Sensitive Information vulnerability in 
Salesforce ...)
-       TODO: check
+       NOT-FOR-US: Salesforce Tableau Server
 CVE-2025-26494 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce 
Tableau ...)
-       TODO: check
+       NOT-FOR-US: Salesforce Tableau Server
 CVE-2025-26493 (In JetBrains TeamCity before 2024.12.2 several DOM-based XSS 
were poss ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2025-26492 (In JetBrains TeamCity before 2024.12.2 improper Kubernetes 
connection  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2025-26491 (A vulnerability has been identified in Opcenter Intelligence 
(All vers ...)
-       TODO: check
+       NOT-FOR-US: Opcenter Intelligence
 CVE-2025-26490 (A vulnerability has been identified in Opcenter Intelligence 
(All vers ...)
-       TODO: check
+       NOT-FOR-US: Opcenter Intelligence
 CVE-2025-26411 (An authenticated attacker is able to use the Plugin Manager of 
the web ...)
-       TODO: check
+       NOT-FOR-US: Wattsense Bridge devices
 CVE-2025-26410 (The firmware of all Wattsense Bridge devices contain the same 
hard-cod ...)
-       TODO: check
+       NOT-FOR-US: Wattsense Bridge devices
 CVE-2025-26409 (A serial interface can be accessed with physical access to the 
PCB of  ...)
-       TODO: check
+       NOT-FOR-US: Wattsense Bridge devices
 CVE-2025-26408 (The JTAG interface of Wattsense Bridge devices can be accessed 
with ph ...)
-       TODO: check
+       NOT-FOR-US: Wattsense Bridge devices
 CVE-2025-25530 (Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB 
Gateway ...)
-       TODO: check
+       NOT-FOR-US: Digital China DCBI-Netlog-LAB Gateway
 CVE-2025-25529 (Buffer overflow vulnerability in Digital China DCBC Gateway 
200-2.1.1  ...)
-       TODO: check
+       NOT-FOR-US: Digital China DCBI-Netlog-LAB Gateway
 CVE-2025-25528 (Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 
RPT75A3 ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2025-25527 (Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 
10.3(4b12) ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2025-25526 (Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 
due to t ...)
-       TODO: check
+       NOT-FOR-US: Mercury MIPC552W Camera
 CVE-2025-25525 (Buffer overflow vulnerability in H3C FA3010L access points 
SWFA1B0V100 ...)
-       TODO: check
+       NOT-FOR-US: H3C FA3010L access points SWFA1B0V100R005
 CVE-2025-25524 (Buffer overflow vulnerability in TOTOLink X6000R routers 
V9.4.0cu.652_ ...)
-       TODO: check
+       NOT-FOR-US: TOTOLink
 CVE-2025-25523 (Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart 
Switch v ...)
-       TODO: check
+       NOT-FOR-US: Trendnet
 CVE-2025-25522 (Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 
due to th ...)
-       TODO: check
+       NOT-FOR-US: Linksys
 CVE-2025-25202 (Ash Authentication is an authentication framework for Elixir 
applicati ...)
-       TODO: check
+       NOT-FOR-US: Ash Authentication
 CVE-2025-24976 (Distribution is a toolkit to pack, ship, store, and deliver 
container  ...)
        TODO: check
 CVE-2025-24973 (Concorde, formerly know as Nexkey, is a fork of the federated 
microblo ...)
-       TODO: check
+       NOT-FOR-US: Concorde
 CVE-2025-24956 (A vulnerability has been identified in OpenV2G (All versions < 
V0.9.6) ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2025-24900 (Concorde, formerly know as Nexkey, is a fork of the federated 
microblo ...)
-       TODO: check
+       NOT-FOR-US: Concorde
 CVE-2025-24897 (Misskey is an open source, federated social media platform. 
Starting i ...)
-       TODO: check
+       NOT-FOR-US: Misskey
 CVE-2025-24896 (Misskey is an open source, federated social media platform. 
Starting i ...)
-       TODO: check
+       NOT-FOR-US: Misskey
 CVE-2025-24812 (A vulnerability has been identified in SIMATIC S7-1200 CPU 
1211C AC/DC ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2025-24811 (A vulnerability has been identified in SIMATIC S7-1200 CPU 
1211C AC/DC ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2025-24807 (eprosima Fast DDS is a C++ implementation of the DDS (Data 
Distributio ...)
        TODO: check
 CVE-2025-24532 (A vulnerability has been identified in SCALANCE WAB762-1 
(6GK5762-1AJ0 ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2025-24499 (A vulnerability has been identified in SCALANCE WAB762-1 
(6GK5762-1AJ0 ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2025-24472 (AnAuthentication Bypass Using an Alternate Path or Channel 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2025-24470 (AnImproper Resolution of Path Equivalence vulnerability 
[CWE-41] in Fo ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2025-24438 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24437 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24436 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24435 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24434 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24432 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24430 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24429 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24428 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24427 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24426 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24425 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24424 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24423 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24422 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24421 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24420 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24419 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24418 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24417 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24416 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24415 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24414 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24413 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24412 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24411 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24410 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24409 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24408 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24407 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24406 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 
2.4.5-p10, 2. ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-24042 (Visual Studio Code JS Debug Extension Elevation of Privilege 
Vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24039 (Visual Studio Code Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-24036 (Microsoft AutoUpdate (MAU) Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-23403 (A vulnerability has been identified in SIMATIC IPC DiagBase 
(All versi ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2025-23363 (A vulnerability has been identified in Teamcenter (All 
versions < V14. ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2025-22467 (A stack-based buffer overflow in Ivanti Connect Secure before 
version  ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-22399 (Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add 
Customer SF ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2025-21420 (Windows Disk Cleanup Tool Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21419 (Windows Setup Files Cleanup Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21418 (Windows Ancillary Function Driver for WinSock Elevation of 
Privilege V ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21414 (Windows Core Messaging Elevation of Privileges Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21410 (Windows Routing and Remote Access Service (RRAS) Remote Code 
Execution ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21407 (Windows Telephony Service Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21406 (Windows Telephony Service Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21400 (Microsoft SharePoint Server Remote Code Execution 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21397 (Microsoft Office Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21394 (Microsoft Excel Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21392 (Microsoft Office Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21391 (Windows Storage Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21390 (Microsoft Excel Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21387 (Microsoft Excel Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21386 (Microsoft Excel Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21383 (Microsoft Excel Information Disclosure Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21381 (Microsoft Excel Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21379 (DHCP Client Service Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21377 (NTLM Hash Disclosure Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21376 (Windows Lightweight Directory Access Protocol (LDAP) Remote 
Code Execu ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21375 (Kernel Streaming WOW Thunk Service Driver Elevation of 
Privilege Vulne ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21373 (Windows Installer Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21371 (Windows Telephony Service Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21369 (Microsoft Digest Authentication Remote Code Execution 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21368 (Microsoft Digest Authentication Remote Code Execution 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21367 (Windows Win32 Kernel Subsystem Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21359 (Windows Kernel Security Feature Bypass Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21358 (Windows Core Messaging Elevation of Privileges Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21352 (Internet Connection Sharing (ICS) Denial of Service 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21351 (Windows Active Directory Domain Services API Denial of Service 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21350 (Windows Kerberos Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21349 (Windows Remote Desktop Configuration Service Tampering 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21347 (Windows Deployment Services Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21337 (Windows NTFS Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21322 (Microsoft PC Manager Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21259 (Microsoft Outlook Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21254 (Internet Connection Sharing (ICS) Denial of Service 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21216 (Internet Connection Sharing (ICS) Denial of Service 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21212 (Internet Connection Sharing (ICS) Denial of Service 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21208 (Windows Routing and Remote Access Service (RRAS) Remote Code 
Execution ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21206 (Visual Studio Installer Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21201 (Windows Telephony Server Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21200 (Windows Telephony Service Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21198 (Microsoft High Performance Compute (HPC) Pack Remote Code 
Execution Vu ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21194 (Microsoft Surface Security Feature Bypass Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21190 (Windows Telephony Service Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21188 (Azure Network Watcher VM Extension Elevation of Privilege 
Vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21184 (Windows Core Messaging Elevation of Privileges Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21183 (Windows Resilient File System (ReFS) Deduplication Service 
Elevation o ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21182 (Windows Resilient File System (ReFS) Deduplication Service 
Elevation o ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21181 (Microsoft Message Queuing (MSMQ) Denial of Service 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21179 (DHCP Client Service Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-21163 (Illustrator versions 29.1, 28.7.3 and earlier are affected by 
a Stack- ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21162 (Photoshop Elements versions 2025.0 and earlier are affected by 
a Creat ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21161 (Substance3D - Designer versions 14.0.2 and earlier are 
affected by an  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21160 (Illustrator versions 29.1, 28.7.3 and earlier are affected by 
an Integ ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21159 (Illustrator versions 29.1, 28.7.3 and earlier are affected by 
a Use Af ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21158 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are 
affected by ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21157 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are 
affected by ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21156 (InCopy versions 20.0, 19.5.1 and earlier are affected by an 
Integer Un ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21155 (Substance3D - Stager versions 3.1.0 and earlier are affected 
by a NULL ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21126 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are 
affected by ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21125 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are 
affected by ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21124 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are 
affected by ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21123 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are 
affected by ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-21121 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are 
affected by ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-1231 (Improper password reset in PAM Module in Devolutions Server 
2024.3.10. ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2025-1182 (A vulnerability, which was classified as critical, was found in 
GNU Bi ...)
        TODO: check
 CVE-2025-1126 (A Reliance on Untrusted Inputs in a Security Decision 
vulnerability ha ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2025-1052 (Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote 
Code Exec ...)
        TODO: check
 CVE-2025-1044 (Logsign Unified SecOps Platform Authentication Bypass 
Vulnerability. T ...)
        TODO: check
 CVE-2025-0911 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read 
Information Dis ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0910 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote 
Code Ex ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0909 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read 
Information Dis ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0908 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read 
Information Dis ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0907 (PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read 
Information Dis ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0906 (PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read 
Information Dis ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0905 (PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read 
Information Dis ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0904 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read 
Information Dis ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0903 (PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow 
Remote  ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0902 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read 
Information Dis ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0901 (PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code 
Execution ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0899 (PDF-XChange Editor AcroForm Use-After-Free Remote Code 
Execution Vulne ...)
-       TODO: check
+       NOT-FOR-US: PDF-XChange Editor
 CVE-2025-0862 (The SuperSaaS \u2013 online appointment scheduling plugin for 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-0589 (In affected versions of Octopus Deploy where customers are 
using Activ ...)
-       TODO: check
+       NOT-FOR-US: Octopus Deploy
 CVE-2025-0588 (In affected versions of Octopus Server it was possible for a 
user with ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2025-0526 (In affected versions of Octopus Deploy it was possible to 
upload files ...)
-       TODO: check
+       NOT-FOR-US: Octopus Deploy
 CVE-2025-0525 (In affected versions of Octopus Server the preview import 
feature coul ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2025-0513 (In affected versions of Octopus Server error messages were 
handled uns ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2024-54090 (A vulnerability has been identified in APOGEE PXC Series 
(BACnet) (All ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-54089 (A vulnerability has been identified in APOGEE PXC Series 
(BACnet) (All ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-54015 (A vulnerability has been identified in SIPROTEC 5 6MD84 
(CP300) (All v ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-53977 (A vulnerability has been identified in ModelSim (All versions 
< V2025. ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-53651 (A vulnerability has been identified in SIPROTEC 5 6MD84 
(CP300) (All v ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-53648 (A vulnerability has been identified in SIPROTEC 5 6MD84 
(CP300) (All v ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-52968 (An improper authentication in Fortinet FortiClientMac 7.0.11 
through 7 ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-52966 (An exposure of sensitive information to an unauthorized actor 
in Forti ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-50569 (A improper neutralization of special elements used in an os 
command (' ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-50567 (An improper neutralization of special elements used in an os 
command ( ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-47908 (OS command injection in the admin web console of Ivanti CSA 
before ver ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-45386 (A vulnerability has been identified in SIMATIC PCS neo V4.0 
(All versi ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-40591 (An incorrect privilege assignment vulnerability [CWE-266] in 
Fortinet  ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-40586 (AnImproper Access Control vulnerability [CWE-284] in 
FortiClient Windo ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-40584 (An improper neutralization of special elements used in an OS 
command ( ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-36508 (An improper limitation of a pathname to a restricted directory 
('Path  ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-35279 (A stack-based buffer overflow [CWE-121] vulnerability in 
Fortinet Fort ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-33659 (AMI APTIOV contains a vulnerability in BIOS where an attacker 
may caus ...)
-       TODO: check
+       NOT-FOR-US: AMI APTIOV
 CVE-2024-33504 (A use of hard-coded cryptographic key to encrypt sensitive 
data vulner ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-27781 (An improper neutralization of input during web page generation 
('cross ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-27780 (MultipleImproper Neutralization of Input During Web Page 
Generation (' ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-23814 (A vulnerability has been identified in SCALANCE WAB762-1 
(6GK5762-1AJ0 ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-21966 (A DLL hijacking vulnerability in the AMD Ryzen\u2122  Master 
Utility c ...)
        TODO: check
 CVE-2024-13843 (Cleartext storage of information in Ivanti Connect Secure 
before versi ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-13842 (A hardcoded key in Ivanti Connect Secure before version 
22.7R2.3 and I ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-13830 (Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 
and Iva ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-13813 (Insufficient permissions in Ivanti Secure Access Client before 
version ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-13506 (The GeoDirectory \u2013 WP Business Directory Plugin and 
Classified Li ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12833 (Paessler PRTG Network Monitor SNMP Cross-Site Scripting 
Authentication ...)
-       TODO: check
+       NOT-FOR-US: Paessler PRTG Network Monitor SNMP
 CVE-2024-12756 (An HTML Injection vulnerability in Avaya Spaces may have 
allowed discl ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2024-12755 (A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may 
have al ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2024-12551 (Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds 
Read Remo ...)
-       TODO: check
+       NOT-FOR-US: Tungsten Automation
 CVE-2024-12550 (Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds 
Read Info ...)
-       TODO: check
+       NOT-FOR-US: Tungsten Automation
 CVE-2024-12549 (Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds 
Read Remo ...)
-       TODO: check
+       NOT-FOR-US: Tungsten Automation
 CVE-2024-12548 (Tungsten Automation Power PDF JP2 File Parsing Use-After-Free 
Informat ...)
-       TODO: check
+       NOT-FOR-US: Tungsten Automation
 CVE-2024-12547 (Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds 
Write Rem ...)
-       TODO: check
+       NOT-FOR-US: Tungsten Automation
 CVE-2024-12366 (PandasAI uses an interactive prompt function that is 
vulnerable to pro ...)
-       TODO: check
+       NOT-FOR-US: PandasAI
 CVE-2024-12058 (External control of a file name in Ivanti Connect Secure 
before versio ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-11771 (Path traversal in Ivanti CSA before version 5.0.5 allows a 
remote unau ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-10644 (Code injection in Ivanti Connect Secure before version 
22.7R2.4 and Iv ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-40721 (A use of externally-controlled format string vulnerability 
[CWE-134] i ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-37482 (The login functionality of the web server in affected devices 
does not ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-31361 (A DLL hijacking vulnerability in AMD Integrated Management 
Technology  ...)
        TODO: check
 CVE-2023-31360 (Incorrect default permissions in the AMD Integrated Management 
Technol ...)
@@ -217634,7 +217634,7 @@ CVE-2022-35204 (Vitejs Vite before v2.9.13 was 
discovered to allow attackers to
 CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows 
unauthentic ...)
        NOT-FOR-US: TrendNet TV-IP572PI
 CVE-2022-35202 (A security issue in Sitevision version 10.3.1 and older allows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: Sitevision
 CVE-2022-35201 (Tenda-AC18 V15.03.05.05 was discovered to contain a remote 
command exe ...)
        NOT-FOR-US: Tenda
 CVE-2022-35200
@@ -425123,7 +425123,7 @@ CVE-2019-15004 (The Customer Context Filter in 
Atlassian Jira Service Desk Serve
 CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk 
Server and  ...)
        NOT-FOR-US: Atlassian
 CVE-2019-15002 (An exploitable CSRF vulnerability exists in Atlassian Jira, 
from versi ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2019-15001 (The Jira Importers Plugin in Atlassian Jira Server and Data 
Cente from ...)
        NOT-FOR-US: Atlassian
 CVE-2019-15000 (The commit diff rest endpoint in Bitbucket Server and Data 
Center befo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b56a8cd619bbf959136e5d0cf8d66e7a2bd4d8cb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b56a8cd619bbf959136e5d0cf8d66e7a2bd4d8cb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to