Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2dcdf470 by Salvatore Bonaccorso at 2025-05-08T23:11:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -75,13 +75,13 @@ CVE-2025-44021 (OpenStack Ironic before 29.0.1 can write
unintended files to a t
CVE-2025-41450 (Improper Authentication vulnerability in Danfoss AKSM8xxA
Series.This ...)
NOT-FOR-US: Danfoss
CVE-2025-40846 (Improper Input Validation, the returnUrl parameter in Account
Security ...)
- TODO: check
+ NOT-FOR-US: HaloITSM
CVE-2025-3862 (Contest Gallery plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3759 (Endpoint/cgi-bin-igd/netcore_set.cgiwhich is used for changing
device ...)
- TODO: check
+ NOT-FOR-US: WF2220
CVE-2025-3758 (WF2220 exposes endpoint/cgi-bin-igd/netcore_get.cgithat returns
config ...)
- TODO: check
+ NOT-FOR-US: WF2220
CVE-2025-3506 (Files to be deployed with agents are accessible without
authentication ...)
TODO: check
CVE-2025-3468 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms
and mu ...)
@@ -99,11 +99,11 @@ CVE-2025-27695 (Dell Wyse Management Suite, versions prior
to WMS 5.1 contain an
CVE-2025-1948 (In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2
client ...)
TODO: check
CVE-2025-1254 (Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI
Connext P ...)
- TODO: check
+ NOT-FOR-US: RTI Connext Professional (Core Libraries)
CVE-2025-1253 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: RTI Connext Professional (Core Libraries)
CVE-2025-1252 (Heap-based Buffer Overflow vulnerability in RTI Connext
Professional ( ...)
- TODO: check
+ NOT-FOR-US: RTI Connext Professional (Core Libraries)
CVE-2025-0505 (On Arista CloudVision systems (virtual or physical on-premise
deployme ...)
NOT-FOR-US: Arista Networks
CVE-2024-9448 (On affected platforms running Arista EOS with Traffic Policies
configu ...)
@@ -111,7 +111,7 @@ CVE-2024-9448 (On affected platforms running Arista EOS
with Traffic Policies co
CVE-2024-8100 (On affected versions of the Arista CloudVision Portal (CVP
on-prem), t ...)
NOT-FOR-US: Arista Networks
CVE-2024-6648 (Absolute Path Traversal vulnerability in AP Page Builder
versions prio ...)
- TODO: check
+ NOT-FOR-US: AP Page Builder
CVE-2024-13009 (In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be
incorrectly ...)
TODO: check
CVE-2024-12378 (On affected platforms running Arista EOS with secure Vxlan
configured, ...)
@@ -119,9 +119,9 @@ CVE-2024-12378 (On affected platforms running Arista EOS
with secure Vxlan confi
CVE-2024-11186 (On affected versions of the CloudVision Portal, improper
access contro ...)
NOT-FOR-US: Arista Networks
CVE-2023-51328 (PHPJabbers Cleaning Business Software v1.0 is vulnerable to
Multiple S ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Cleaning Business Software
CVE-2023-51295 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to
Multiple HTML ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2025-4127 (The WP SEO Structured Data Schema plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4043 (An admin user can gain unauthorized write access to the
/etc/rc.local ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dcdf47041f60be6593020cf734786f95275f44a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dcdf47041f60be6593020cf734786f95275f44a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
