Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62364266 by Moritz Muehlenhoff at 2025-05-15T09:57:36+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,11 +18,11 @@ CVE-2025-46836 [Stack-based Buffer Overflow in net-tools
(get_name)]
CVE-2025-4641 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: bonigarcia webdrivermanager WebDriverManager
CVE-2025-4640 (Out-of-bounds Write vulnerability in PointCloudLibrary pcl
allows Over ...)
- TODO: check
+ NOT-FOR-US: PointCloudLibrary pcl using an outdated zlib copy
CVE-2025-4639 (CWE-611 Improper Restriction of XML External Entity Reference
in the g ...)
NOT-FOR-US: Peergos
CVE-2025-4638 (A vulnerability exists in the inftrees.c component of the zlib
library ...)
- TODO: check
+ NOT-FOR-US: PointCloudLibrary pcl using an outdated zlib copy
CVE-2025-4637 (Divide By Zero vulnerability in davisking dlib allows remote
attacke ...)
NOT-FOR-US: davisking dlib
CVE-2025-4430 (Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP
allows ...)
@@ -77,7 +77,7 @@ CVE-2025-3932 (It was possible to craft an email that showed
a tracking link as
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3932
CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker,
allowing ...)
- TODO: check
+ NOT-FOR-US: Red Hat Yggdrasil, different from src:yggdrasil
CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL
header ...)
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3909
@@ -158,7 +158,7 @@ CVE-2024-58101 (Samsung Galaxy Buds and Galaxy Buds 2 audio
devices are Bluetoot
CVE-2024-57273 (Netgate pfSense CE (prior to 2.8.0 beta release) and
corresponding Plu ...)
NOT-FOR-US: Netgate pfSense CE
CVE-2024-57096 (An issue in wps office before v.19302 allows a local attacker
to obtai ...)
- TODO: check
+ NOT-FOR-US: WPS Office
CVE-2024-56157 (iTop is an web based IT Service Management tool. Prior to
versions 3.1 ...)
NOT-FOR-US: iTop
CVE-2024-54780 (Netgate pfSense CE (prior to 2.8.0 beta release) and
corresponding Plu ...)
@@ -370,7 +370,7 @@ CVE-2025-20003 (Improper link resolution before file access
('Link Following') f
CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality,
Incorrect ...)
TODO: check
CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data
analyti ...)
- TODO: check
+ NOT-FOR-US: LF Edge eKuiper
CVE-2024-48869 (Improper restriction of software interfaces to hardware
features for s ...)
TODO: check
CVE-2024-47800 (Uncontrolled search path for some Intel(R) Graphics Driver
software ma ...)
@@ -699,7 +699,7 @@ CVE-2025-29826 (Improper handling of insufficient
permissions or privileges in M
CVE-2025-28057 (owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in
/admin- ...)
NOT-FOR-US: owl-admin
CVE-2025-28056 (rebuild v3.9.0 through v3.9.3 has a SQL injection
vulnerability in /ad ...)
- TODO: check
+ NOT-FOR-US: rebuild
CVE-2025-28055 (upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an
arbitrary file ...)
NOT-FOR-US: upset-gal-web
CVE-2025-27696 (Improper Authorization vulnerability in Apache Superset allows
ownersh ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62364266745dd646712e2b5f61a220e3435f99e8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62364266745dd646712e2b5f61a220e3435f99e8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
