Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f2621fb by Moritz Muehlenhoff at 2025-05-15T23:40:52+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -153,7 +153,7 @@ CVE-2025-4126 (The EG-Series plugin for WordPress is
vulnerable to Stored Cross-
CVE-2025-48027 (The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows
authenticati ...)
NOT-FOR-US: pGina.Fork
CVE-2025-48024 (In BlueWave Checkmate before 2.1, an authenticated regular
user can ac ...)
- TODO: check
+ NOT-FOR-US: BlueWave Checkmate
CVE-2025-47889 (In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication
claims ar ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-47888 (Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally
disables SSL ...)
@@ -950,11 +950,11 @@ CVE-2025-22462 (An authentication bypass in Ivanti
Neurons for ITSM (on-prem onl
CVE-2025-22460 (Default credentials in Ivanti Cloud Services Application
before versio ...)
NOT-FOR-US: Ivanti
CVE-2025-22248 (The bitnami/pgpoolDocker image, and the bitnami/postgres-hak8s
chart, ...)
- TODO: check
+ NOT-FOR-US: bitnami/pgpoolDocker image
CVE-2025-21264 (Files or directories accessible to external parties in Visual
Studio C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-0035 (Unquoted search path within AMD Cloud Manageability Service can
allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-6364 (A vulnerability in Absolute Persistence\xae versions before 2.8
exists ...)
NOT-FOR-US: Absolute Software
CVE-2024-56526 (An issue was discovered in OXID eShop before 7. CMS pages in
combinati ...)
@@ -968,15 +968,15 @@ CVE-2024-51445 (A vulnerability has been identified in
Polarion V2310 (All versi
CVE-2024-51444 (A vulnerability has been identified in Polarion V2310 (All
versions), ...)
NOT-FOR-US: Siemens
CVE-2024-48766 (NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file
reading ...)
- TODO: check
+ NOT-FOR-US: NetAlertX
CVE-2024-46506 (NetAlertX 23.01.14 through 24.x before 24.10.12 allows
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: NetAlertX
CVE-2024-42446 (APTIOV contains a vulnerability in BIOS where an attacker may
cause a ...)
NOT-FOR-US: AMI
CVE-2024-36340 (A junction point vulnerability within AMD uProf can allow a
local low ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36339 (A DLL hijacking vulnerability in the AMD Optimizing CPU
Libraries coul ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36321 (Unquoted search path within AIM-T Manageability Service can
allow a lo ...)
TODO: check
CVE-2024-35281 (An improper isolation or compartmentalization vulnerability
[CWE-653] ...)
@@ -988,9 +988,9 @@ CVE-2024-21960 (Incorrect default permissions in the AMD
Optimizing CPU Librarie
CVE-2024-12533 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
TODO: check
CVE-2023-31359 (Incorrect default permissions in the AMD Manageability API
could allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31358 (A DLL hijacking vulnerability in the AMD Manageability API
could allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-4632 (Improper limitation of a pathname to a restricted directory
vulnerabil ...)
NOT-FOR-US: Samsung
CVE-2025-4474 (The Frontend Dashboard plugin for WordPress is vulnerable to
Privilege ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2621fbfc0af854e4af04841bbe8f2fb240d35e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2621fbfc0af854e4af04841bbe8f2fb240d35e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
