Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7656a6e8 by security tracker role at 2025-05-22T20:14:41+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2025-5081 (A vulnerability classified as critical was found in Campcodes
Cybercaf ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5080 (A vulnerability classified as critical has been found in Tenda
FH451 1 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5079 (A vulnerability was found in Campcodes Online Shopping Portal
1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5078 (A vulnerability was found in Campcodes Online Shopping Portal
1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5077 (A vulnerability was found in Campcodes Online Shopping Portal
1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-5076 (A vulnerability was found in FreeFloat FTP Server 1.0 and
classified a ...)
TODO: check
CVE-2025-5075 (A vulnerability has been found in FreeFloat FTP Server 1.0 and
classif ...)
@@ -19,9 +19,9 @@ CVE-2025-5073 (A vulnerability, which was classified as
critical, has been found
CVE-2025-4979 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
TODO: check
CVE-2025-4419 (The Hot Random Image plugin for WordPress is vulnerable to Path
Traver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4405 (The Hot Random Image plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4366 (A request smuggling vulnerability identified within
Pingora\u2019s pro ...)
TODO: check
CVE-2025-4280 (MacOS version of Poedit bundles aPython interpreter that
inherits the ...)
@@ -59,39 +59,39 @@ CVE-2025-45468 (Insecure permissions in
fc-stable-diffusion-plus v1.0.18 allows
CVE-2025-43596 (An insecure file system permissions vulnerability in MSP360
Backup 8.0 ...)
TODO: check
CVE-2025-41403 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-3945 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3944 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3943 (Use of GET Request Method With Sensitive Query Strings
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3942 (Improper Output Neutralization for Logs vulnerability in
Tridium Niaga ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3941 (Improper Handling of Windows ::DATA Alternate Data Stream
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3940 (Improper Use of Validation Framework vulnerability in Tridium
Niagara ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3939 (Observable Response Discrepancy vulnerability in Tridium
Niagara Frame ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3938 (Missing Cryptographic Step vulnerability in Tridium Niagara
Framework ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3937 (Use of Password Hash With Insufficient Computational Effort
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3936 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-3836 (ZohocorpManageEngine ADAudit Plus versions 8510 and prior are
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-3444 (Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter
Plus vers ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-3111 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2025-33138 (IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML
injection ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33137 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an
authenticated us ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33136 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an
authenticated us ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32915 (Packages downloaded by Checkmk's automatic agent updates on
Linux and ...)
TODO: check
CVE-2025-32815 (An issue was discovered in Infoblox NETMRI before 7.6.1.
Authenticatio ...)
@@ -101,23 +101,23 @@ CVE-2025-32814 (An issue was discovered in Infoblox
NETMRI before 7.6.1. Unauthe
CVE-2025-32813 (An issue was discovered in Infoblox NETMRI before 7.6.1.
Remote Unauth ...)
TODO: check
CVE-2025-30173 (File upload vulnerabilities are present in ASPECT if session
administr ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-30172 (Remote Code Execution vulnerabilities are present in ASPECT if
session ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-30171 (System File Deletion vulnerabilities in ASPECT provide
attackers acces ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-30170 (Exposure of file path, file size or file existence
vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-30169 (File upload and execute vulnerabilities in ASPECT allow PHP
script inj ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-2853 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
TODO: check
CVE-2025-2506 (When pglogical attempts to replicate data, it does not verify
it is us ...)
TODO: check
CVE-2025-2410 (Port manipulation vulnerabilities in ASPECT provide attackers
with the ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-2409 (File corruption vulnerabilities in ASPECT provide attackers
access to ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-2272 (Uncontrolled Search Path Element vulnerability in Forcepoint
FIE Endpo ...)
TODO: check
CVE-2025-23183 (CWE-601: URL Redirection to Untrusted Site ('Open Redirect'))
@@ -133,9 +133,9 @@ CVE-2025-0679 (An issue has been discovered in GitLab CE/EE
affecting all versio
CVE-2025-0605 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2024-9639 (Remote Code Execution vulnerabilities are present in ASPECT if
session ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-9544 (The MapSVG plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7487 (An improper authentication vulnerability exists in WSO2
Identity Serve ...)
TODO: check
CVE-2024-7103 (A reflected cross-site scripting (XSS) vulnerability exists in
the sub ...)
@@ -149,15 +149,15 @@ CVE-2024-54188 (Infoblox NETMRI before 7.6.1 has a
vulnerability allowing remote
CVE-2024-52874 (In Infoblox NETMRI before 7.6.1, authenticated users can
perform SQL i ...)
TODO: check
CVE-2024-51553 (Predictable filename vulnerabilities in ASPECT may expose
sensitive in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-51552 (Weak password storage vulnerabilities exist in ASPECT if
administrator ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-48853 (An escalation of privilege vulnerability in ASPECT could
provide an at ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-48850 (Absolute File Traversal vulnerabilities in ASPECT allows
access and mo ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-48848 (Large content vulnerabilities are present in ASPECT exposing a
device ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-41199 (An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16
allows attac ...)
TODO: check
CVE-2024-41198 (An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows
attacker ...)
@@ -181,39 +181,39 @@ CVE-2024-40458 (An issue in Ocuco Innovation Tracking.exe
v.2.10.24.51 allows a
CVE-2024-25010 (Ericsson RAN Compute and Site Controller 6610 contains in
certain conf ...)
TODO: check
CVE-2024-13958 (Stored Cross Site Scripting vulnerabilities exist in ASPECT if
adminis ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13957 (SSRF Server Side Request Forgery vulnerabilities exist in
ASPECT if ad ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13956 (SSL Verification Bypass vulnerabilities exist in ASPECT if
administrat ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13955 (2nd Order SQL injection vulnerabilities in ASPECT allow
unintended acc ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13954 (Serialized configuration information may be disclosed during
device co ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13953 (Sensitive device logger information in ASPECT may be exposed
if admini ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13952 (Predictable filename vulnerabilities in ASPECT may expose
sensitive in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13951 (One way hash with predictable salt vulnerabilities in ASPECT
may expos ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13950 (Log injection vulnerabilities in ASPECT provide attacker
access to inj ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13949 (Large content vulnerabilities are present in ASPECT exposing a
device ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13948 (Windows permissions for ASPECT configuration toolsets are not
fully se ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13947 (Device commissioning parameters in ASPECT may be modified by
an extern ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13946 (DLL's are not digitally signed when loaded in ASPECT's
configuration t ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13931 (Relative Path Traversal vulnerabilities in ASPECT allow access
to file ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13930 (An Unchecked Loop Condition in ASPECT provides an attacker the
ability ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13929 (Servlet injection vulnerabilities in ASPECT allow remote code
executio ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-13928 (SQL injection vulnerabilities in ASPECT allow unintended
access and ma ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and
application cras ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7656a6e8712fa7060b94a24a0ca59b4531c1a995
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7656a6e8712fa7060b94a24a0ca59b4531c1a995
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
