Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54806e86 by security tracker role at 2025-06-12T20:13:49+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-6031 (Amazon Cloud Cam is a home security camera that was deprecated
on Dece ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-6021 (A flaw was found in libxml2's xmlBuildQName function, where
integer ov ...)
TODO: check
CVE-2025-6003 (The WordPress Single Sign-On (SSO) plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5996 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2025-5982 (An issue has been discovered in GitLab EE affecting all
versions from ...)
@@ -33,55 +33,55 @@ CVE-2025-49576 (Citizen is a MediaWiki skin that makes
extensions part of the co
CVE-2025-49575 (Citizen is a MediaWiki skin that makes extensions part of the
cohesive ...)
TODO: check
CVE-2025-49467 (A SQL injection vulnerability in JEvents component before
3.6.88 and 3 ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-49200 (The created backup files are unencrypted, making the
application vulne ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49199 (The backup ZIPs are not signed by the application, leading to
the poss ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49198 (The Media Server\u2019s authorization tokens have a poor
quality of ra ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49197 (The application uses a weak password hash function, allowing
an attack ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49196 (A service supports the use of a deprecated and unsafe TLS
version. Thi ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49195 (The FTP server\u2019s login mechanism does not restrict
authentication ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49194 (The server supports authentication methods in which
credentials are se ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49193 (The application fails to implement several security headers.
These hea ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49192 (The web application is vulnerable to clickjacking attacks. The
site ca ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49191 (Linked URLs during the creation of iFrame widgets and
dashboards are v ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49190 (The application is vulnerable to Server-Side Request Forgery
(SSRF). A ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49189 (The HttpOnlyflag of the session cookie \"@@\" is set to false.
Since t ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49188 (The application sends user credentials as URL parameters
instead of PO ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49187 (For failed login attempts, the application returns different
error mes ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49186 (The product does not implement sufficient measures to prevent
multiple ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49185 (The web application is susceptible to cross-site-scripting
attacks. An ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49184 (A remote unauthorized attacker may gather sensitive
information of the ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49183 (All communication with the REST API is unencrypted (HTTP),
allowing an ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49182 (Files in the source code contain login credentials for the
admin user ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49181 (Due to missing authorization of an API endpoint, unauthorized
users ca ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-49081 (There is an insufficient input validation vulnerability in the
warehou ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2025-49080 (There is a memory management vulnerability in Absolute Secure
Access s ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2025-48699
REJECTED
CVE-2025-46035 (Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16
allows a remo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-44019 (AVEVA PI Data Archive products are vulnerable to an uncaught
exception ...)
TODO: check
CVE-2025-43866 (vantage6 is an open-source infrastructure for privacy
preserving analy ...)
@@ -89,9 +89,9 @@ CVE-2025-43866 (vantage6 is an open-source infrastructure for
privacy preserving
CVE-2025-43863 (vantage6 is an open source framework built to enable, manage
and deplo ...)
TODO: check
CVE-2025-40592 (A vulnerability has been identified in Mendix Studio Pro 10
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-36573 (Dell Smart Dock Firmware, versions prior to 01.00.08.01,
contain an In ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36539 (AVEVA PI Data Archive products are vulnerable to an uncaught
exceptio ...)
TODO: check
CVE-2025-2745 (A cross-site scripting vulnerability exists in AVEVAPI Web API
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54806e867c28a502f3bab72a4bc6440723318861
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54806e867c28a502f3bab72a4bc6440723318861
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
