Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
16d917b1 by Salvatore Bonaccorso at 2025-07-03T22:27:59+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-6587 (System environment variables are recorded in Docker Desktop
diagnostic ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2025-6563 (A cross-site scripting vulnerability is present in the hotspot
of Mikr ...)
NOT-FOR-US: MikroTik
CVE-2025-6074 (Use of Hard-coded Cryptographic Key vulnerability in ABB
RMC-100, ABB ...)
@@ -37,39 +37,39 @@ CVE-2025-50260 (Tenda AC6 v15.03.05.16_multi is vulnerable
to Buffer Overflow in
CVE-2025-50258 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow
in the S ...)
NOT-FOR-US: Tenda
CVE-2025-49846 (wire-ios is an iOS client for the Wire secure messaging
application. F ...)
- TODO: check
+ NOT-FOR-US: wire-ios
CVE-2025-49618 (In Plesk Obsidian 18.0.69, unauthenticated requests to
/login_up.php c ...)
- TODO: check
+ NOT-FOR-US: Plesk Obsidian
CVE-2025-49595 (n8n is a workflow automation platform. Prior to version
1.99.0, there ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2025-49032 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48939 (tarteaucitron.js is a compliant and accessible cookie banner.
Prior to ...)
- TODO: check
+ NOT-FOR-US: tarteaucitron
CVE-2025-45938 (Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to
Cross S ...)
- TODO: check
+ NOT-FOR-US: Akeles Out of Office Assistant for Jira
CVE-2025-45809 (BerriAI litellm v1.65.4 was discovered to contain a SQL
injection vuln ...)
- TODO: check
+ NOT-FOR-US: BerriAI/litellm
CVE-2025-43713 (ASNA Assist and ASNA Registrar before 2025-03-31 allow
deserialization ...)
- TODO: check
+ NOT-FOR-US: ASNA Assist and ASNA Registrar
CVE-2025-40723 (Stored Cross-Site Scripting (XSS) vulnerability in versions
prior to F ...)
- TODO: check
+ NOT-FOR-US: Flatboard
CVE-2025-40722 (Stored Cross-Site Scripting (XSS) vulnerability in versions
prior to F ...)
- TODO: check
+ NOT-FOR-US: Flatboard
CVE-2025-3702 (Missing Authorization vulnerability in Melapress Melapress File
Monito ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-34089 (An unauthenticated remote code execution vulnerability exists
in Remot ...)
TODO: check
CVE-2025-34088 (An authenticated remote code execution vulnerability exists in
Pandora ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2025-34087 (An authenticated command injection vulnerability exists in
Pi-hole ver ...)
- TODO: check
+ NOT-FOR-US: Pi-hole
CVE-2025-34086 (Bolt CMS versions 3.7.0 and earlier contain a chain of
vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: Bolt CMS
CVE-2025-34082 (A command injection vulnerability exists in IGEL OS versions
prior to ...)
- TODO: check
+ NOT-FOR-US: IGEL OS
CVE-2025-34061 (A backdoor in PHPStudy versions 2016 through 2018 allows
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: PHPStudy
CVE-2025-2932 (The JKDEVKIT plugin for WordPress is vulnerable to arbitrary
file dele ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2540 (Multiple plugins for WordPress are vulnerable to Stored
Cross-Site Scr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16d917b1020404fb5e2b537f0e3c9586171b1172
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16d917b1020404fb5e2b537f0e3c9586171b1172
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
