Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca2d280f by Moritz Muehlenhoff at 2025-07-11T10:04:32+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2025-53862
+ NOT-FOR-US: Ansible Automation Platform
+CVE-2025-53861
+ NOT-FOR-US: Ansible Automation Platform
CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype,
flags are ...)
- libxslt <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379274
@@ -53,11 +57,11 @@ CVE-2025-53629 (cpp-httplib is a C++11 single-file
header-only cross platform HT
CVE-2025-53628 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
TODO: check
CVE-2025-53626 (pdfme is a TypeScript-based PDF generator and React-based UI.
The expr ...)
- TODO: check
+ NOT-FOR-US: pdfme
CVE-2025-53625 (The DynamicPageList3 extension is a reporting tool for
MediaWiki, list ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension DynamicPageList3
CVE-2025-53549 (The Matrix Rust SDK is a collection of libraries that make it
easier t ...)
- TODO: check
+ NOT-FOR-US: matrix-sdk Rust crate
CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command
injection vulne ...)
TODO: check
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache
Tomcat if an ...)
@@ -73,7 +77,7 @@ CVE-2025-53503 (Trend Micro Cleaner One Pro is vulnerable to
a Privilege Escalat
CVE-2025-53378 (A missing authentication vulnerability in Trend Micro
Worry-Free Busin ...)
NOT-FOR-US: Trend Micro
CVE-2025-53371 (DiscordNotifications is an extension for MediaWiki that sends
notifica ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension DiscordNotifications
CVE-2025-53364 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2025-53020 (Late Release of Memory after Effective Lifetime vulnerability
in Apach ...)
@@ -114,7 +118,7 @@ CVE-2025-49463 (Insufficient control flow management in
certain Zoom Clients for
CVE-2025-49462 (Cross-site scripting in certain Zoom Clients before version
6.4.5 may ...)
NOT-FOR-US: Zoom
CVE-2025-47813 (loginok.html in Wing FTP Server before 7.4.4 discloses the
full local ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2025-47812 (In Wing FTP Server before 7.4.4. the user and admin web
interfaces mis ...)
NOT-FOR-US: Wing FTP Server
CVE-2025-47811 (In Wing FTP Server through 7.4.4, the administrative web
interface (li ...)
@@ -124,7 +128,7 @@ CVE-2025-46789 (Classic buffer overflow in certain Zoom
Clients for Windows may
CVE-2025-46788 (Improper certificate validation in Zoom Workplace for Linux
before ver ...)
NOT-FOR-US: Zoom
CVE-2025-45662 (A cross-site scripting (XSS) vulnerability in the component
/master/lo ...)
- TODO: check
+ NOT-FOR-US: mpgram-web
CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in
cleartext duri ...)
NOT-FOR-US: Ecovacs
CVE-2025-3396 (An issue has been discovered in GitLab EE affecting all
versions from ...)
@@ -132,9 +136,9 @@ CVE-2025-3396 (An issue has been discovered in GitLab EE
affecting all versions
CVE-2025-36090 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a
remote ...)
NOT-FOR-US: IBM
CVE-2025-34102 (A remote code execution vulnerability exists in CryptoLog (PHP
version ...)
- TODO: check
+ NOT-FOR-US: CryptoLog
CVE-2025-34101 (An unauthenticated command injection vulnerability exists in
Serviio M ...)
- TODO: check
+ NOT-FOR-US: Serviio Media Server
CVE-2025-34100 (An unrestricted file upload vulnerability exists in
BuilderEngine 3.5. ...)
TODO: check
CVE-2025-34099 (An unauthenticated command injection vulnerability exists in
VICIdial ...)
@@ -152,13 +156,13 @@ CVE-2025-34093 (An authenticated command injection
vulnerability exists in the P
CVE-2025-2520 (The Honeywell Experion PKS contains an Uninitialized Variable
in the c ...)
NOT-FOR-US: Honeywell
CVE-2025-28245 (Cross-site scripting (XSS) vulnerability in Alteryx Server
2023.1.1.46 ...)
- TODO: check
+ NOT-FOR-US: Alteryx Server
CVE-2025-28244 (Insecure Permissions vulnerability in the Local Storage in
Alteryx Ser ...)
- TODO: check
+ NOT-FOR-US: Alteryx Server
CVE-2025-28243 (An issue in Alteryx Server v.2023.1.1.460 allows HTML
injection via a ...)
- TODO: check
+ NOT-FOR-US: Alteryx Server
CVE-2025-27889 (Wing FTP Server before 7.4.4 does not properly validate and
sanitize t ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2025-23048 (In some mod_ssl configurations on Apache HTTP Server 2.4.35
through to ...)
- apache2 <unfixed>
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-23048
@@ -184,7 +188,7 @@ CVE-2024-38327 (IBM Analytics Content Hub 2.0, 2.1, 2.2,
and 2.3 is vulnerable t
CVE-2024-37524 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a
remote ...)
NOT-FOR-US: IBM
CVE-2024-36697 (A cross-site scripting (XSS) vulnerability in the Admin Login
page of ...)
- TODO: check
+ NOT-FOR-US: Allworx System Software
CVE-2025-38348 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.12.35-1
NOTE:
https://git.kernel.org/linus/da1b9a55ff116cb040528ef664c70a4eec03ae99 (6.16-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca2d280f43f97ea510aaf66ed4e637ce67dade1e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca2d280f43f97ea510aaf66ed4e637ce67dade1e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
