Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50e069c7 by Salvatore Bonaccorso at 2025-07-21T14:26:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2025-7921 (Certain modem models developed by Askey has a Stack-based
Buffer Overf ...)
- TODO: check
+ NOT-FOR-US: Askey
CVE-2025-7920 (WinMatrix3 Web package developed by Simopro Technology has a
Reflected ...)
- TODO: check
+ NOT-FOR-US: Simopro Technology
CVE-2025-7919 (WinMatrix3 Web package developed by Simopro Technology has a
SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Simopro Technology
CVE-2025-7918 (WinMatrix3 Web package developed by Simopro Technology has a
SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Simopro Technology
CVE-2025-7917 (WinMatrix3 Web package developed by Simopro Technology has an
Arbitrar ...)
- TODO: check
+ NOT-FOR-US: Simopro Technology
CVE-2025-7916 (WinMatrix3 developed by Simopro Technology has an Insecure
Deserializa ...)
- TODO: check
+ NOT-FOR-US: Simopro Technology
CVE-2025-7915 (A vulnerability was found in Chanjet CRM 1.0 and classified as
critica ...)
- TODO: check
+ NOT-FOR-US: Chanjet CRM
CVE-2025-7914 (A vulnerability has been found in Tenda AC6 15.03.06.50 and
classified ...)
NOT-FOR-US: Tenda
CVE-2025-7913 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-7912 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-7911 (A vulnerability classified as critical was found in D-Link
DI-8100 1.0 ...)
NOT-FOR-US: D-Link
CVE-2025-7910 (A vulnerability classified as critical has been found in D-Link
DIR-51 ...)
@@ -27,21 +27,21 @@ CVE-2025-7909 (A vulnerability was found in D-Link DIR-513
1.0. It has been rate
CVE-2025-7908 (A vulnerability was found in D-Link DI-8100 1.0. It has been
declared ...)
NOT-FOR-US: D-Link
CVE-2025-7907 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1.
It has b ...)
- TODO: check
+ NOT-FOR-US: yangzongzhuan RuoYi
CVE-2025-7369 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7354 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7344 (The EAI developed by Digiwin has a Privilege Escalation
vulnerability, ...)
- TODO: check
+ NOT-FOR-US: Digiwin
CVE-2025-7343 (The SFT developed by Digiwin has a SQL Injection vulnerability,
allowi ...)
- TODO: check
+ NOT-FOR-US: Digiwin
CVE-2025-54352 (WordPress 3.5 through 6.8.2 allows remote attackers to guess
titles of ...)
TODO: check
CVE-2025-54319 (An issue was discovered in Westermo WeOS 5 (5.24 through
5.24.4). A th ...)
- TODO: check
+ NOT-FOR-US: Westermo WeOS
CVE-2025-53771 (Improper limitation of a pathname to a restricted directory
('path tra ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-4685 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for
Gutenberg ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4570 (An insecure sensitive key storage issue was found in
MyASUS.potentiall ...)
@@ -49,7 +49,7 @@ CVE-2025-4570 (An insecure sensitive key storage issue was
found in MyASUS.poten
CVE-2025-4569 (An insecure sensitive key storage issue was found in
MyASUS.potentiall ...)
NOT-FOR-US: ASUS
CVE-2025-4049 (Use of hard-coded, the same among all vulnerable installations
SQLite ...)
- TODO: check
+ NOT-FOR-US: SIGNUM-NET FARA
CVE-2025-24938 (The web application allows user input to pass unfiltered to a
command ...)
NOT-FOR-US: Nokia
CVE-2025-24937 (File contents could be read from the local file system by an
attacker. ...)
@@ -57,7 +57,7 @@ CVE-2025-24937 (File contents could be read from the local
file system by an att
CVE-2025-24936 (The web application allows user input to pass unfiltered to a
command ...)
NOT-FOR-US: Nokia
CVE-2025-0664 (A locally authenticated, privileged user can craft a malicious
OpenSSL ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2025-7906 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1
and class ...)
NOT-FOR-US: yangzongzhuan RuoYi
CVE-2025-7905 (A vulnerability has been found in itsourcecode Insurance
Management Sy ...)
@@ -117,13 +117,13 @@ CVE-2025-54317 (An issue was discovered in Logpoint
before 7.6.0. An attacker wi
CVE-2025-54316 (An issue was discovered in Logpoint before 7.6.0. When
creating report ...)
NOT-FOR-US: Logpoint
CVE-2025-46385 (CWE-918 Server-Side Request Forgery (SSRF))
- TODO: check
+ NOT-FOR-US: Emby Windows
CVE-2025-46384 (CWE-434 Unrestricted Upload of File with Dangerous Type)
- TODO: check
+ NOT-FOR-US: Emby Windows
CVE-2025-46383 (CWE-79 Improper Neutralization of Input During Web Page
Generation (XS ...)
- TODO: check
+ NOT-FOR-US: Emby Windows
CVE-2025-46382 (CWE-200 Exposure of Sensitive Information to an Unauthorized
Actor)
- TODO: check
+ NOT-FOR-US: CyberArk IDP
CVE-2025-7738
NOT-FOR-US: Ansible Automation Platform
CVE-2025-7877 (A vulnerability, which was classified as critical, has been
found in M ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50e069c7af531ce54ca7d7531c64d5ada68eab1c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50e069c7af531ce54ca7d7531c64d5ada68eab1c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
