Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e764e170 by Salvatore Bonaccorso at 2025-07-21T22:35:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -258,33 +258,33 @@ CVE-2025-54121 (Starlette is a lightweight ASGI
(Asynchronous Server Gateway Int
CVE-2025-54082 (marshmallow-packages/nova-tiptap is a rich text editor for
Laravel Nov ...)
TODO: check
CVE-2025-54071 (RomM (ROM Manager) allows users to scan, enrich, browse and
play their ...)
- TODO: check
+ NOT-FOR-US: RomM
CVE-2025-52575 (EspoCRM is an Open Source CRM (Customer Relationship
Management) softw ...)
NOT-FOR-US: EspoCRM
CVE-2025-52374 (Use of hardcoded cryptographic key in Encryption.cs in
hMailServer 5.8 ...)
- TODO: check
+ NOT-FOR-US: hMailServer
CVE-2025-52373 (Use of hardcoded cryptographic key in BlowFish.cpp in
hMailServer 5.8. ...)
- TODO: check
+ NOT-FOR-US: hMailServer
CVE-2025-52372 (An issue in hMailServer v.5.8.6 allows a local attacker to
obtain sens ...)
- TODO: check
+ NOT-FOR-US: hMailServer
CVE-2025-52362 (Server-Side Request Forgery (SSRF) vulnerability exists in the
URL pro ...)
- TODO: check
+ NOT-FOR-US: PHProxy
CVE-2025-51869 (Insecure Direct Object Reference (IDOR) vulnerability in Liner
thru 20 ...)
- TODO: check
+ NOT-FOR-US: Liner
CVE-2025-51868 (Insecure Direct Object Reference (IDOR) vulnerability in Dippy
(chat.d ...)
- TODO: check
+ NOT-FOR-US: Dippy
CVE-2025-51403 (A stored cross-site scripting (XSS) vulnerability in the
department as ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2025-51401 (A stored cross-site scripting (XSS) vulnerability in the chat
transfer ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2025-51400 (A stored cross-site scripting (XSS) vulnerability in the
Personal Cann ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2025-51398 (A stored cross-site scripting (XSS) vulnerability in the
Facebook regi ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2025-51397 (A stored cross-site scripting (XSS) vulnerability in the
Facebook Chat ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2025-51396 (A stored cross-site scripting (XSS) vulnerability in Live
Helper Chat ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2025-50151 (File access paths in configuration files uploaded by users
with admini ...)
TODO: check
CVE-2025-4130 (Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO
Pay allo ...)
@@ -294,33 +294,33 @@ CVE-2025-4129 (Authorization Bypass Through
User-Controlled Key vulnerability in
CVE-2025-4040 (Authorization Bypass Through User-Controlled Key vulnerability
in Turp ...)
TODO: check
CVE-2025-49656 (Users with administrator access can create databases files
outside the ...)
- TODO: check
+ NOT-FOR-US: Fuseki
CVE-2025-46123 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-46122 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-46121 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-46120 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.14. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-46119 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-46118 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-46117 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-46116 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-44658 (In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration
vulnerability ...)
NOT-FOR-US: Netgear
CVE-2025-44657 (In Linksys EA6350 V2.1.2, the chroot_local_user option is
enabled in t ...)
NOT-FOR-US: Linksys
CVE-2025-44655 (In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the
chroot_local_ ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-44654 (In Linksys E2500 3.0.04.002, the chroot_local_user option is
enabled i ...)
NOT-FOR-US: Linksys
CVE-2025-44653 (In H3C GR2200 MiniGR1A0V100R016, the USERLIMIT_GLOBAL option
is set to ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2025-44652 (In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is
set to 0 ...)
NOT-FOR-US: Netgear
CVE-2025-44651 (In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is
set to 0 i ...)
@@ -332,11 +332,11 @@ CVE-2025-44649 (In the configuration file of racoon in
the TRENDnet TEW-WLC100P
CVE-2025-44647 (In TRENDnet TEW-WLC100P 2.03b03, the
i_dont_care_about_security_and_us ...)
NOT-FOR-US: TRENDnet
CVE-2025-43977 (The com.skt.prod.dialer application through 12.5.0 for Android
enables ...)
- TODO: check
+ NOT-FOR-US: com.skt.prod.dialer
CVE-2025-43976 (The com.enflick.android.tn2ndLine application through
24.17.1.0 for An ...)
- TODO: check
+ NOT-FOR-US: com.enflick.android.tn2ndLine application
CVE-2025-43720 (Headwind MDM before 5.33.1 makes configuration details
accessible to u ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM
CVE-2025-41681 (A high privileged remote attacker can gain persistent XSS via
POST req ...)
TODO: check
CVE-2025-41679 (An unauthenticated remote attacker could exploit a buffer
overflow vul ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e764e170a454656e8f98c8e32a0c9a5e41233e27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e764e170a454656e8f98c8e32a0c9a5e41233e27
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
