Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1fcfcc7b by Salvatore Bonaccorso at 2025-07-23T23:05:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2025-8021 (All versions of the package
files-bucket-server are vulnerable to
CVE-2025-8020 (All versions of the package private-ip are vulnerable to
Server-Side R ...)
TODO: check
CVE-2025-7766 (LantronixProvisioning Manager is vulnerable to XML external
entity att ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2025-7724 (An unauthenticated OS command injection vulnerability existsin
VIGI NV ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-7723 (A command injection vulnerability exists that can be exploited
after a ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-7722 (The Social Streams plugin for WordPress is vulnerable to
privilege esc ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6261 (The Fleetwire Fleet Management plugin for WordPress is
vulnerable to S ...)
@@ -39,41 +39,41 @@ CVE-2025-5818 (The Featured Image Plus \u2013 Quick & Bulk
Edit with Unsplash pl
CVE-2025-5753 (The Valuation Calculator plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-54455 (Use of Hard-coded Credentials vulnerability in Samsung
Electronics Mag ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54454 (Use of Hard-coded Credentials vulnerability in Samsung
Electronics Mag ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54453 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54452 (Improper Authentication vulnerability in Samsung Electronics
MagicINFO ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54451 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54450 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54449 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54448 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54447 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54446 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54445 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54444 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54443 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54442 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54441 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54440 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54439 (Unrestricted Upload of File with Dangerous Type vulnerability
in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54438 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54297 (A stored XSS vulnerability in CComment component 5.0.0-6.1.14
for Joom ...)
NOT-FOR-US: Joomla
CVE-2025-54296 (A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for
Joomla ...)
@@ -87,25 +87,25 @@ CVE-2025-54141 (ViewVC is a browser interface for CVS and
Subversion version con
CVE-2025-54140 (pyLoad is a free and open-source Download Manager written in
pure Pyth ...)
TODO: check
CVE-2025-54139 (HAX CMS allows users to manage their microsite universe with a
NodeJS ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54138 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2025-54137 (HAX CMS NodeJS allows users to manage their microsite universe
with a ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54120 (PCL (Plain Craft Launcher) Community Edition is a Minecraft
launcher. ...)
- TODO: check
+ NOT-FOR-US: PCL (Plain Craft Launcher) Minecraft launcher
CVE-2025-54072 (yt-dlp is a feature-rich command-line audio/video downloader.
In versi ...)
TODO: check
CVE-2025-53882 (A Reliance on Untrusted Inputs in a Security Decision
vulnerability in ...)
TODO: check
CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data
without enc ...)
- TODO: check
+ NOT-FOR-US: DuraComm
CVE-2025-53538 (Suricata is a network IDS, IPS and NSM engine developed by the
OISF (O ...)
TODO: check
CVE-2025-51462 (Stored Cross-site Scripting (XSS) vulnerability in
api.apps.dialog_app ...)
- TODO: check
+ NOT-FOR-US: RAGFlow
CVE-2025-50481 (A cross-site scripting (XSS) vulnerability in the component
/blog/blog ...)
- TODO: check
+ NOT-FOR-US: Mezzanine CMS
CVE-2025-50477 (A URL redirection in lbry-desktop v0.53.9 allows attackers to
redirect ...)
TODO: check
CVE-2025-50127 (A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla
was disc ...)
@@ -115,23 +115,23 @@ CVE-2025-4700 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2025-4439 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2025-4411 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Dataprom Informatics PACS-ACSS
CVE-2025-4296 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in H ...)
- TODO: check
+ NOT-FOR-US: HotelRunner B2B
CVE-2025-48733 (DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a
function ...)
- TODO: check
+ NOT-FOR-US: DuraComm
CVE-2025-47187 (A vulnerability in the Mitel 6800 Series, 6900 Series, and
6900w Serie ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2025-46686 (Redis through 7.4.3 allows memory consumption via a multi-bulk
command ...)
TODO: check
CVE-2025-46171 (vBulletin 3.8.7 is vulnerable to a denial-of-service condition
via the ...)
NOT-FOR-US: vBulletin
CVE-2025-46099 (In Pluck CMS 4.7.20-dev, an authenticated attacker can upload
or creat ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to
redirect vict ...)
TODO: check
CVE-2025-43881 (Improper validation of specified quantity in input issue
exists in Rea ...)
- TODO: check
+ NOT-FOR-US: Real-time Bus Tracking System
CVE-2025-43489 (A potential security vulnerability has been identified in the
Poly Cla ...)
NOT-FOR-US: HP
CVE-2025-43488 (A potential security vulnerability has been identified in the
Poly Cla ...)
@@ -155,13 +155,13 @@ CVE-2025-43020 (A potential command injection
vulnerability has been identified
CVE-2025-42947 (SAP FICA ODN framework allows a high privileged user to inject
value i ...)
NOT-FOR-US: SAP
CVE-2025-41687 (An unauthenticated remote attacker may use a stack based
buffer overfl ...)
- TODO: check
+ NOT-FOR-US: Weidmueller Interface GmbH & Co. KG
CVE-2025-41684 (An authenticated remote attacker can execute arbitrary
commands with r ...)
- TODO: check
+ NOT-FOR-US: Weidmueller Interface GmbH & Co. KG
CVE-2025-41683 (An authenticated remote attacker can execute arbitrary
commands with r ...)
- TODO: check
+ NOT-FOR-US: Weidmueller Interface GmbH & Co. KG
CVE-2025-41425 (DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a
cross-site script ...)
- TODO: check
+ NOT-FOR-US: DuraComm
CVE-2025-40599 (An authenticated arbitrary file upload vulnerability exists in
the SMA ...)
NOT-FOR-US: SonicWall
CVE-2025-40598 (A Reflected cross-site scripting (XSS) vulnerability exists in
the SMA ...)
@@ -181,9 +181,9 @@ CVE-2025-33076 (IBM Engineering Systems Design Rhapsody
9.0.2, 10.0, and 10.0.1
CVE-2025-33020 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and
10.0.1 transm ...)
NOT-FOR-US: IBM
CVE-2025-31701 (A vulnerability has been found in Dahua products. Attackers
could exp ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2025-31700 (A vulnerability has been found in Dahua products. Attackers
could exp ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2025-2634 (Out of bounds read vulnerability due to improper bounds
checking in NI ...)
NOT-FOR-US: National Instruments
CVE-2025-2633 (Out of bounds read vulnerability due to improper bounds
checking in NI ...)
@@ -207,9 +207,9 @@ CVE-2024-40682 (IBM SmartCloud Analytics - Log Analysis
1.3.7.0, 1.3.7.1, 1.3.7.
CVE-2024-12310 (A vulnerability in Imprivata Enterprise Access
Management(formerly Imp ...)
TODO: check
CVE-2022-4978 (Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows
unauth ...)
- TODO: check
+ NOT-FOR-US: Steppschuh
CVE-2018-25114 (A remote code execution vulnerability exists within osCommerce
Online ...)
- TODO: check
+ NOT-FOR-US: osCommerce Online Merchant
CVE-2018-25113 (An unauthenticated path traversal vulnerability exists in
Dicoogle PAC ...)
TODO: check
CVE-2017-20198 (The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users
to deplo ...)
@@ -494,25 +494,25 @@ CVE-2025-46354 (A denial of service vulnerability exists
in the Distributed Tran
CVE-2025-46267 (Hidden functionality issue exists in WRC-BE36QS-B and
WRC-W701-B. If e ...)
NOT-FOR-US: Elecom
CVE-2025-36520 (A null pointer dereference vulnerability exists in the
net_connectmsg ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-36512 (A denial of service vulnerability exists in the Bloomberg
Comdb2 8.1 d ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-35966 (A null pointer dereference vulnerability exists in the
CDB2SQLQUERY pr ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-34143 (An authentication bypass vulnerability exists in ETQ Reliance
on the C ...)
- TODO: check
+ NOT-FOR-US: ETQ Reliance
CVE-2025-34142 (An XML External Entity (XXE) injection vulnerability exists in
ETQ Rel ...)
- TODO: check
+ NOT-FOR-US: ETQ Reliance
CVE-2025-34141 (A reflected cross-site scripting (XSS) vulnerability exists in
ETQ Rel ...)
- TODO: check
+ NOT-FOR-US: ETQ Reliance
CVE-2025-34140 (An authorization bypass vulnerability exists in ETQ Reliance
(legacy C ...)
- TODO: check
+ NOT-FOR-US: ETQ Reliance
CVE-2025-31513 (An issue was discovered in AlertEnterprise Guardian
4.1.14.2.2.1. One ...)
- TODO: check
+ NOT-FOR-US: AlertEnterprise Guardian
CVE-2025-31512 (An issue was discovered in AlertEnterprise Guardian
4.1.14.2.2.1. One ...)
- TODO: check
+ NOT-FOR-US: AlertEnterprise Guardian
CVE-2025-31511 (An issue was discovered in AlertEnterprise Guardian
4.1.14.2.2.1. One ...)
- TODO: check
+ NOT-FOR-US: AlertEnterprise Guardian
CVE-2024-38335 (IBM Security QRadar Network Threat Analytics 1.0.0 through
1.3.1 could ...)
NOT-FOR-US: IBM
CVE-2015-10140 (The Ajax Load More plugin before 2.8.1.2 does not have
authorisation i ...)
@@ -815,11 +815,11 @@ CVE-2025-50151 (File access paths in configuration files
uploaded by users with
- apache-jena <unfixed>
NOTE: https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss
CVE-2025-4130 (Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO
Pay allo ...)
- TODO: check
+ NOT-FOR-US: PAVO
CVE-2025-4129 (Authorization Bypass Through User-Controlled Key vulnerability
in PAVO ...)
- TODO: check
+ NOT-FOR-US: PAVO
CVE-2025-4040 (Authorization Bypass Through User-Controlled Key vulnerability
in Turp ...)
- TODO: check
+ NOT-FOR-US: Turpak Automatic Station Monitoring System
CVE-2025-49656 (Users with administrator access can create databases files
outside the ...)
NOT-FOR-US: Fuseki
CVE-2025-46123 (An issue was discovered in CommScope Ruckus Unleashed prior to
200.15. ...)
@@ -865,31 +865,31 @@ CVE-2025-43976 (The com.enflick.android.tn2ndLine
application through 24.17.1.0
CVE-2025-43720 (Headwind MDM before 5.33.1 makes configuration details
accessible to u ...)
NOT-FOR-US: Headwind MDM
CVE-2025-41681 (A high privileged remote attacker can gain persistent XSS via
POST req ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41679 (An unauthenticated remote attacker could exploit a buffer
overflow vul ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41678 (A high privileged remote attacker can alter the configuration
database ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41677 (A high privileged remote attacker can exhaust critical system
resource ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41676 (A high privileged remote attacker can exhaust critical system
resource ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41675 (A high privileged remote attacker can execute arbitrary system
command ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41674 (A high privileged remote attacker can execute arbitrary system
command ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41673 (A high privileged remote attacker can execute arbitrary system
command ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41459 (Insufficient protection against brute-force and runtime
manipulation i ...)
- TODO: check
+ NOT-FOR-US: Two App Studio Journey
CVE-2025-41458 (Unencrypted storage in the database in Two App Studio Journey
v5.5.9 f ...)
- TODO: check
+ NOT-FOR-US: Two App Studio Journey
CVE-2025-41100 (Incorrect authentication vulnerability in ParkingDoor. Through
this vu ...)
- TODO: check
+ NOT-FOR-US: ParkingDoor
CVE-2025-36846 (An issue was discovered in Eveo URVE Web Manager 27.02.2025.
The appli ...)
- TODO: check
+ NOT-FOR-US: Eveo URVE Web Manager
CVE-2025-36845 (An issue was discovered in Eveo URVE Web Manager 27.02.2025.
The endpo ...)
- TODO: check
+ NOT-FOR-US: Eveo URVE Web Manager
CVE-2025-36603 (Dell AppSync, version(s) 4.6.0.0, contains an Improper
Restriction of ...)
NOT-FOR-US: Dell / EMC
CVE-2025-36107 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could
allow mal ...)
@@ -907,17 +907,17 @@ CVE-2025-30477 (Dell PowerScale OneFS, versions prior to
9.11.0.0, contains a us
CVE-2025-30192 (An attacker spoofing answers to ECS enabled requests sent out
by the R ...)
TODO: check
CVE-2025-2301 (Authorization Bypass Through User-Controlled Key vulnerability
in Akbi ...)
- TODO: check
+ NOT-FOR-US: Akbim Software Online Exam Registration
CVE-2025-1469 (Authorization Bypass Through User-Controlled Key vulnerability
in Turt ...)
- TODO: check
+ NOT-FOR-US: Turtek Software Eyotek
CVE-2024-6107 (Due to insufficient verification, an attacker could use a
malicious cl ...)
TODO: check
CVE-2024-55040 (Cross Site Scripting vulnerability in Sensaphone WEB600
Monitoring Sys ...)
- TODO: check
+ NOT-FOR-US: Sensaphone WEB600 Monitoring System
CVE-2024-13974 (A business logic vulnerability in the Up2Date component of
Sophos Fire ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2024-13973 (A post-auth SQL injection vulnerability in WebAdmin of Sophos
Firewall ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2025-7921 (Certain modem models developed by Askey has a Stack-based
Buffer Overf ...)
NOT-FOR-US: Askey
CVE-2025-7920 (WinMatrix3 Web package developed by Simopro Technology has a
Reflected ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fcfcc7b6478be4cfdb5eb87a067b13edac7289d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fcfcc7b6478be4cfdb5eb87a067b13edac7289d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
