Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34ff1dd0 by Salvatore Bonaccorso at 2025-07-25T23:00:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-8197 (A global buffer overflow vulnerability was found
in the soup_head
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383525
TODO: check, clarify upstream status, details for libsoup2.4
CVE-2025-8183 (NULL Pointer Dereference in \xb5D3TN via non-singleton
destination End ...)
- TODO: check
+ NOT-FOR-US: ud3tn
CVE-2025-8168 (A vulnerability was found in D-Link DIR-513 1.10. It has been
rated as ...)
NOT-FOR-US: D-Link
CVE-2025-8167 (A vulnerability was found in code-projects Church Donation
System 1.0. ...)
@@ -13,13 +13,13 @@ CVE-2025-8166 (A vulnerability was found in code-projects
Church Donation System
CVE-2025-8165 (A vulnerability was found in code-projects Food Review System
1.0 and ...)
NOT-FOR-US: code-projects
CVE-2025-8164 (A vulnerability has been found in code-projects Public Chat
Room 1.0 a ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-8163 (A vulnerability, which was classified as critical, was found in
deerwm ...)
- TODO: check
+ NOT-FOR-US: deerwms deer-wms-2
CVE-2025-8162 (A vulnerability, which was classified as critical, has been
found in d ...)
- TODO: check
+ NOT-FOR-US: deerwms deer-wms-2
CVE-2025-8161 (A vulnerability classified as critical was found in deerwms
deer-wms-2 ...)
- TODO: check
+ NOT-FOR-US: deerwms deer-wms-2
CVE-2025-8160 (A vulnerability classified as critical has been found in Tenda
AC20 up ...)
NOT-FOR-US: Tenda
CVE-2025-8159 (A vulnerability was found in D-Link DIR-513 1.0. It has been
rated as ...)
@@ -39,11 +39,11 @@ CVE-2025-8139 (A vulnerability was found in TOTOLINK A702R
4.0.0-B20230721.1521.
CVE-2025-8138 (A vulnerability was found in TOTOLINK A702R
4.0.0-B20230721.1521 and c ...)
NOT-FOR-US: TOTOLINK
CVE-2025-5254 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Kron Technologies Kron PAM
CVE-2025-5253 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Kron Technologies Kron PAM
CVE-2025-54596 (Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before
2025-02-19 all ...)
- TODO: check
+ NOT-FOR-US: Abnormal Security (from Abnormal AI)
CVE-2025-52455 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce
Tableau ...)
NOT-FOR-US: Salesforce
CVE-2025-52454 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce
Tableau ...)
@@ -61,33 +61,33 @@ CVE-2025-52447 (Authorization Bypass Through
User-Controlled Key vulnerability i
CVE-2025-52446 (Authorization Bypass Through User-Controlled Key vulnerability
in Sale ...)
NOT-FOR-US: Salesforce
CVE-2025-52360 (A Cross-Site Scripting (XSS) vulnerability exists in the OPAC
search f ...)
- TODO: check
+ NOT-FOR-US: Koha Library Management System
CVE-2025-51411 (A reflected cross-site scripting (XSS) vulnerability exists in
Institu ...)
- TODO: check
+ NOT-FOR-US: Institute-of-Current-Students
CVE-2025-46199 (Cross Site Scripting vulnerability in grav v.1.7.48 and before
allows ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-46198 (Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47
and v.1. ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-45960 (Cross Site Scripting vulnerability in tawk.to Live Chat
v.1.6.1 allows ...)
- TODO: check
+ NOT-FOR-US: tawk.to Live Chat
CVE-2025-45939 (Apwide Golive 10.2.0 Jira plugin allows Server-Side Request
Forgery (S ...)
- TODO: check
+ NOT-FOR-US: Apwide Golive
CVE-2025-45893 (OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site
Scriptin ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2025-45892 (OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site
Scriptin ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2025-45777 (An issue in the OTP mechanism of Chavara Family Welfare Centre
Chavara ...)
- TODO: check
+ NOT-FOR-US: Chavara Family Welfare Centre Chavara Matrimony Site
CVE-2025-45467 (Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure
Permissions as ...)
- TODO: check
+ NOT-FOR-US: Unitree Go1
CVE-2025-45466 (Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access
Control ...)
- TODO: check
+ NOT-FOR-US: Unitree Go1
CVE-2025-45406 (A stored cross-site scripting (XSS) vulnerability in
CodeIgniter4 v4.6 ...)
TODO: check
CVE-2025-44608 (CloudClassroom-PHP Project v1.0 was discovered to contain a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: CloudClassroom-PHP Project
CVE-2025-43712 (JHipster before v.8.9.0 allows privilege escalation via a
modified aut ...)
- TODO: check
+ NOT-FOR-US: JHipster
CVE-2025-3873 (The following APIs for the Silcon Labs SiWx91x prior to vesion
3.4.0 f ...)
NOT-FOR-US: Silicon Labs
CVE-2025-3508 (Certain HP DesignJet products may be vulnerable to information
disclos ...)
@@ -226,65 +226,65 @@ CVE-2025-38431 (In the Linux kernel, the following
vulnerability has been resolv
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ff8abbd248c1f52df0c321690b88454b13ff54b2 (6.16-rc4)
CVE-2025-36728 (Cross-Site Request Forgery (CSRF) vulnerability in
Simplehelp.This iss ...)
- TODO: check
+ NOT-FOR-US: Simplehelp
CVE-2025-36727 (Inclusion of Functionality from Untrusted Control Sphere
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Simplehelp
CVE-2025-34139 (A vulnerability exists in SitecoreExperience Manager
(XM),Experience P ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2025-34138 (A vulnerability exists in SitecoreExperience Manager
(XM),Experience P ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2025-34136 (An SQL injection vulnerability exists in Commvault 11.32.0 -
11.32.93, ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2025-34114 (A client-side security misconfiguration vulnerability exists
in OpenBl ...)
- TODO: check
+ NOT-FOR-US: OpenBlow whistleblowing platform
CVE-2025-30135 (An issue was discovered on IROAD Dashcam FX2 devices. Dumping
Files Ov ...)
- TODO: check
+ NOT-FOR-US: IROAD Dashcam FX2 devices
CVE-2025-30086 (CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4
allows infor ...)
TODO: check
CVE-2025-2329 (In high traffic environments, a Silicon Labs OpenThread RCP
(see impac ...)
NOT-FOR-US: Silicon Labs
CVE-2025-29631 (An issue in Gardyn 4 allows a remote attacker execute
arbitrary code)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2025-29630 (An issue in Gardyn 4 allows a remote attacker with the
corresponding s ...)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2025-29629 (An issue in Gardyn 4 allows a remote attacker to obtain
sensitive info ...)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2025-29628 (An issue in Gardyn 4 allows a remote attacker to obtain
sensitive info ...)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2024-48730 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows
a remote ...)
- TODO: check
+ NOT-FOR-US: ETSI Open-Source MANO (OSM)
CVE-2024-48729 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows
a remote ...)
- TODO: check
+ NOT-FOR-US: ETSI Open-Source MANO (OSM)
CVE-2024-13976 (A DLL injection vulnerability exists in Commvault for Windows
11.20.0, ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2024-13975 (A local privilege escalation vulnerability exists in Commvault
for Win ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2023-7306 (The Frontend File Manager Plugin plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2023-53155 (goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection
via the ...)
- TODO: check
+ NOT-FOR-US: EmbedThis GoAhead
CVE-2022-4979 (A cross-site scripting (XSS) vulnerability exists in Sitecore
Experien ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2020-36850 (An information disclosure vulnerability exits in Sitecore JSS
React Sa ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2016-15046 (A client-side remote code execution vulnerability exists in
Samsung Se ...)
- TODO: check
+ NOT-FOR-US: Samsung Security Manager
CVE-2015-10142 (Sitecore Experience Platform (XP) prior to 8.0 Initial Release
(rev. 1 ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2014-125119 (A filename spoofing vulnerability exists in WinRAR when
opening specia ...)
TODO: check
CVE-2014-125118 (A command injection vulnerability exists in the eScan Web
Management C ...)
- TODO: check
+ NOT-FOR-US: eScan Web Management Console
CVE-2014-125117 (A stack-based buffer overflow vulnerability in the my_cgi.cgi
componen ...)
NOT-FOR-US: D-Link
CVE-2014-125116 (A remote code execution vulnerability exists in HybridAuth
versions 2. ...)
- TODO: check
+ NOT-FOR-US: HybridAuth
CVE-2014-125115 (An unauthenticated SQL injection vulnerability exists in
Pandora FMS v ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2014-125114 (A stack-based buffer overflow vulnerability exists in i-Ftp
version 2. ...)
- TODO: check
+ NOT-FOR-US: i-Ftp
CVE-2013-10032 (An authenticated remote code execution vulnerability exists in
GetSimp ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2025-38430 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.35-1
NOTE:
https://git.kernel.org/linus/1244f0b2c3cecd3f349a877006e67c9492b41807 (6.16-rc1)
@@ -621,7 +621,7 @@ CVE-2025-54379 (LF Edge eKuiper is a lightweight IoT data
analytics and stream p
CVE-2025-54369
REJECTED
CVE-2025-53940 (Quiet is an alternative to team chat apps like Slack, Discord,
and Ele ...)
- TODO: check
+ NOT-FOR-US: Quiet
CVE-2025-3614 (The ElementsKit Elementor Addons and Templates plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2025-32429 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
@@ -809,7 +809,7 @@ CVE-2025-1299 (An issue has been discovered in GitLab CE/EE
affecting all versio
CVE-2025-0765 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2016-15044 (A remote code execution vulnerability exists in Kaltura
versions prior ...)
- TODO: check
+ NOT-FOR-US: Kaltura
CVE-2025-8070 (The Windows service configuration of ABP and AES contains an
unquoted ...)
NOT-FOR-US: Asustor
CVE-2025-8069 (During the AWS Client VPN client installation on Windows
devices, the ...)
@@ -823,7 +823,7 @@ CVE-2025-8058 (The regcomp function in the GNU C library
version from 2.4 to 2.4
NOTE: Inroduced with:
https://sourceware.org/git/?p=glibc.git;a=commit;h=963d8d782fc98fb6dc3a66f0068795f9920c269d
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=7ea06e994093fa0bcca0d0ee2c1db271d8d7885d
CVE-2025-8022 (Versions of the package bun after 0.0.12 are vulnerable to
Improper Ne ...)
- TODO: check
+ NOT-FOR-US: bun
CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable
to Dire ...)
NOT-FOR-US: files-bucket-server Node.js module
CVE-2025-8020 (All versions of the package private-ip are vulnerable to
Server-Side R ...)
@@ -956,7 +956,7 @@ CVE-2025-46171 (vBulletin 3.8.7 is vulnerable to a
denial-of-service condition v
CVE-2025-46099 (In Pluck CMS 4.7.20-dev, an authenticated attacker can upload
or creat ...)
NOT-FOR-US: Pluck CMS
CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to
redirect vict ...)
- TODO: check
+ NOT-FOR-US: Pinokio
CVE-2025-43881 (Improper validation of specified quantity in input issue
exists in Rea ...)
NOT-FOR-US: Real-time Bus Tracking System
CVE-2025-43489 (A potential security vulnerability has been identified in the
Poly Cla ...)
@@ -1032,7 +1032,7 @@ CVE-2024-40686 (IBM SmartCloud Analytics - Log Analysis
1.3.7.0, 1.3.7.1, 1.3.7.
CVE-2024-40682 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
NOT-FOR-US: IBM
CVE-2024-12310 (A vulnerability in Imprivata Enterprise Access
Management(formerly Imp ...)
- TODO: check
+ NOT-FOR-US: Imprivata Enterprise Access Management
CVE-2022-4978 (Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows
unauth ...)
NOT-FOR-US: Steppschuh
CVE-2018-25114 (A remote code execution vulnerability exists within osCommerce
Online ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34ff1dd012ad17ce239245176fd506af3af6a309
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34ff1dd012ad17ce239245176fd506af3af6a309
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
