Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e6f4e2e by Salvatore Bonaccorso at 2025-08-05T22:33:15+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,15 +5,15 @@ CVE-2025-8585 (A vulnerability, which was classified as
critical, has been found
CVE-2025-8584 (A vulnerability classified as problematic was found in libav up
to 12. ...)
TODO: check
CVE-2025-8555 (A vulnerability, which was classified as problematic, was found
in atj ...)
- TODO: check
+ NOT-FOR-US: atjiu pybbs
CVE-2025-8554 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: atjiu pybbs
CVE-2025-8553 (A vulnerability classified as problematic was found in atjiu
pybbs up ...)
- TODO: check
+ NOT-FOR-US: atjiu pybbs
CVE-2025-8552 (A vulnerability classified as problematic has been found in
atjiu pybb ...)
- TODO: check
+ NOT-FOR-US: atjiu pybbs
CVE-2025-7674 (Improper Input Validation vulnerability in Roche Diagnostics
navify Mo ...)
- TODO: check
+ NOT-FOR-US: Roche Diagnostics navify Monitoring
CVE-2025-7033 (A memory abuse issue exists in the Rockwell Automation
Arena\xae Simul ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-7032 (A memory abuse issue exists in the Rockwell Automation
Arena\xae Simul ...)
@@ -29,67 +29,67 @@ CVE-2025-54254 (Adobe Experience Manager versions 6.5.23
and earlier are affecte
CVE-2025-54253 (Adobe Experience Manager versions 6.5.23 and earlier are
affected by a ...)
NOT-FOR-US: Adobe
CVE-2025-52078 (File upload vulnerability in Writebot AI Content Generator
SaaS React ...)
- TODO: check
+ NOT-FOR-US: Writebot
CVE-2025-51857 (The reconcile method in the AttachmentReconciler class of the
Halo sys ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2025-51628 (Insecure Direct Object Reference (IDOR) vulnerability in
PdfHandler co ...)
- TODO: check
+ NOT-FOR-US: Agenzia Impresa Eccobook
CVE-2025-51627 (Incorrect access control in CaricaVerbale in Agenzia Impresa
Eccobook ...)
- TODO: check
+ NOT-FOR-US: Agenzia Impresa Eccobook
CVE-2025-51541 (A stored cross-site scripting (XSS) vulnerability exists in
the Shopwa ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2025-51060 (An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker
can use ...)
TODO: check
CVE-2025-50707 (An issue in thinkphp3 v.3.2.5 allows a remote attacker to
execute arbi ...)
- TODO: check
+ NOT-FOR-US: thinkphp
CVE-2025-50706 (An issue in thinkphp v.5.1 allows a remote attacker to execute
arbitra ...)
- TODO: check
+ NOT-FOR-US: thinkphp
CVE-2025-50688 (A command injection vulnerability exists in TwistedWeb
(version 14.0.0 ...)
- TODO: check
+ NOT-FOR-US: TwistedWeb
CVE-2025-50592 (Cross site scripting vulnerability in seacms before 13.2 via
the vid p ...)
- TODO: check
+ NOT-FOR-US: seacms
CVE-2025-50454 (An Authentication Bypass vulnerability in Blue Access' Cobalt
X1 thru ...)
- TODO: check
+ NOT-FOR-US: Blue Access
CVE-2025-47152 (An out-of-bounds read vulnerability exists in the EMF
functionality of ...)
NOT-FOR-US: PDF-XChange
CVE-2025-46958 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
NOT-FOR-US: Adobe
CVE-2025-46658 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut
21.6. T ...)
- TODO: check
+ NOT-FOR-US: 4C Strategies Exonaut
CVE-2025-45512 (A lack of signature verification in the bootloader of DENX
Software En ...)
TODO: check
CVE-2025-44964 (A lack of SSL certificate validation in BlueStacks v5.20
allows attack ...)
- TODO: check
+ NOT-FOR-US: BlueStacks
CVE-2025-43980 (An issue was discovered on FIRSTNUM JC21A-04 devices through
2.01ME/FN ...)
- TODO: check
+ NOT-FOR-US: FIRSTNUM JC21A-04 devices
CVE-2025-43979 (An issue was discovered on FIRSTNUM JC21A-04 devices through
2.01ME/FN ...)
- TODO: check
+ NOT-FOR-US: FIRSTNUM JC21A-04 devices
CVE-2025-43978 (Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices
allow (blind ...)
- TODO: check
+ NOT-FOR-US: Jointelli
CVE-2025-41698 (A low privileged local attacker can interact with the affected
service ...)
- TODO: check
+ NOT-FOR-US: Draeger ICMHelper
CVE-2025-2810 (A low privileged local attacker can abuse the affected service
by usin ...)
- TODO: check
+ NOT-FOR-US: Draeger ICMHelper
CVE-2025-2611 (The ICTBroadcast application unsafely passes session cookie
data to sh ...)
- TODO: check
+ NOT-FOR-US: ICTBroadcast application
CVE-2025-29745 (A vulnerability affecting the scanning module in Emsisoft
Anti-Malware ...)
- TODO: check
+ NOT-FOR-US: Emsisoft Anti-Malware
CVE-2025-27931 (An out-of-bounds read vulnerability exists in the EMF
functionality of ...)
NOT-FOR-US: PDF-XChange
CVE-2024-52890 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and
7.03 cou ...)
NOT-FOR-US: IBM
CVE-2014-125113 (An unrestricted file upload vulnerability exists in Dell
(acquired by ...)
- TODO: check
+ NOT-FOR-US: Dell KACE K1000 System Management Appliance
CVE-2013-10069 (The web interface of multiple D-Link routers, including
DIR-600 rev B ...)
NOT-FOR-US: D-Link
CVE-2013-10068 (Foxit Reader Plugin version 2.2.1.530, bundled with Foxit
Reader 5.4.4 ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader Plugin
CVE-2013-10064 (A stack-based buffer overflow vulnerability exists in ActFax
Server ve ...)
- TODO: check
+ NOT-FOR-US: ActFax Server
CVE-2012-10034 (ClanSphere 2011.3 is vulnerable to a local file inclusion
(LFI) flaw d ...)
- TODO: check
+ NOT-FOR-US: ClanSphere
CVE-2012-10031 (BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a
stack-based buf ...)
- TODO: check
+ NOT-FOR-US: BlazeVideo HDTV Player Pro
CVE-2025-8583
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -231,29 +231,29 @@ CVE-2025-54119 (ADOdb is a PHP database class library
that provides abstractions
NOTE: https://github.com/ADOdb/ADOdb/issues/1083
NOTE: Fixed by:
https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
(v5.22.10)
CVE-2025-53544 (Trilium Notes is an open-source, cross-platform hierarchical
note taki ...)
- TODO: check
+ NOT-FOR-US: Trilium Notes
CVE-2025-53417 (DIAView (v4.2.0 and prior) - Directory Traversal Information
Disclosur ...)
NOT-FOR-US: Delta Electronics
CVE-2025-52892 (EspoCRM is a web application with a frontend designed as a
single-page ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2025-51726 (CyberGhostVPNSetup.exe (Windows installer) is signed using the
weak cr ...)
- TODO: check
+ NOT-FOR-US: CyberGhostVPNSetup.exe (Windows installer)
CVE-2025-51387 (The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code
injecti ...)
TODO: check
CVE-2025-50754 (Unisite CMS version 5.0 contains a stored Cross-Site Scripting
(XSS) v ...)
- TODO: check
+ NOT-FOR-US: Unisite CMS
CVE-2025-50341 (A Boolean-based SQL injection vulnerability was discovered in
Axelor 5 ...)
- TODO: check
+ NOT-FOR-US: Axelor
CVE-2025-4604 (The vulnerable code can bypass the Captcha check in Liferay
Portal 7.4 ...)
NOT-FOR-US: Liferay
CVE-2025-4599 (The fragment preview functionality in Liferay Portal 7.4.3.61
through ...)
NOT-FOR-US: Liferay
CVE-2025-46093 (LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777
(setuid ...)
- TODO: check
+ NOT-FOR-US: LiquidFiles
CVE-2025-27212 (An Improper Input Validation in certain UniFi Access devices
could all ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-27211 (An Improper Input Validation in EdgeMAX EdgeSwitch (Version
1.10.4 and ...)
- TODO: check
+ NOT-FOR-US: EdgeMAX EdgeSwitch
CVE-2025-46094 (LiquidFiles before 4.1.2 allows directory traversal by
configuring the ...)
NOT-FOR-US: LiquidFiles
CVE-2025-8524 (A vulnerability was found in Boquan DotWallet App 2.15.2 on
Android an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e6f4e2e905067cf171d9dd07d4acfc39a3f1128
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e6f4e2e905067cf171d9dd07d4acfc39a3f1128
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
