Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02a54225 by Moritz Muehlenhoff at 2025-08-28T20:09:52+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -80,7 +80,7 @@ CVE-2025-58193 (Missing Authorization vulnerability in
Uncanny Owl Uncanny Autom
CVE-2025-58192 (Missing Authorization vulnerability in Xylus Themes WP Bulk
Delete all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-57821 (Basecamp's Google Sign-In adds Google sign-in to Rails
applications. P ...)
- TODO: check
+ NOT-FOR-US: Basecamp google_sign_in
CVE-2025-56694 (Client-side password validation (CWE-602) in lumasoft
fotoShare Cloud ...)
NOT-FOR-US: lumasoft fotoShare Cloud
CVE-2025-55618 (In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an
attacker ca ...)
@@ -99,7 +99,7 @@ CVE-2025-53105 (GLPI, which stands for Gestionnaire Libre de
Parc Informatique,
CVE-2025-52122 (Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS,
contains an S ...)
NOT-FOR-US: Craft CMS plugin
CVE-2025-51667 (An issue was discovered in simple-admin-core v1.2.0 thru
v1.6.7. The / ...)
- TODO: check
+ NOT-FOR-US: simple-admin-core
CVE-2025-50989 (OPNsense 25.1 contains an authenticated command injection
vulnerabilit ...)
NOT-FOR-US: OPNsense
CVE-2025-50986 (diskover-web v2.3.0 Community Edition suffers from multiple
stored cro ...)
@@ -115,7 +115,7 @@ CVE-2025-50979 (NodeBB v4.3.0 is vulnerable to SQL
injection in its search-categ
CVE-2025-50978 (In Gitblit v1.7.1, a reflected cross-site scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: Gitblit
CVE-2025-50977 (A template injection vulnerability leading to reflected
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Gitblit
CVE-2025-50972 (SQL Injection vulnerability in AbanteCart 1.4.2, allows
unauthenticate ...)
NOT-FOR-US: AbanteCart
CVE-2025-50428 (In RaspAP raspap-webgui 3.3.2 and earlier, a command injection
vulnera ...)
@@ -133,45 +133,45 @@ CVE-2025-43728 (Dell ThinOS 10, versions prior to
2508_10.0127, contain a Protec
CVE-2025-3601 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2025-34161 (Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to
a remote ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2025-34159 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to
a remote ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2025-34157 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to
a stored ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2025-30064 (An insufficiently secured internal function allows session
generation ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30063 (The configuration file containing database logins and
passwords is rea ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30061 (In the "utils/Reporter/OpenReportWindow.pl" service, there is
an SQL i ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30060 (In the ReturnUserUnitsXML.pl service, the "getUserInfo"
function is vu ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30059 (In the PrepareCDExportJSON.pl service, the "getPerfServiceIds"
functio ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30058 (In the PatientService.pl service, the "getPatientIdentifier"
function ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30057 (In UHCRTFDoc, the filename parameter can be exploited to
execute arbit ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30056 (The RunCommand function accepts any parameter, which is then
passed fo ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30055 (The "system" function receives untrusted input from the user.
If the " ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30048 (The "serverConfig" endpoint, which returns the module
configuration in ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30041 (The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl",
"/cgi-bin/Clin ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30040 (The vulnerability allows unauthenticated users to download a
file cont ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30039 (Unauthenticated access to the
"/cgi-bin/CliniNET.prd/GetActiveSessions ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30038 (The vulnerability consists of a session ID leak when saving a
file dow ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30037 (The system exposes several endpoints, typically including
"/int/" in t ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-30036 (Stored XSS vulnerability exists in the "Oddzia\u0142" (Ward)
module, i ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-2313 (In the Print.pl service, the "uhcPrintServerPrint" function
allows exe ...)
- TODO: check
+ NOT-FOR-US: CGM CLININET
CVE-2025-2246 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- gitlab <unfixed>
CVE-2025-20348 (A vulnerability in the REST API endpoints of Cisco Nexus
Dashboard and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02a54225d14f01db87032bd85ab8b352d2d03b1d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02a54225d14f01db87032bd85ab8b352d2d03b1d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
