Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0bc43721 by Salvatore Bonaccorso at 2025-09-12T22:32:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
CVE-2025-9556 (Langchaingo supports the use of jinja2 syntax when parsing
prompts, wh ...)
- TODO: check
+ NOT-FOR-US: Langchaingo
CVE-2025-8699 (Some "Stored Value" Unattended Payment Solutions of KioSoft use
vulner ...)
- TODO: check
+ NOT-FOR-US: KioSoft
CVE-2025-7448 (Wi-SUN unexpected 4- Way Handshake packet receptions may lead
to predi ...)
NOT-FOR-US: Silicon Labs
CVE-2025-6638 (A Regular Expression Denial of Service (ReDoS) vulnerability
was disco ...)
- TODO: check
+ NOT-FOR-US: huggingface/transformers
CVE-2025-59139 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2025-59058 (httpsig-rs is a Rust implementation of IETF RFC 9421 http
message sign ...)
- TODO: check
+ NOT-FOR-US: httpsig-rs Rust crate
CVE-2025-59054 (dstack is a software development kit (SDK) to simplify the
deployment ...)
- TODO: check
+ NOT-FOR-US: dstack
CVE-2025-58434 (Flowise is a drag & drop user interface to build a customized
large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-57579 (An issue in TOTOLINK Wi-Fi 6 Router Series Device
X2000R-Gh-V2.0.0 all ...)
NOT-FOR-US: TOTOLINK
CVE-2025-57578 (An issue in H3C Magic M Device M2V100R006 allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2025-57577 (An issue in H3C Device R365V300R004 allows a remote attacker
to execut ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2025-56467 (An issue was discovered in AXIS BANK LIMITED Axis Mobile App
9.9 allow ...)
- TODO: check
+ NOT-FOR-US: AXIS BANK LIMITED Axis Mobile App
CVE-2025-55996 (Viber Desktop 25.6.0 is vulnerable to HTML Injection via the
text para ...)
- TODO: check
+ NOT-FOR-US: Viber Desktop
CVE-2025-55835 (File Upload vulnerability in SueamCMS v.0.1.2 allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: SueamCMS
CVE-2025-52074 (PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross
Site Scri ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4235 (An information exposure vulnerability in the Palo Alto Networks
User-I ...)
@@ -47,9 +47,9 @@ CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not
properly sanitize smart.
CVE-2025-27233 (Zabbix Agent 2 smartctl plugin does not properly sanitize
smart.disk.g ...)
TODO: check
CVE-2025-10365 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet
Switching Fab ...)
- TODO: check
+ NOT-FOR-US: Evertz SDVN 3080ipx-10G
CVE-2025-10364 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet
Switching Fab ...)
- TODO: check
+ NOT-FOR-US: Evertz SDVN 3080ipx-10G
CVE-2025-10325 (A vulnerability was identified in Wavlink WL-WN578W2 221110.
This impa ...)
NOT-FOR-US: Wavlink
CVE-2025-10324 (A vulnerability was determined in Wavlink WL-WN578W2 221110.
This affe ...)
@@ -61,27 +61,27 @@ CVE-2025-10322 (A vulnerability has been found in Wavlink
WL-WN578W2 221110. The
CVE-2025-10321 (A flaw has been found in Wavlink WL-WN578W2 221110. Impacted
is an unk ...)
NOT-FOR-US: Wavlink
CVE-2025-10320 (A vulnerability was detected in iteachyou Dreamer CMS up to
4.1.3.2. T ...)
- TODO: check
+ NOT-FOR-US: iteachyou Dreamer CMS
CVE-2025-10319 (A security flaw has been discovered in JeecgBoot up to 3.8.2.
Affected ...)
- TODO: check
+ NOT-FOR-US: JeecgBoot
CVE-2025-10318 (A vulnerability was identified in JeecgBoot up to 3.8.2.
Affected by t ...)
- TODO: check
+ NOT-FOR-US: JeecgBoot
CVE-2025-10267 (NUP Portal developed by NewType Infortech has a Missing
Authentication ...)
- TODO: check
+ NOT-FOR-US: NUP Portal
CVE-2025-10266 (NUP Pro developed by NewType Infortech has a SQL Injection
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: NUP Pro
CVE-2025-10265 (Certain models of NVR developed by Digiever has an OS Command
Injectio ...)
- TODO: check
+ NOT-FOR-US: Digiever
CVE-2025-10264 (Certain models of NVR developed by Digiever has an Exposure of
Sensiti ...)
- TODO: check
+ NOT-FOR-US: Digiever
CVE-2024-45434 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a
Use-After-Free. T ...)
- TODO: check
+ NOT-FOR-US: OpenSynergy BlueSDK (aka Blue SDK)
CVE-2024-45433 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect
Control F ...)
- TODO: check
+ NOT-FOR-US: OpenSynergy BlueSDK (aka Blue SDK)
CVE-2024-45432 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a
function c ...)
- TODO: check
+ NOT-FOR-US: OpenSynergy BlueSDK (aka Blue SDK)
CVE-2024-45431 (OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper
Input Vali ...)
- TODO: check
+ NOT-FOR-US: OpenSynergy BlueSDK (aka Blue SDK)
CVE-2025-39799 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d405ec23df13e6df599f5bd965a55d13420366b8 (6.17-rc2)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc437214550fc8f5d8c1a0294ee97cb1de9733b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc437214550fc8f5d8c1a0294ee97cb1de9733b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
