Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
07556df4 by Salvatore Bonaccorso at 2025-09-18T06:00:19+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-9862 (Server-Side Request Forgery (SSRF)
vulnerability in Ghost allows
CVE-2025-8999 (The Sydney theme for WordPress is vulnerable to unauthorized
modificat ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8463 (Authorization Bypass Through User-Controlled Key vulnerability
in Nebu ...)
- TODO: check
+ NOT-FOR-US: Nebula Informatics SecHard
CVE-2025-8411 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Dokuzsoft Technology E-Commerce Web Design Product
CVE-2025-8077 (A vulnerability exists in NeuVector versions up to and
including 5.4.5 ...)
- TODO: check
+ NOT-FOR-US: NeuVectorNeuVector
CVE-2025-59476 (Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not
restrict o ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-59475 (Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not
perform a ...)
@@ -23,81 +23,81 @@ CVE-2025-59456 (In JetBrains TeamCity before 2025.07.2 path
traversal was possib
CVE-2025-59455 (In JetBrains TeamCity before 2025.07.2 project isolation
bypass was po ...)
NOT-FOR-US: JetBrains
CVE-2025-59416 (The Scratch Channel is a news website. If the user makes a
fork, they ...)
- TODO: check
+ NOT-FOR-US: Scratch Channel
CVE-2025-59414 (Nuxt is an open-source web development framework for Vue.js.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Nuxt
CVE-2025-59410 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59354 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59353 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59352 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59351 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59350 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59349 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59348 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59347 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59346 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59345 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2025-59342 (esm.sh is a nobuild content delivery network(CDN) for modern
web devel ...)
- TODO: check
+ NOT-FOR-US: esm.sh
CVE-2025-59341 (esm.sh is a nobuild content delivery network(CDN) for modern
web devel ...)
- TODO: check
+ NOT-FOR-US: esm.sh
CVE-2025-59340 (jinjava is a Java-based template engine based on django
template synta ...)
TODO: check
CVE-2025-59339 (The Bastion provides authentication, authorization,
traceability and a ...)
- TODO: check
+ NOT-FOR-US: Bastion
CVE-2025-59304 (A directory traversal issue in Swetrix Web Analytics API 3.1.1
before ...)
- TODO: check
+ NOT-FOR-US: Swetrix Web Analytics API
CVE-2025-58767 (REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to
3.4.1 h ...)
TODO: check
CVE-2025-58766 (Dyad is a local AI app builder. A critical security
vulnerability has ...)
- TODO: check
+ NOT-FOR-US: Dyad
CVE-2025-58432 (ZimaOS is a fork of CasaOS, an operating system for Zima
devices and x ...)
- TODO: check
+ NOT-FOR-US: ZimaOS
CVE-2025-58431 (ZimaOS is a fork of CasaOS, an operating system for Zima
devices and x ...)
- TODO: check
+ NOT-FOR-US: ZimaOS
CVE-2025-57055 (WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery
(SSRF) in ...)
- TODO: check
+ NOT-FOR-US: WonderCMS
CVE-2025-56648 (npm parcel 2.0.0-alpha and before has an Origin Validation
Error vulne ...)
TODO: check
CVE-2025-55904 (Open5GS v2.7.5, prior to commit
67ba7f92bbd7a378954895d96d9d7b05d5b646 ...)
TODO: check
CVE-2025-54467 (When a Java command with password parameters is executed and
terminate ...)
- TODO: check
+ NOT-FOR-US: NeuVector
CVE-2025-54390 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
the ResetP ...)
NOT-FOR-US: Zimbra
CVE-2025-53884 (NeuVector stores user passwords and API keys using a simple,
unsalted ...)
- TODO: check
+ NOT-FOR-US: NeuVector
CVE-2025-50709 (An issue in Perplexity AI GPT-4 allows a remote attacker to
obtain sen ...)
- TODO: check
+ NOT-FOR-US: Perplexity AI GPT-4
CVE-2025-37122 (A vulnerability in the web-based management interface of
network acces ...)
NOT-FOR-US: HPE
CVE-2025-35436 (CISA Thorium uses '.unwrap()' to handle errors related to
account veri ...)
- TODO: check
+ NOT-FOR-US: CISA Thorium
CVE-2025-35435 (CISA Thorium accepts a stream split size of zero then divides
by this ...)
- TODO: check
+ NOT-FOR-US: CISA Thorium
CVE-2025-35434 (CISA Thorium does not validate TLS certificates when
connecting to Ela ...)
- TODO: check
+ NOT-FOR-US: CISA Thorium
CVE-2025-35433 (CISA Thorium does not properly invalidate previously used
tokens when ...)
- TODO: check
+ NOT-FOR-US: CISA Thorium
CVE-2025-35432 (CISA Thorium does not rate limit requests to send account
verification ...)
- TODO: check
+ NOT-FOR-US: CISA Thorium
CVE-2025-35431 (CISA Thorium does not escape user controlled strings used in
LDAP quer ...)
- TODO: check
+ NOT-FOR-US: CISA Thorium
CVE-2025-35430 (CISA Thorium does not adequately validate the paths of
downloaded file ...)
- TODO: check
+ NOT-FOR-US: CISA Thorium
CVE-2025-10615 (A vulnerability was identified in itsourcecode E-Commerce
Website 1.0. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode E-Commerce Website
CVE-2025-10614 (A vulnerability was determined in itsourcecode E-Logbook with
Health M ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10613 (A vulnerability has been found in itsourcecode Student
Information Sys ...)
@@ -125,7 +125,7 @@ CVE-2025-10599 (A security flaw has been discovered in
itsourcecode Web-Based In
CVE-2025-10598 (A vulnerability was identified in SourceCodester Pet Grooming
Manageme ...)
NOT-FOR-US: SourceCodester
CVE-2025-10597 (A vulnerability was determined in kidaze CourseSelectionSystem
up to 4 ...)
- TODO: check
+ NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2025-10596 (A vulnerability was found in SourceCodester Online Exam Form
Submissio ...)
NOT-FOR-US: SourceCodester
CVE-2025-10595 (A vulnerability has been found in SourceCodester Online
Student File M ...)
@@ -135,29 +135,29 @@ CVE-2025-10594 (A flaw has been found in SourceCodester
Online Student File Mana
CVE-2025-10593 (A vulnerability was detected in SourceCodester Online Student
File Man ...)
NOT-FOR-US: SourceCodester
CVE-2025-10592 (A security vulnerability has been detected in itsourcecode
Online Publ ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Public Access Catalog OPAC
CVE-2025-10591 (A weakness has been identified in Portabilis i-Educar up to
2.10. This ...)
NOT-FOR-US: Portabilis
CVE-2025-10590 (A security flaw has been discovered in Portabilis i-Educar up
to 2.10. ...)
NOT-FOR-US: Portabilis
CVE-2025-10439 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Yordam Informatics Yordam Library Automation System
CVE-2025-10205 (Use of a One-Way Hash with a Predictable Salt vulnerability in
ABB FLX ...)
NOT-FOR-US: ABB group
CVE-2025-10157 (A Protection Mechanism Failure vulnerability in mmaitre314
picklescan ...)
- TODO: check
+ NOT-FOR-US: mmaitre314 picklescan
CVE-2025-10156 (An Improper Handling of Exceptional Conditions vulnerability
in the ZI ...)
TODO: check
CVE-2025-10155 (An Improper Input Validation vulnerability in the scanning
logic of mm ...)
- TODO: check
+ NOT-FOR-US: mmaitre314 picklescan
CVE-2025-0879 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Shopside Software Shopside App
CVE-2025-0546 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Mevzuattr Software MevzuatTR
CVE-2025-0420 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Parasut Software Prasut
CVE-2025-0419 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Zirve Nova
CVE-2024-48842 (Use of Hard-coded Credentials vulnerability in ABB FLXEON.This
issue a ...)
NOT-FOR-US: ABB group
CVE-2023-53368 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07556df4bf5ce4a3c54f6427cd7a83a5fb175936
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07556df4bf5ce4a3c54f6427cd7a83a5fb175936
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
