Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14d8b04e by Salvatore Bonaccorso at 2025-09-19T22:42:53+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-9969 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Vizly Web Design Real Estate
CVE-2025-9906 (The Keras Model.load_modelmethod can be exploited to achieve
arbitrary ...)
- keras <removed>
NOTE: https://github.com/keras-team/keras/pull/21429
@@ -12,23 +12,23 @@ CVE-2025-9081 (Mattermost versions 10.5.x <= 10.5.8, 9.11.x
<= 9.11.17 fail to p
CVE-2025-9079 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x
<= 9.11 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-8664 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: StarCities E-Municipality Management
CVE-2025-8532 (Authorization Bypass Through User-Controlled Key, CWE - 862 -
Missing ...)
- TODO: check
+ NOT-FOR-US: eBA Document and Workflow Management System
CVE-2025-8531 (Improper Handling of Length Parameter Inconsistency
vulnerability in M ...)
NOT-FOR-US: Mitsubishi
CVE-2025-8487 (The Kubio AI Page Builder plugin for WordPress is vulnerable to
unauth ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7937 (There is a vulnerability in the Supermicro BMC firmware
validation log ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2025-7702 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
- TODO: check
+ NOT-FOR-US: Manageable Email Sending System
CVE-2025-7665 (The Miniorange OTP Verification with Firebase plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7403 (Unsafe handling in bt_conn_tx_processor causes a
use-after-free, resul ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-6198 (There is a vulnerability in the Supermicro BMC firmware
validation log ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2025-5955 (The Service Finder SMS System plugin for WordPress is
vulnerable to au ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5948 (The Service Finder Bookings plugin for WordPress is vulnerable
to priv ...)
@@ -36,17 +36,17 @@ CVE-2025-5948 (The Service Finder Bookings plugin for
WordPress is vulnerable to
CVE-2025-59717 (In the @digitalocean/do-markdownit package through 1.16.1 (in
npm), th ...)
TODO: check
CVE-2025-59715 (SMSEagle before 6.11 allows reflected XSS via a username or
contact ph ...)
- TODO: check
+ NOT-FOR-US: SMSEagle
CVE-2025-59714 (In Internet2 Grouper 5.17.1 before 5.20.5, group admins who
are not Gr ...)
- TODO: check
+ NOT-FOR-US: Internet2 Grouper
CVE-2025-59713 (Snipe-IT before 8.1.18 allows unsafe deserialization.)
TODO: check
CVE-2025-59712 (Snipe-IT before 8.1.18 allows XSS.)
TODO: check
CVE-2025-59692 (PureVPN client applications on Linux through September 2025
mishandle ...)
- TODO: check
+ NOT-FOR-US: PureVPN
CVE-2025-59691 (PureVPN client applications on Linux through September 2025
allow IPv6 ...)
- TODO: check
+ NOT-FOR-US: PureVPN
CVE-2025-59678
REJECTED
CVE-2025-59677
@@ -68,71 +68,71 @@ CVE-2025-59670
CVE-2025-59431 (MapServer is a system for developing web-based GIS
applications. Prior ...)
TODO: check
CVE-2025-59427 (The Cloudflare Vite plugin enables a full-featured integration
between ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Vite plugin
CVE-2025-59344 (AliasVault is a privacy-first password manager with built-in
email ali ...)
- TODO: check
+ NOT-FOR-US: AliasVault
CVE-2025-59220 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59216 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-59215 (Use after free in Microsoft Graphics Component allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-58114 (Improper Input Validation vulnerability in Hallo Welt! GmbH
BlueSpice ...)
- TODO: check
+ NOT-FOR-US: BlueSpice
CVE-2025-57880 (Improper Encoding or Escaping of Output vulnerability in Hallo
Welt! G ...)
- TODO: check
+ NOT-FOR-US: BlueSpice
CVE-2025-57644 (Accela Automation Platform 22.2.3.0.230103 contains multiple
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Accela Automation Platform
CVE-2025-57528 (An issue was discovered in Tenda AC6
US_AC6V1.0BR_V15.03.05.16_multi_T ...)
NOT-FOR-US: Tenda
CVE-2025-57396 (Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Tandoor Recipes
CVE-2025-57296 (Tenda AC6 router firmware 15.03.05.19 contains a command
injection vul ...)
NOT-FOR-US: Tenda
CVE-2025-57295 (H3C devices running firmware version NX15V100R015 are
vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2025-57293 (A command injection vulnerability in COMFAST CF-XR11 (firmware
V2.7.2) ...)
- TODO: check
+ NOT-FOR-US: COMFAST CF-XR11
CVE-2025-56869 (Directory traversal vulnerability in Sync In server thru 1.1.1
allowin ...)
- TODO: check
+ NOT-FOR-US: Sync In
CVE-2025-56762 (Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS)
in erro ...)
- TODO: check
+ NOT-FOR-US: Paracrawl KeOPs
CVE-2025-55910 (CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file
deletion i ...)
- TODO: check
+ NOT-FOR-US: CMSEasy
CVE-2025-55068 (Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to
handle Un ...)
- TODO: check
+ NOT-FOR-US: Dover Fueling Solutions
CVE-2025-54860 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose a
telnet- ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-54818 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a propr ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-54815 (Server-side template injection (SSTI) vulnerability in PPress
0.0.9 al ...)
- TODO: check
+ NOT-FOR-US: PPress
CVE-2025-54810 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a propr ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-54807 (The secret used for validating authentication tokens is
hardcoded in ...)
- TODO: check
+ NOT-FOR-US: Dover Fueling Solutions
CVE-2025-54761 (An issue was discovered in PPress 0.0.9 allowing attackers to
gain esc ...)
- TODO: check
+ NOT-FOR-US: PPress
CVE-2025-54754 (An attacker with adjacent access, without authentication, can
exploit ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-54497 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a telnet ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-53969 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a servic ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-53947 (A local attacker with low privileges on the Windows system
where the ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-52873 (Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a telnet ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-52159 (Hardcoded credentials in default configuration of PPress
0.0.9.)
- TODO: check
+ NOT-FOR-US: PPress
CVE-2025-48703 (CWP (aka Control Web Panel or CentOS Web Panel) before
0.9.8.1205 allo ...)
- TODO: check
+ NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel)
CVE-2025-48007 (Improper Encoding or Escaping of Output vulnerability in Hallo
Welt! G ...)
- TODO: check
+ NOT-FOR-US: BlueSpice
CVE-2025-47698 (An adjacent attacker without authentication can exploit this
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Cognex
CVE-2025-46703 (Improper Encoding or Escaping of Output vulnerability in Hallo
Welt! G ...)
- TODO: check
+ NOT-FOR-US: BlueSpice
CVE-2025-43809 (Cross-Site Request Forgery (CSRF) vulnerability in the server
(license ...)
NOT-FOR-US: Liferay
CVE-2025-43803 (Insecure direct object reference (IDOR) vulnerability in the
Contacts ...)
@@ -176,9 +176,9 @@ CVE-2025-34189 (Vasion Print (formerly PrinterLogic)
Virtual Appliance Host vers
CVE-2025-34188 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host
versions p ...)
TODO: check
CVE-2025-30755 (OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS)
issue when ...)
- TODO: check
+ NOT-FOR-US: OpenGrok
CVE-2025-30519 (Dover Fueling Solutions ProGauge MagLink LX4 Deviceshave
default root ...)
- TODO: check
+ NOT-FOR-US: Dover Fueling Solutions
CVE-2025-26517 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.8.0. ...)
NOT-FOR-US: NetApp
CVE-2025-26516 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.8.0. ...)
@@ -188,31 +188,31 @@ CVE-2025-26515 (StorageGRID (formerly StorageGRID
Webscale) versions prior to 1
CVE-2025-26514 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.8.0. ...)
NOT-FOR-US: NetApp
CVE-2025-10722 (A vulnerability was detected in SKTLab Mukbee App 1.01.196 on
Android. ...)
- TODO: check
+ NOT-FOR-US: SKTLab Mukbee App
CVE-2025-10721 (A vulnerability was determined in Webull Investing & Trading
App 11.2. ...)
- TODO: check
+ NOT-FOR-US: Webull Investing & Trading App
CVE-2025-10719 (Tronclass developed by WisdomGarden has an Insecure Direct
object Refe ...)
- TODO: check
+ NOT-FOR-US: Tronclass
CVE-2025-10718 (A vulnerability was found in Ooma Office Business Phone App up
to 7.2. ...)
- TODO: check
+ NOT-FOR-US: Ooma Office Business Phone App
CVE-2025-10717 (A vulnerability has been found in intsig CamScanner App
6.91.1.5.25071 ...)
- TODO: check
+ NOT-FOR-US: intsig CamScanner App
CVE-2025-10716 (A flaw has been found in Creality Cloud App up to 6.1.0 on
Android. Af ...)
- TODO: check
+ NOT-FOR-US: Creality Cloud App
CVE-2025-10715 (A security flaw has been discovered in APEUni PTE Exam
Practice App up ...)
- TODO: check
+ NOT-FOR-US: APEUni PTE Exam Practice App
CVE-2025-10712 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM
up to 20 ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
CVE-2025-10711 (A vulnerability has been found in 07FLYCMS, 07FLY-CMS and
07FlyCRM up ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
CVE-2025-10710 (A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up
to 202508 ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
CVE-2025-10709 (A vulnerability was detected in Four-Faith Water Conservancy
Informati ...)
- TODO: check
+ NOT-FOR-US: Four-Faith Water Conservancy Informatization Platform
CVE-2025-10708 (A security vulnerability has been detected in Four-Faith Water
Conserv ...)
- TODO: check
+ NOT-FOR-US: Four-Faith Water Conservancy Informatization Platform
CVE-2025-10707 (A weakness has been identified in JeecgBoot up to 3.8.2.
Affected is a ...)
- TODO: check
+ NOT-FOR-US: JeecgBoot
CVE-2025-10690 (The Goza - Nonprofit Charity WordPress Theme theme for
WordPress is vu ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10689 (A vulnerability was identified in D-Link DIR-645 105B01. This
issue af ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14d8b04e27022965e2de2204b0f02442b545a25e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14d8b04e27022965e2de2204b0f02442b545a25e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
