Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5dd15cd6 by Moritz Muehlenhoff at 2025-09-23T14:22:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -111,23 +111,23 @@ CVE-2025-10824 (A vulnerability was determined in axboe
fio up to 3.41. This imp
CVE-2025-10823 (A vulnerability was found in axboe fio up to 3.41. This
affects the fu ...)
TODO: check
CVE-2025-10822 (A vulnerability has been found in fuyang_lipengjun platform
1.0. The i ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10821 (A flaw has been found in fuyang_lipengjun platform 1.0. The
affected e ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10820 (A vulnerability was detected in fuyang_lipengjun platform 1.0.
Impacte ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10819 (A security vulnerability has been detected in fuyang_lipengjun
platfor ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10817 (A weakness has been identified in Campcodes Online Learning
Management ...)
NOT-FOR-US: Campcodes
CVE-2025-10816 (A security flaw has been discovered in Jinher OA 2.0. This
affects an ...)
- TODO: check
+ NOT-FOR-US: Jinher OA 2.0
CVE-2025-10815 (A vulnerability was identified in Tenda AC20 up to
16.03.08.12. Affect ...)
NOT-FOR-US: Tenda
CVE-2025-10814 (A vulnerability was determined in D-Link DIR-823X
240126/240802/250416 ...)
NOT-FOR-US: D-Link
CVE-2025-10548 (The CleverControl employee monitoring software (v11.5.1041.6)
fails to ...)
- TODO: check
+ NOT-FOR-US: CleverControl employee monitoring software
CVE-2025-10380 (The Advanced Views \u2013 Display Posts, Custom Fields, and
More plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-39888 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
@@ -338,17 +338,17 @@ CVE-2025-59528 (Flowise is a drag & drop user interface
to build a customized la
CVE-2025-59527 (Flowise is a drag & drop user interface to build a customized
large la ...)
NOT-FOR-US: Flowise
CVE-2025-59526 (mailgen is a Node.js package that generates responsive HTML
e-mails fo ...)
- NOT-FOR-US: mailgen Node.js module
+ NOT-FOR-US: Node mailgen
CVE-2025-59434 (Flowise is a drag & drop user interface to build a customized
large la ...)
NOT-FOR-US: Flowise
CVE-2025-59433 (Conventional Changelog generates changelogs and release notes
from a p ...)
- TODO: check
+ NOT-FOR-US: Node conventional-changelog
CVE-2025-59432 (SCRAM (Salted Challenge Response Authentication Mechanism) is
part of ...)
- libscram-java <unfixed>
NOTE:
https://github.com/ongres/scram/security/advisories/GHSA-3wfh-36rx-9537
NOTE:
https://github.com/ongres/scram/commit/e0b0cf99f05406a0d26682c72fcb5728e95124b3
(3.2)
CVE-2025-59430 (Mesh Connect JS SDK contains JS libraries for integrating with
Mesh Co ...)
- TODO: check
+ NOT-FOR-US: Node @meshconnect/web-link-sdk
CVE-2025-59420 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
- python-authlib 1.6.4-1
NOTE:
https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32
@@ -858,33 +858,33 @@ CVE-2025-57685 (The LB-Link routers, including the
BL-AC2100_AZ3 V1.0.4, BL-WR40
CVE-2025-57682 (Directory Traversal vulnerability in Papermark 0.20.0 and
prior allows ...)
NOT-FOR-US: Papermark
CVE-2025-57605 (Lack of server-side authorisation on department admin
assignment APIs ...)
- TODO: check
+ NOT-FOR-US: AiKaan
CVE-2025-57602 (Insufficient hardening of the proxyuser account in the AiKaan
IoT mana ...)
- TODO: check
+ NOT-FOR-US: AiKaan
CVE-2025-57601 (AiKaan Cloud Controller uses a single hardcoded SSH private
key and th ...)
- TODO: check
+ NOT-FOR-US: AiKaan
CVE-2025-57441 (The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and
stream c ...)
- TODO: check
+ NOT-FOR-US: Blackmagic ATEM Mini Pro
CVE-2025-57440 (The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented
Telnet servic ...)
- TODO: check
+ NOT-FOR-US: Blackmagic ATEM Mini Pro
CVE-2025-57439 (Creacast Creabox Manager 4.4.4 contains a critical Remote Code
Executi ...)
- TODO: check
+ NOT-FOR-US: Creacast Creabox Manager
CVE-2025-57438 (The 2wcom IP-4c 2.15.5 device suffers from a Broken Access
Control vul ...)
- TODO: check
+ NOT-FOR-US: 2wcom IP-4c
CVE-2025-57437 (The Blackmagic Web Presenter HD firmware version 3.3 exposes
sensitive ...)
- TODO: check
+ NOT-FOR-US: Blackmagic Web Presenter
CVE-2025-57434 (Creacast Creabox Manager contains a critical authentication
flaw that ...)
- TODO: check
+ NOT-FOR-US: Creacast Creabox Manager
CVE-2025-57433 (The 2wcom IP-4c 2.15.5 device's web interface includes an
information ...)
TODO: check
CVE-2025-57432 (Blackmagic Web Presenter version 3.3 exposes a Telnet service
on port ...)
- TODO: check
+ NOT-FOR-US: Blackmagic Web Presenter
CVE-2025-57431 (The Sound4 PULSE-ECO AES67 1.22 web-based management interface
is vuln ...)
TODO: check
CVE-2025-57430 (Creacast Creabox Manager 4.4.4 exposes sensitive configuration
data vi ...)
- TODO: check
+ NOT-FOR-US: Creacast Creabox Manager
CVE-2025-57203 (MagicProject AI version 9.1 is affected by a Cross-Site
Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: MagicProject AI
CVE-2025-56075 (A SQL Injection vulnerability was discovered in the
normal-bwdates-rep ...)
NOT-FOR-US: PHPGurukul
CVE-2025-56074 (A SQL Injection vulnerability was discovered in the
foreigner-bwdates- ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd15cd604c9962163b3d0281f9dcb7d2d72262c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd15cd604c9962163b3d0281f9dcb7d2d72262c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
