Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b4fc458 by Salvatore Bonaccorso at 2025-09-25T22:36:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-60249 (vulnerability-lookup 2.16.0 allows XSS in bundle.py,
comment.py, and u ...)
- TODO: check
+ NOT-FOR-US: vulnerability-lookup
CVE-2025-60019 (glib-networking's OpenSSL backend fails to properly check the
return v ...)
- glib-networking <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227
@@ -13,39 +13,39 @@ CVE-2025-60018 (glib-networking's OpenSSL backend fails to
properly check the re
CVE-2025-5494 (ZohoCorp ManageEngine Endpoint Central was impacted by an
improper pri ...)
NOT-FOR-US: Zoho
CVE-2025-59841 (Flag Forge is a Capture The Flag (CTF) platform. In versions
from 2.2. ...)
- TODO: check
+ NOT-FOR-US: Flag Forge
CVE-2025-59839 (The EmbedVideo Extension is a MediaWiki extension which adds a
parser ...)
TODO: check
CVE-2025-59838 (Monkeytype is a minimalistic and customizable typing test. In
versions ...)
- TODO: check
+ NOT-FOR-US: Monkeytype
CVE-2025-59834 (ADB MCP Server is a MCP (Model Context Protocol) server for
interactin ...)
- TODO: check
+ NOT-FOR-US: ADB MCP Server
CVE-2025-59832 (Horilla is a free and open source Human Resource Management
System (HR ...)
- TODO: check
+ NOT-FOR-US: Horilla
CVE-2025-59831 (git-commiters is a Node.js function module providing
committers stats ...)
- TODO: check
+ NOT-FOR-US: git-commiters Node.js module
CVE-2025-59830 (Rack is a modular Ruby web server interface. Prior to version
2.2.18, ...)
TODO: check
CVE-2025-59823 (Project Gardener implements the automated management and
operation of ...)
- TODO: check
+ NOT-FOR-US: Gardener
CVE-2025-59817 (This vulnerability allows attackers to execute arbitrary
commands on t ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-59816 (This vulnerability allows attackers to directly query the
underlying d ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-59815 (This vulnerability allows malicious actors to execute
arbitrary comman ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-59814 (This vulnerability allows malicious actors to gain
unauthorized access ...)
- TODO: check
+ NOT-FOR-US: Zenitel
CVE-2025-59426 (Lobe Chat is an open-source artificial intelligence chat
framework. Pr ...)
- TODO: check
+ NOT-FOR-US: Lobe Chat
CVE-2025-59422 (Dify is an open-source LLM app development platform. In
version 1.8.1, ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-57632 (libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing
SMB2 ch ...)
TODO: check
CVE-2025-57623 (A NULL pointer dereference in TOTOLINK N600R firmware
v4.3.0cu.7866_B2 ...)
NOT-FOR-US: TOTOLINK
CVE-2025-57446 (An issue in O-RAN Near Realtime RIC ric-plt-submgr in the
J-Release en ...)
- TODO: check
+ NOT-FOR-US: O-RAN Near Realtime RIC ric-plt-submgr
CVE-2025-57317 (apidoc-core is the core parser library to generate apidoc
result follo ...)
TODO: check
CVE-2025-55560 (An issue in pytorch v2.7.0 can lead to a Denial of Service
(DoS) when ...)
@@ -67,7 +67,7 @@ CVE-2025-55552 (pytorch v2.8.0 was discovered to display
unexpected behavior whe
CVE-2025-55551 (An issue in the component torch.linalg.lu of pytorch v2.8.0
allows att ...)
TODO: check
CVE-2025-48707 (An issue was discovered in Stormshield Network Security (SNS)
before 5 ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2025-46153 (PyTorch before 3.7.0 has a bernoulli_p decompose function in
decomposi ...)
TODO: check
CVE-2025-46152 (In PyTorch before 2.7.0, bitwise_right_shift produces
incorrect output ...)
@@ -89,21 +89,21 @@ CVE-2025-40837 (Ericsson Indoor Connect 8855 contains a
missing authorization vu
CVE-2025-40836 (Ericsson Indoor Connect 8855 contains an improper input
validation vul ...)
NOT-FOR-US: Ericsson
CVE-2025-40698 (SQL injection vulnerability in Prevengos v2.44 by Nedatec
Consulting. ...)
- TODO: check
+ NOT-FOR-US: Prevengos
CVE-2025-36857 (Rapid7 Appspider Pro versions below 7.5.021, suffer from a
broken acce ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Appspider Pro
CVE-2025-36601 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0,
contains an ...)
NOT-FOR-US: Dell / EMC
CVE-2025-34227 (Nagios XI < 2026R1 is vulnerable to an authenticated command
injection ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-33116 (IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is
vulnerabl ...)
NOT-FOR-US: IBM
CVE-2025-29157 (An issue in petstore v.1.0.7 allows a remote attacker to
execute arbit ...)
- TODO: check
+ NOT-FOR-US: petstore
CVE-2025-29156 (Cross Site Scripting vulnerability in petstore v.1.0.7 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: petstore
CVE-2025-29155 (An issue in petstore v.1.0.7 allows a remote attacker to
execute arbit ...)
- TODO: check
+ NOT-FOR-US: petstore
CVE-2025-27262 (Ericsson Indoor Connect 8855 contains a command injection
vulnerabilit ...)
NOT-FOR-US: Ericsson
CVE-2025-27261 (Ericsson Indoor Connect 8855 contains a SQL injection
vulnerability wh ...)
@@ -113,11 +113,11 @@ CVE-2025-26333 (Dell Crypto-J generates an error message
that includes sensitive
CVE-2025-26278 (A prototype pollution in the lib.set function of dref v0.1.2
allows at ...)
TODO: check
CVE-2025-20363 (A vulnerability in the web services of Cisco Secure Firewall
Adaptive ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20362 (A vulnerability in the VPN web server of Cisco Secure Firewall
Adaptiv ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20333 (A vulnerability in the VPN web server of Cisco Secure Firewall
Adaptiv ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-10964 (A weakness has been identified in Wavlink NU516U1. Affected by
this vu ...)
NOT-FOR-US: Wavlink
CVE-2025-10963 (A security flaw has been discovered in Wavlink NU516U1
M16U1_V240425. ...)
@@ -133,53 +133,53 @@ CVE-2025-10959 (A vulnerability has been found in Wavlink
NU516U1 M16U1_V240425.
CVE-2025-10958 (A flaw has been found in Wavlink NU516U1 M16U1_V240425.
Impacted is th ...)
NOT-FOR-US: Wavlink
CVE-2025-10957 (This vulnerability exists in the Syrotech SY-GPON-2010-WADONT
router d ...)
- TODO: check
+ NOT-FOR-US: Syrotech SY-GPON-2010-WADONT router
CVE-2025-10953 (A security vulnerability has been detected in UTT 1200GW and
1250GW up ...)
- TODO: check
+ NOT-FOR-US: UTT 1200GW and 1250GW
CVE-2025-10952 (A security flaw has been discovered in geyang ml-logger up to
acf255ba ...)
- TODO: check
+ NOT-FOR-US: geyang ml-logger
CVE-2025-10951 (A vulnerability was identified in geyang ml-logger up to
acf255bade5be ...)
- TODO: check
+ NOT-FOR-US: geyang ml-logger
CVE-2025-10950 (A vulnerability was determined in geyang ml-logger up to
acf255bade5be ...)
- TODO: check
+ NOT-FOR-US: geyang ml-logger
CVE-2025-10949 (A vulnerability was found in Changsha Developer Technology
iView Edito ...)
- TODO: check
+ NOT-FOR-US: Changsha Developer Technology iView Editor
CVE-2025-10948 (A vulnerability has been found in MikroTik RouterOS 7. This
affects th ...)
NOT-FOR-US: MikroTik
CVE-2025-10947 (A flaw has been found in Sistemas Pleno Gest\xe3o de
Loca\xe7\xe3o up ...)
TODO: check
CVE-2025-10946 (A vulnerability was detected in nuz007 smsboom up to
01b2f35bbbc23f3e0 ...)
- TODO: check
+ NOT-FOR-US: nuz007 smsboom
CVE-2025-10945 (A security vulnerability has been detected in nuz007 smsboom
up to 01b ...)
- TODO: check
+ NOT-FOR-US: nuz007 smsboom
CVE-2025-10944 (A weakness has been identified in yi-ge get-header-ip up to
589b23d0eb ...)
- TODO: check
+ NOT-FOR-US: yi-ge get-header-ip
CVE-2025-10943 (A security flaw has been discovered in MikeCen
WeChat-Face-Recognition ...)
- TODO: check
+ NOT-FOR-US: MikeCen WeChat-Face-Recognition
CVE-2025-10942 (A vulnerability was identified in H3C Magic B3 up to 100R002.
This aff ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2025-10941 (A vulnerability was determined in Topaz SERVCore Teller
2.14.0-RC2/2.1 ...)
- TODO: check
+ NOT-FOR-US: Topaz SERVCore Teller
CVE-2025-10940 (A vulnerability was found in Total.js CMS 1.0.0. Affected by
this vuln ...)
- TODO: check
+ NOT-FOR-US: Total.js CMS
CVE-2025-10911 (A use-after-free vulnerability was found in libxslt while
parsing xsl ...)
TODO: check
CVE-2025-10880 (All versions of Dingtian DT-R002 are vulnerable to an
Insufficiently P ...)
- TODO: check
+ NOT-FOR-US: Dingtian DT-R002
CVE-2025-10879 (All versions of Dingtian DT-R002 are vulnerable to an
Insufficiently P ...)
- TODO: check
+ NOT-FOR-US: Dingtian DT-R002
CVE-2025-10542 (iMonitor EAM 9.6394 ships with default administrative
credentials that ...)
- TODO: check
+ NOT-FOR-US: iMonitor
CVE-2025-10541 (iMonitor EAM 9.6394 installs a system service
(eamusbsrv64.exe) that r ...)
- TODO: check
+ NOT-FOR-US: iMonitor
CVE-2025-10540 (iMonitor EAM 9.6394 transmits communication between the EAM
client age ...)
- TODO: check
+ NOT-FOR-US: iMonitor
CVE-2025-10467 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: OBS (Student Affairs Information System)
CVE-2025-10449 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Saysis Web Portal
CVE-2025-10438 (Path Traversal: 'dir/../../filename' vulnerability in Yordam
Informati ...)
- TODO: check
+ NOT-FOR-US: Yordam Katalog
CVE-2024-48014 (Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3
contain an O ...)
NOT-FOR-US: Dell / EMC
CVE-2020-36851 (Rob -- W / cors-anywhere instances configured as an open proxy
allow u ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4fc45811360c6857bd9ac2da6707506de54000
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4fc45811360c6857bd9ac2da6707506de54000
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
