Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
620cd7d1 by Salvatore Bonaccorso at 2025-09-26T22:43:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-9958 (An issue has been discovered in GitLab CE/EE
affecting all versio
CVE-2025-9642 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2025-9267 (In Seagate Toolkit on Windows avulnerability exists in the
Toolkit Ins ...)
- TODO: check
+ NOT-FOR-US: Seagate
CVE-2025-7691 (A privilege escalation issue has been discovered in GitLab EE
affectin ...)
- gitlab <unfixed>
CVE-2025-6396 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Webbeyaz Website Design Website Software
CVE-2025-60219 (Unrestricted Upload of File with Dangerous Type vulnerability
in HaruT ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-60186 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -179,9 +179,9 @@ CVE-2025-60040 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-5069 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-59844 (SonarQube Server and Cloud is a static analysis solution for
continuou ...)
- TODO: check
+ NOT-FOR-US: SonarQube Server and Cloud
CVE-2025-59843 (Flag Forge is a Capture The Flag (CTF) platform. From versions
2.0.0 t ...)
- TODO: check
+ NOT-FOR-US: Flag Forge
CVE-2025-59842 (jupyterlab is an extensible environment for interactive and
reproducib ...)
TODO: check
CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs.
This oc ...)
@@ -201,23 +201,23 @@ CVE-2025-58917 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-58914 (Cross-Site Request Forgery (CSRF) vulnerability in Di Themes
Di Themes ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-58385 (In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes
can be d ...)
- TODO: check
+ NOT-FOR-US: DOXENSE WATCHDOC
CVE-2025-58384 (In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of
Untrusted Da ...)
- TODO: check
+ NOT-FOR-US: DOXENSE WATCHDOC
CVE-2025-57692 (PiranhaCMS 12.0 allows stored XSS in the Text content block of
Standar ...)
- TODO: check
+ NOT-FOR-US: PiranhaCMS
CVE-2025-57292 (Todoist v8484 contains a stored cross-site scripting (XSS)
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Todoist
CVE-2025-56463 (Mercusys MW305R 3.30 and below is has a Transport Layer
Security (TLS) ...)
- TODO: check
+ NOT-FOR-US: Mercusys MW305R
CVE-2025-56383 (Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can
replace ...)
- TODO: check
+ NOT-FOR-US: Notepad++
CVE-2025-55848 (An issue was discovered in DIR-823 firmware 20250416. There is
an RCE ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-55847 (Wavlink M86X3A_V240730 contains a buffer overflow
vulnerability in the ...)
NOT-FOR-US: Wavlink
CVE-2025-55187 (In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and
25.1.2 be ...)
- TODO: check
+ NOT-FOR-US: DriveLock
CVE-2025-4957 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48326 (Missing Authorization vulnerability in Acclectic Media
Acclectic Media ...)
@@ -225,7 +225,7 @@ CVE-2025-48326 (Missing Authorization vulnerability in
Acclectic Media Acclectic
CVE-2025-48107 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-45994 (An issue in Aranda PassRecovery v1.0 allows attackers to
enumerate val ...)
- TODO: check
+ NOT-FOR-US: Aranda PassRecovery
CVE-2025-36326 (IBM Cognos Controller 11.0.0 through 11.0.1, and IBM
Controller 11.1.0 ...)
NOT-FOR-US: IBM
CVE-2025-36274 (IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive
informati ...)
@@ -245,41 +245,41 @@ CVE-2025-11039 (A security vulnerability has been
detected in Campcodes Computer
CVE-2025-11038 (A weakness has been identified in itsourcecode Online Clinic
Managemen ...)
NOT-FOR-US: itsourcecode System
CVE-2025-11037 (A security flaw has been discovered in code-projects
E-Commerce Websit ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-11036 (A vulnerability was identified in code-projects E-Commerce
Website 1.0 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-11035 (A vulnerability was determined in Jinher OA 2.0. The impacted
element ...)
- TODO: check
+ NOT-FOR-US: Jinher OA
CVE-2025-11034 (A vulnerability was found in Dibo Data Decision Making System
up to 2. ...)
- TODO: check
+ NOT-FOR-US: Dibo Data Decision Making System
CVE-2025-11033 (A vulnerability has been found in kidaze CourseSelectionSystem
up to 4 ...)
- TODO: check
+ NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2025-11032 (A flaw has been found in kidaze CourseSelectionSystem up to
42cd892b40 ...)
- TODO: check
+ NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2025-11031 (A flaw has been found in DataTables up to 1.10.13. The
affected elemen ...)
NOT-FOR-US: code-projects
CVE-2025-11030 (A vulnerability was detected in Tutorials-Website Employee
Management ...)
- TODO: check
+ NOT-FOR-US: Tutorials-Website Employee Management System
CVE-2025-11029 (A weakness has been identified in givanz Vvveb up to 1.0.7.2.
This vul ...)
- TODO: check
+ NOT-FOR-US: givanz Vvveb
CVE-2025-11028 (A security flaw has been discovered in givanz Vvveb up to
1.0.7.2. Thi ...)
- TODO: check
+ NOT-FOR-US: givanz Vvveb
CVE-2025-11027 (A vulnerability was identified in givanz Vvveb up to 1.0.7.2.
Affected ...)
- TODO: check
+ NOT-FOR-US: givanz Vvveb
CVE-2025-11026 (A vulnerability was determined in givanz Vvveb up to 1.0.7.2.
Affected ...)
- TODO: check
+ NOT-FOR-US: givanz Vvveb
CVE-2025-11025 (Insertion of Sensitive Information Into Sent Data
vulnerability in Vim ...)
- TODO: check
+ NOT-FOR-US: Vimesoft Corporate Messaging Platform
CVE-2025-11021 (A flaw was found in the cookie date handling logic of the
libsoup HTTP ...)
TODO: check
CVE-2025-11019 (A vulnerability has been found in Total.js CMS up to 19.9.0.
This impa ...)
- TODO: check
+ NOT-FOR-US: Total.js CMS
CVE-2025-11018 (A flaw has been found in Four-Faith Water Conservancy
Informatization ...)
- TODO: check
+ NOT-FOR-US: Four-Faith Water Conservancy Informatization Platform
CVE-2025-11017 (A vulnerability was detected in OGRECave Ogre up to 14.4.1.
The impact ...)
TODO: check
CVE-2025-11016 (A security vulnerability has been detected in kalcaddle kodbox
up to 1 ...)
- TODO: check
+ NOT-FOR-US: kalcaddle kodbox
CVE-2025-11015 (A weakness has been identified in OGRECave Ogre up to 14.4.1.
Impacted ...)
TODO: check
CVE-2025-11014 (A security flaw has been discovered in OGRECave Ogre up to
14.4.1. Thi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/620cd7d1ca5e729a4521b1cb8bb8d9bc921e9e20
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/620cd7d1ca5e729a4521b1cb8bb8d9bc921e9e20
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
