[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 20 21:38:50 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2c2ed55 by Salvatore Bonaccorso at 2025-08-20T22:38:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,9 +57,9 @@ CVE-2025-6181 (The StrongDM Windows service incorrectly handled input validation
CVE-2025-6180 (The StrongDM Client insufficiently protected a pre-authentication toke ...)
NOT-FOR-US: StrongDM Client
CVE-2025-5261 (Authorization Bypass Through User-Controlled Key vulnerability in Pik ...)
- TODO: check
+ NOT-FOR-US: Pik Online Yazilim Cozumleri
CVE-2025-5260 (Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yaz\u01 ...)
- TODO: check
+ NOT-FOR-US: Pik Online Yazilim Cozumleri
CVE-2025-5115 (In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, ...)
TODO: check
CVE-2025-57734 (In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in ...)
@@ -79,13 +79,13 @@ CVE-2025-57728 (In JetBrains IntelliJ IDEA before 2025.2 improper access control
CVE-2025-57727 (In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was po ...)
- intellij-idea <itp> (bug #747616)
CVE-2025-55751 (OnboardLite is the result of the Influx Initiative, our vision for an ...)
- TODO: check
+ NOT-FOR-US: OnboardLite
CVE-2025-55746 (Directus is a real-time API and App dashboard for managing SQL databas ...)
NOT-FOR-US: Directus
CVE-2025-55732 (Frappe is a full-stack web application framework. Prior to 15.74.2 and ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2025-55731 (Frappe is a full-stack web application framework. A carefully crafted ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2025-55503 (Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via th ...)
NOT-FOR-US: Tenda
CVE-2025-55499 (Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overfl ...)
@@ -97,7 +97,7 @@ CVE-2025-55483 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in
CVE-2025-55482 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the f ...)
NOT-FOR-US: Tenda
CVE-2025-55444 (A SQL injection vulnerability exists in the id2 parameter of the cance ...)
- TODO: check
+ NOT-FOR-US: Online Artwork and Fine Arts MCA Project
CVE-2025-54927 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
NOT-FOR-US: Schneider Electric
CVE-2025-54926 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
@@ -111,23 +111,23 @@ CVE-2025-54923 (CWE-502: Deserialization of Untrusted Data vulnerability exists
CVE-2025-54175 (QuickCMS.EXT is vulnerable to Reflected XSS in sFileNameparameter in t ...)
TODO: check
CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in article creati ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54172 (QuickCMS is vulnerable to Stored XSS in sTitleparameter in page editor ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-51991 (XWiki through version 17.3.0 is vulnerable to Server-Side Template Inj ...)
NOT-FOR-US: XWiki
CVE-2025-51990 (XWiki through version 17.3.0 is affected by multiple stored Cross-Site ...)
NOT-FOR-US: XWiki
CVE-2025-50904 (There is an authentication bypass vulnerability in WinterChenS my-site ...)
- TODO: check
+ NOT-FOR-US: WinterChenS my-site
CVE-2025-50902 (Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Sho ...)
- TODO: check
+ NOT-FOR-US: old-peanut Open-Shop
CVE-2025-50901 (JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains ...)
TODO: check
CVE-2025-50864 (An Origin Validation Error in the elysia-cors library thru 1.3.0 allow ...)
TODO: check
CVE-2025-50503 (A vulnerability in the password reset workflow of the Touch Lebanon Mo ...)
- TODO: check
+ NOT-FOR-US: Touch Lebanon Mobile App
CVE-2025-47054 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
NOT-FOR-US: Adobe
CVE-2025-46998 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
@@ -167,7 +167,7 @@ CVE-2025-31355 (A firmware update vulnerability exists in the Firmware Signature
CVE-2025-30256 (A denial of service vulnerability exists in the HTTP Header Parsing fu ...)
NOT-FOR-US: Tenda
CVE-2025-28041 (Incorrect access control in the doFilter function of itranswarp up to ...)
- TODO: check
+ NOT-FOR-US: itranswarp
CVE-2025-27129 (An authentication bypass vulnerability exists in the HTTP authenticati ...)
NOT-FOR-US: Tenda
CVE-2025-24496 (An information disclosure vulnerability exists in the /goform/getprodu ...)
@@ -175,9 +175,9 @@ CVE-2025-24496 (An information disclosure vulnerability exists in the /goform/ge
CVE-2025-24322 (An unsafe default authentication vulnerability exists in the Initial S ...)
NOT-FOR-US: Tenda
CVE-2025-20345 (A vulnerability in the debug logging function of Cisco Duo Authenticat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20269 (A vulnerability in the web-based management interface of Cisco Evolved ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20131 (A vulnerability in the GUI of Cisco Identity Services Engine (ISE) cou ...)
NOT-FOR-US: Cisco
CVE-2025-1142 (IBM Edge Application Manager 4.5 is vulnerable to server-side request ...)
@@ -185,57 +185,57 @@ CVE-2025-1142 (IBM Edge Application Manager 4.5 is vulnerable to server-side req
CVE-2025-1139 (IBM Edge Application Manager 4.5 could allow a local user to read or m ...)
NOT-FOR-US: IBM
CVE-2024-57491 (Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allow ...)
- TODO: check
+ NOT-FOR-US: jobx
CVE-2024-57157 (Incorrect access control in Jantent v1.1 allows attackers to bypass au ...)
- TODO: check
+ NOT-FOR-US: Jantent
CVE-2024-57154 (Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers ...)
- TODO: check
+ NOT-FOR-US: dts-shop
CVE-2024-57152 (Incorrect access control in the preHandle function of my-site v1.0.2 a ...)
- TODO: check
+ NOT-FOR-US: my-site
CVE-2024-53495 (Incorrect access control in the preHandle function of my-site v1.0.2.R ...)
- TODO: check
+ NOT-FOR-US: my-site
CVE-2024-50640 (jeewx-boot 1.3 has an authentication bypass vulnerability in the preHa ...)
TODO: check
CVE-2012-10061 (Sockso Music Host Server versions <= 1.5 are vulnerable to a path trav ...)
- TODO: check
+ NOT-FOR-US: Sockso Music Host Server
CVE-2011-10030 (Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, creat ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2011-10029 (Solar FTP Server fails to properly handle format strings passed to the ...)
- TODO: check
+ NOT-FOR-US: Solar FTP Server
CVE-2011-10028 (The RealNetworks RealArcade platform includes an ActiveX control (Inst ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealArcade platform
CVE-2011-10027 (AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\r ...)
- TODO: check
+ NOT-FOR-US: AOL Desktop
CVE-2011-10026 (Spreecommerce versions prior to 0.50.x contain a remote command execut ...)
- TODO: check
+ NOT-FOR-US: Spreecommerce
CVE-2011-10025 (Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in i ...)
- TODO: check
+ NOT-FOR-US: Subtitle Processor
CVE-2011-10024 (MJM Core Player (likely now referred to as MJM Player) 2011 is vulnera ...)
- TODO: check
+ NOT-FOR-US: MJM Core Player
CVE-2011-10023 (MJM QuickPlayer (likely now referred to as MJM Player) version 2010 co ...)
- TODO: check
+ NOT-FOR-US: MJM QuickPlayer
CVE-2011-10022 (SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer ...)
TODO: check
CVE-2011-10021 (Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow du ...)
- TODO: check
+ NOT-FOR-US: Magix Musik Maker
CVE-2011-10020 (Kaillera Server version 0.86 is vulnerable to a denial-of-service cond ...)
- TODO: check
+ NOT-FOR-US: Kaillera Server
CVE-2010-20103 (A malicious backdoor was embedded in the official ProFTPD 1.3.3c sourc ...)
TODO: check
CVE-2010-20059 (FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated comma ...)
- TODO: check
+ NOT-FOR-US: FreeNAS
CVE-2010-20049 (LeapFTP <3.1.x contains a stack-based buffer overflow vulnerability in ...)
- TODO: check
+ NOT-FOR-US: LeapFTP
CVE-2010-20045 (FileWrangler <= 5.30 suffers from a stack-based buffer overflow vulner ...)
- TODO: check
+ NOT-FOR-US: FileWrangler
CVE-2010-20042 (Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicod ...)
- TODO: check
+ NOT-FOR-US: Xion Audio Player
CVE-2010-20010 (Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the / ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2010-10014 (Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow ...)
- TODO: check
+ NOT-FOR-US: Odin Secure FTP
CVE-2009-10005 (ContentKeeper Web Appliance (now maintained by Impero Software) versio ...)
- TODO: check
+ NOT-FOR-US: ContentKeeper Web Appliance
CVE-2025-9225 (Stored cross-site scripting (XSS) in the web interface of MiR software ...)
NOT-FOR-US: MiR software
CVE-2025-9202 (The ColorMag theme for WordPress is vulnerable to unauthorized modific ...)
@@ -408,29 +408,29 @@ CVE-2025-53299 (Deserialization of Untrusted Data vulnerability in ThemeMakers T
CVE-2025-53226 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53213 (Unrestricted Upload of File with Dangerous Type vulnerability in ELEXt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53212 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53210 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53208 (Authorization Bypass Through User-Controlled Key vulnerability in paym ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53207 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53205 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53204 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53201 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53198 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53196 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53194 (Improper Neutralization of Special Elements Used in a Template Engine ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49896 (Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49894 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -498,55 +498,55 @@ CVE-2025-49381 (Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru
CVE-2025-48302 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48298 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48296 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48171 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48169 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48168 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48165 (Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO al ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48164 (Incorrect Privilege Assignment vulnerability in Brainstorm Force SureD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48160 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48158 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48157 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48152 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48151 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48149 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48148 (Unrestricted Upload of File with Dangerous Type vulnerability in Store ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48142 (Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47650 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30975 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28977 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-12223 (Prism Central versions prior to 2024.3.1 are vulnerable to a stored cr ...)
- TODO: check
+ NOT-FOR-US: Prism Central
CVE-2025-9162
- keycloak <itp> (bug #1088287)
CVE-2025-55033 (Dragging JavaScript links to the URL bar in Focus for iOS could be uti ...)
@@ -737,7 +737,7 @@ CVE-2025-50891 (Adform Site Tracking 1.1 allows attackers to inject HTML or exec
CVE-2025-50579 (A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthor ...)
NOT-FOR-US: Nginx Proxy Manager
CVE-2025-50567 (Saurus CMS Community Edition 4.7.1 contains a vulnerability in the cus ...)
- TODO: check
+ NOT-FOR-US: Saurus CMS
CVE-2025-50461 (A deserialization vulnerability exists in Volcengine's verl 3.0.0, spe ...)
NOT-FOR-US: Volcengine verl
CVE-2025-50434 (A security issue has been identified in Appian Enterprise Business Pro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c2ed556e981936633ff63c347c6a9897f60da7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c2ed556e981936633ff63c347c6a9897f60da7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250820/23d70ccd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list