[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 28 19:10:19 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02a54225 by Moritz Muehlenhoff at 2025-08-28T20:09:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,7 +80,7 @@ CVE-2025-58193 (Missing Authorization vulnerability in Uncanny Owl Uncanny Autom
 CVE-2025-58192 (Missing Authorization vulnerability in Xylus Themes WP Bulk Delete all ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-57821 (Basecamp's Google Sign-In adds Google sign-in to Rails applications. P ...)
-	TODO: check
+	NOT-FOR-US: Basecamp google_sign_in
 CVE-2025-56694 (Client-side password validation (CWE-602) in lumasoft fotoShare Cloud  ...)
 	NOT-FOR-US: lumasoft fotoShare Cloud
 CVE-2025-55618 (In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker ca ...)
@@ -99,7 +99,7 @@ CVE-2025-53105 (GLPI, which stands for Gestionnaire Libre de Parc Informatique,
 CVE-2025-52122 (Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an S ...)
 	NOT-FOR-US: Craft CMS plugin
 CVE-2025-51667 (An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The / ...)
-	TODO: check
+	NOT-FOR-US: simple-admin-core
 CVE-2025-50989 (OPNsense 25.1 contains an authenticated command injection vulnerabilit ...)
 	NOT-FOR-US: OPNsense
 CVE-2025-50986 (diskover-web v2.3.0 Community Edition suffers from multiple stored cro ...)
@@ -115,7 +115,7 @@ CVE-2025-50979 (NodeBB v4.3.0 is vulnerable to SQL injection in its search-categ
 CVE-2025-50978 (In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerabilit ...)
 	NOT-FOR-US: Gitblit
 CVE-2025-50977 (A template injection vulnerability leading to reflected cross-site scr ...)
-	TODO: check
+	NOT-FOR-US: Gitblit
 CVE-2025-50972 (SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticate ...)
 	NOT-FOR-US: AbanteCart
 CVE-2025-50428 (In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnera ...)
@@ -133,45 +133,45 @@ CVE-2025-43728 (Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protec
 CVE-2025-3601 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2025-34161 (Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-34159 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-34157 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2025-30064 (An insufficiently secured internal function allows session generation  ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30063 (The configuration file containing database logins and passwords is rea ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30061 (In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL i ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30060 (In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vu ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30059 (In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" functio ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30058 (In the PatientService.pl service, the "getPatientIdentifier" function  ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30057 (In UHCRTFDoc, the filename parameter can be exploited to execute arbit ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30056 (The RunCommand function accepts any parameter, which is then passed fo ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30055 (The "system" function receives untrusted input from the user. If the " ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30048 (The "serverConfig" endpoint, which returns the module configuration in ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30041 (The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/Clin ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30040 (The vulnerability allows unauthenticated users to download a file cont ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30039 (Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30038 (The vulnerability consists of a session ID leak when saving a file dow ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30037 (The system exposes several endpoints, typically including "/int/" in t ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-30036 (Stored XSS vulnerability exists in the "Oddzia\u0142" (Ward) module, i ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-2313 (In the Print.pl service, the "uhcPrintServerPrint" function allows exe ...)
-	TODO: check
+	NOT-FOR-US: CGM CLININET
 CVE-2025-2246 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
 	- gitlab <unfixed>
 CVE-2025-20348 (A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02a54225d14f01db87032bd85ab8b352d2d03b1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02a54225d14f01db87032bd85ab8b352d2d03b1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250828/1a602aa3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list