[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 28 21:25:18 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a2c7465 by Salvatore Bonaccorso at 2025-08-28T22:24:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
CVE-2025-9584 (A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this iss ...)
- TODO: check
+ NOT-FOR-US: Comfast CF-N1
CVE-2025-9583 (A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by thi ...)
- TODO: check
+ NOT-FOR-US: Comfast CF-N1
CVE-2025-9582 (A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ...)
- TODO: check
+ NOT-FOR-US: Comfast CF-N1
CVE-2025-9581 (A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the ...)
- TODO: check
+ NOT-FOR-US: Comfast CF-N1
CVE-2025-9580 (A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. Th ...)
- TODO: check
+ NOT-FOR-US: LB-LINK
CVE-2025-9579 (A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted e ...)
- TODO: check
+ NOT-FOR-US: LB-LINK
CVE-2025-9578 (Local privilege escalation due to insecure folder permissions. The fol ...)
NOT-FOR-US: Acronis
CVE-2025-9577 (A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. Th ...)
NOT-FOR-US: TOTOLINK
CVE-2025-9576 (A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Im ...)
- TODO: check
+ NOT-FOR-US: seeedstudio ReSpeaker
CVE-2025-9575 (A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE65 ...)
NOT-FOR-US: Linksys
CVE-2025-9376 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
@@ -29,7 +29,7 @@ CVE-2025-9345 (The File Manager, Code Editor, and Backup by Managefy plugin for
CVE-2025-9344 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9195 (Improper input validation in firmware of some Solidigm DC Products may ...)
- TODO: check
+ NOT-FOR-US: Solidigm
CVE-2025-8977 (The Simple Download Monitor plugin for WordPress is vulnerable to time ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8897 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...)
@@ -47,49 +47,49 @@ CVE-2025-7812 (The Video Share VOD \u2013 Turnkey Video Site Builder Script plug
CVE-2025-6255 (The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6203 (A malicious user may submit a specially-crafted complex payload that o ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2025-58335 (In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284. ...)
NOT-FOR-US: JetBrains
CVE-2025-58334 (In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users w ...)
NOT-FOR-US: JetBrains
CVE-2025-58322 (NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attac ...)
- TODO: check
+ NOT-FOR-US: NAVER MYBOX Explorer for Windows
CVE-2025-58127 (Improper Certificate Validation in Checkmk Exchange plugin Dell Powers ...)
- TODO: check
+ NOT-FOR-US: Checkmk Exchange plugin Dell Powerscale
CVE-2025-58126 (Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN ...)
- TODO: check
+ NOT-FOR-US: Checkmk Exchange plugin VMware vSAN
CVE-2025-58125 (Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 ...)
- TODO: check
+ NOT-FOR-US: Checkmk Exchange plugin Freebox
CVE-2025-58124 (Improper Certificate Validation in Checkmk Exchange plugin check-mk-ap ...)
- TODO: check
+ NOT-FOR-US: Checkmk Exchange plugin check-mk-api
CVE-2025-58123 (Improper Certificate Validation in Checkmk Exchange plugin BGP Monitor ...)
- TODO: check
+ NOT-FOR-US: Checkmk Exchange plugin BGP Monitoring
CVE-2025-58081 (Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 an ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2025-58072 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2025-58059 (Valtimo is a platform for Business Process Automation. In versions bef ...)
- TODO: check
+ NOT-FOR-US: Valtimo
CVE-2025-58049 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2025-58048 (Paymenter is a free and open-source webshop solution for hostings. Pri ...)
- TODO: check
+ NOT-FOR-US: Paymenter
CVE-2025-58047 (Volto is a React based frontend for the Plone Content Management Syste ...)
- TODO: check
+ NOT-FOR-US: Volto
CVE-2025-57845
REJECTED
CVE-2025-57819 (FreePBX is an open-source web-based graphical user interface. FreePBX ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2025-57767 (Asterisk is an open source private branch exchange and telephony toolk ...)
TODO: check
CVE-2025-57759 (Contao is an Open Source CMS. In versions starting from 5.3.0 and prio ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2025-57758 (Contao is an Open Source CMS. In versions starting from 5.0.0 and prio ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2025-57757 (Contao is an Open Source CMS. In versions starting from 5.0.0 and prio ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2025-57756 (Contao is an Open Source CMS. In versions starting from 4.9.14 and pri ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2025-57220 (An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmw ...)
NOT-FOR-US: Tenda
CVE-2025-57219 (Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4. ...)
@@ -101,17 +101,17 @@ CVE-2025-57217 (Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered
CVE-2025-57215 (Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stac ...)
NOT-FOR-US: Tenda
CVE-2025-56236 (FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerabil ...)
- TODO: check
+ NOT-FOR-US: FormCms
CVE-2025-55583 (D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an una ...)
NOT-FOR-US: D-Link
CVE-2025-55175 (QuickCMS is vulnerable to Reflected XSS via sLangEditparameter in admi ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54995 (Asterisk is an open source private branch exchange and telephony toolk ...)
TODO: check
CVE-2025-54819 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2025-54762 (SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allo ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2025-54742 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpEv ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-54738 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
@@ -135,19 +135,19 @@ CVE-2025-54714 (Missing Authorization vulnerability in Dylan James Zephyr Projec
CVE-2025-54710 (Missing Authorization vulnerability in bPlugins Tiktok Feed allows Acc ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-54544 (QuickCMS is vulnerable to Stored XSS viaaDirFilesDescriptionsparameter ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54543 (QuickCMS is vulnerable to Stored XSS viasDescriptionMetaparameter in p ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54542 (QuickCMS sends password and login via GET Request. This allows alocal ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54541 (QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54540 (QuickCMS is vulnerable to Reflected XSS viasSortparameter in admin's p ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54029 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53970 (SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allo ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2025-53588 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53584 (Deserialization of Untrusted Data vulnerability in emarket-design WP T ...)
@@ -163,7 +163,7 @@ CVE-2025-53576 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-53572 (Deserialization of Untrusted Data vulnerability in emarket-design WP E ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53396 (Incorrect permission assignment for critical resource issue exists in ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2025-53337 (Missing Authorization vulnerability in Ashan Perera LifePress allows E ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53334 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -203,21 +203,21 @@ CVE-2025-53215 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-52761 (Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52460 (Files or directories accessible to external parties issue exists in SS ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2025-52054 (An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wir ...)
NOT-FOR-US: Tenda
CVE-2025-51972 (A SQL Injection vulnerability exists in the login.php of PuneethReddyH ...)
- TODO: check
+ NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced
CVE-2025-51971 (A reflected Cross-Site Scripting (XSS) vulnerability exists in registe ...)
- TODO: check
+ NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced
CVE-2025-51969 (A SQL Injection vulnerability exists in the product.php page of Puneet ...)
- TODO: check
+ NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced
CVE-2025-51968 (A SQL Injection vulnerability exists in the action.php file of Puneeth ...)
- TODO: check
+ NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced
CVE-2025-51967 (A Reflected Cross-site Scripting (XSS) vulnerability exists in the the ...)
- TODO: check
+ NOT-FOR-US: ProjectsAndPrograms School Management System
CVE-2025-51643 (Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbon ...)
- TODO: check
+ NOT-FOR-US: Meitrack
CVE-2025-49407 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49405 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -323,7 +323,7 @@ CVE-2025-48109 (Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media
CVE-2025-48100 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46409 (Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and e ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2025-39496 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-36003 (IBM Security Verify Governance Identity Manager 10.0.2 could allow a r ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a2c74659b14dde89cf27a462f9f7fe408a7d87a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a2c74659b14dde89cf27a462f9f7fe408a7d87a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250828/1c2fdc43/attachment.htm>
More information about the debian-security-tracker-commits
mailing list