[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 2 21:48:44 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
133c616e by Salvatore Bonaccorso at 2025-12-02T22:48:17+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -149,9 +149,9 @@ CVE-2025-13871 (Cross-Site Request Forgery (CSRF) in the resource-management fea
CVE-2025-13870 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to vali ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-13828 (SummaryA non privileged user can install and remove arbitrary packages ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2025-13827 (Summary Arbitrary files can be uploaded via the GrapesJS Builder, as t ...)
- TODO: check
+ NOT-FOR-US: GrapesJS Builder
CVE-2025-13731 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13724 (The VikRentCar Car Rental Management System plugin for WordPress is vu ...)
@@ -161,7 +161,7 @@ CVE-2025-13721 (Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a rem
CVE-2025-13720 (Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a r ...)
TODO: check
CVE-2025-13658 (A vulnerability in Longwatch devices allows unauthenticated HTTP GET r ...)
- TODO: check
+ NOT-FOR-US: Industrial Video & Control
CVE-2025-13640 (Inappropriate implementation in Passwords in Google Chrome prior to 14 ...)
TODO: check
CVE-2025-13639 (Inappropriate implementation in WebRTC in Google Chrome prior to 143.0 ...)
@@ -191,45 +191,45 @@ CVE-2025-13534 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin f
CVE-2025-13516 (The SureMail \u2013 SMTP and Email Logs Plugin for WordPress is vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13510 (The Iskra iHUB and iHUB Lite smart metering gateway exposes its web ma ...)
- TODO: check
+ NOT-FOR-US: Iskra iHUB and iHUB Lite smart metering gateway
CVE-2025-13505 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Datactive
CVE-2025-13353 (In gokey versions <0.2.0, a flaw in the seed decryption logic resulte ...)
TODO: check
CVE-2025-13295 (Insertion of Sensitive Information Into Sent Data vulnerability in Arg ...)
- TODO: check
+ NOT-FOR-US: BILGER
CVE-2025-13090 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12630 (The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrar ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12465 (A Blind SQL injection vulnerability has been identified in QuickCMS. I ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-11789 (Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9. ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11788 (Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-P ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11787 (Command injection vulnerability in the operating system in Circutor SG ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11786 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11785 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11784 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11783 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11782 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11781 (Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11780 (Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11779 (Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-P ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11778 (Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5 ...)
- TODO: check
+ NOT-FOR-US: Eclipse Paho Go MQTT
CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...)
- python-django <unfixed> (bug #1121788)
NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
@@ -337,7 +337,7 @@ CVE-2025-58044 (JumpServer is an open source bastion host and an operation and m
CVE-2025-55749 (XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.1 ...)
NOT-FOR-US: XWiki
CVE-2025-55129 (HackerOne community member Kassem S.(kassem_s94) has reported that use ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2025-21080 (Improper export of android application components in Dynamic Lockscree ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-21072 (Out-of-bounds write in decoding metadata in fingerprint trustlet prior ...)
@@ -427,7 +427,7 @@ CVE-2025-12483 (The Visualizer: Tables and Charts Manager for WordPress plugin f
CVE-2025-11726 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10971 (Insecure Storage of Sensitive Information vulnerability in MeetMe on i ...)
- TODO: check
+ NOT-FOR-US: MeetMe
CVE-2024-51999
REJECTED
TODO: check
@@ -509,17 +509,17 @@ CVE-2025-58408 (Software installed and run as a non-privileged user may conduct
CVE-2025-57489 (Incorrect access control in the SDAgent component of Shirt Pocket Supe ...)
NOT-FOR-US: Shirt Pocket's SuperDuper!
CVE-2025-55222 (A denial of service vulnerability exists in the Modbus TCP and Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-55221 (A denial of service vulnerability exists in the Modbus TCP and Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-54851 (A denial of service vulnerability exists in the Modbus TCP and Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-54850 (A denial of service vulnerability exists in the Modbus TCP and Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-54849 (A denial of service vulnerability exists in the Modbus TCP and Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-54848 (A denial of service vulnerability exists in the Modbus TCP and Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-51683 (A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows ...)
NOT-FOR-US: mJobtime
CVE-2025-51682 (mJobtime 15.7.2 handles authorization on the client side, which allows ...)
@@ -545,11 +545,11 @@ CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor vulner
CVE-2025-27232 (An authenticated Zabbix Super Admin can exploit the oauth.authorize ac ...)
TODO: check
CVE-2025-26858 (A buffer overflow vulnerability exists in the Modbus TCP functionality ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-23417 (A denial of service vulnerability exists in the Modbus RTU over TCP fu ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-20085 (A denial of service vulnerability exists in the Modbus RTU over TCP fu ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-13837 (When loading a plist file, the plistlib module reads data in size spec ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
@@ -598,7 +598,7 @@ CVE-2024-56089 (An issue in Technitium through v13.2.2 enables attackers to cond
CVE-2024-53684 (A cross-site request forgery (csrf) vulnerability exists in the WEBVIE ...)
NOT-FOR-US: Socomec DIRIS Digiware M-70
CVE-2024-49572 (A denial of service vulnerability exists in the Modbus TCP functionali ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2024-48894 (A cleartext transmission vulnerability exists in the WEBVIEW-M functio ...)
NOT-FOR-US: Socomec DIRIS Digiware M-70
CVE-2024-48882 (A denial of service vulnerability exists in the Modbus TCP functionali ...)
@@ -606,11 +606,11 @@ CVE-2024-48882 (A denial of service vulnerability exists in the Modbus TCP funct
CVE-2024-45370 (An authentication bypass vulnerability exists in the User profile mana ...)
NOT-FOR-US: Socomec Easy Config System
CVE-2024-39148 (The service wmp-agent of KerOS prior 5.12 does not properly validate s ...)
- TODO: check
+ NOT-FOR-US: service wmp-agent of KerOS
CVE-2024-32388 (Due to a firewall misconfiguration, Kerlink devices running KerOS prio ...)
- TODO: check
+ NOT-FOR-US: KerOS
CVE-2024-32384 (Kerlink gateways running KerOS prior to version 5.10 expose their web ...)
- TODO: check
+ NOT-FOR-US: KerOS
CVE-2025-64772 (The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue wit ...)
NOT-FOR-US: INZONE Hub
CVE-2025-61619 (In nr modem, there is a possible system crash due to improper input va ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133c616e9462b823c9e07428eff8e0ec7c5ee797
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133c616e9462b823c9e07428eff8e0ec7c5ee797
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/84e505c4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list