[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 11 08:47:26 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
36f2aa63 by Salvatore Bonaccorso at 2025-12-11T09:46:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2025-8405 (GitLab has remediated a security issue in GitLab CE/EE affecting
CVE-2025-67738 (squid/cachemgr.cgi in Webmin before 2.600 does not properly quote argu ...)
- webmin <removed>
CVE-2025-67720 (Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3 ...)
- TODO: check
+ NOT-FOR-US: Pyrofork
CVE-2025-67719 (Ibexa is a composable end-to-end DXP (Digital Experience Platform). Ve ...)
- TODO: check
+ NOT-FOR-US: Ibexa
CVE-2025-67718 (Form.io is a combined Form and API platform for Serverless application ...)
- TODO: check
+ NOT-FOR-US: Form.io
CVE-2025-67717 (ZITADEL is an open-source identity infrastructure tool. Versions 2.44. ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2025-67716 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
NOT-FOR-US: Next.js
CVE-2025-67713 (Miniflux 2 is an open source feed reader. Versions 2.2.14 and below tr ...)
@@ -37,25 +37,25 @@ CVE-2025-67687
CVE-2025-67686
REJECTED
CVE-2025-67648 (Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2025-67646 (TableProgressTracking is a MediaWiki extension to track progress again ...)
TODO: check
CVE-2025-67644 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
- TODO: check
+ NOT-FOR-US: LangGraph SQLite Checkpoint
CVE-2025-67514
REJECTED
CVE-2025-67513 (FreePBX Endpoint Manager is a module for managing telephony endpoints ...)
- TODO: check
+ NOT-FOR-US: FreePBX Endpoint Manager
CVE-2025-67512
REJECTED
CVE-2025-67511 (Cybersecurity AI (CAI) is an open-source framework for building and de ...)
- TODO: check
+ NOT-FOR-US: Cybersecurity AI (CAI)
CVE-2025-67510 (Neuron is a PHP framework for creating and orchestrating AI Agents. In ...)
- TODO: check
+ NOT-FOR-US: Neuron AI
CVE-2025-67509 (Neuron is a PHP framework for creating and orchestrating AI Agents. Ve ...)
- TODO: check
+ NOT-FOR-US: Neuron AI
CVE-2025-67505 (Okta Java Management SDK facilitates interactions with the Okta manage ...)
- TODO: check
+ NOT-FOR-US: Okta Java Management SDK
CVE-2025-67490 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
NOT-FOR-US: Next.js
CVE-2025-67461 (External control of file name or path in Zoom Rooms for macOS before v ...)
@@ -71,55 +71,55 @@ CVE-2025-66473 (XWiki is an open-source wiki software platform. Versions 16.10.1
CVE-2025-66472 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2025-66033 (Okta Java Management SDK facilitates interactions with the Okta manage ...)
- TODO: check
+ NOT-FOR-US: Okta Java Management SDK
CVE-2025-65950 (WBCE CMS is a content management system. In versions 1.6.4 and below, ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2025-65832 (The mobile application insecurely handles information stored within me ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65831 (The application uses an insecure hashing algorithm (MD5) to hash passw ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65830 (Due to a lack of certificate validation, all traffic from the mobile a ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65829 (The ESP32 system on a chip (SoC) that powers the Meatmeet basestation ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65828 (An unauthenticated attacker within proximity of the Meatmeet device ca ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65827 (The mobile application is configured to allow clear text traffic to al ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65826 (The mobile application was found to contain stored credentials for the ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65825 (The firmware on the basestation of the Meatmeet is not encrypted. An a ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65824 (An unauthenticated attacker within proximity of the Meatmeet device ca ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65823 (The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credenti ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65822 (The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was foun ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65821 (As UART download mode is still enabled on the ESP32 chip on which the ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65820 (An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0 ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65512 (A Server-Side Request Forgery (SSRF) vulnerability was discovered in t ...)
- TODO: check
+ NOT-FOR-US: markdownify-mcp
CVE-2025-65297 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_002 ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65296 (NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, H ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65295 (Multiple vulnerabilities in Aqara Hub firmware update process in the C ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65294 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_002 ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65293 (Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 al ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65292 (Command injection vulnerability in Aqara Hub devices including Camera ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65291 (Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Came ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65290 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_002 ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-62181 (Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-4097 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2025-24857 (Improper access control for volatile memory containing boot code in Un ...)
@@ -127,7 +127,7 @@ CVE-2025-24857 (Improper access control for volatile memory containing boot code
CVE-2025-14512 (A flaw was found in glib. This vulnerability allows a heap buffer over ...)
TODO: check
CVE-2025-14485 (A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vuln ...)
- TODO: check
+ NOT-FOR-US: EFM ipTIME A3004T
CVE-2025-14157 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2025-13978 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -155,61 +155,61 @@ CVE-2025-11247 (GitLab has remediated an issue in GitLab EE affecting all versio
CVE-2025-10163 (The List category posts plugin for WordPress is vulnerable to time-bas ...)
NOT-FOR-US: WordPress plugin
CVE-2024-58285 (Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Chyrp
CVE-2024-58284 (PopojiCMS 2.0.1 contains an authenticated remote command execution vul ...)
- TODO: check
+ NOT-FOR-US: PopojiCMS
CVE-2024-58283 (WBCE CMS version 1.6.2 contains a remote code execution vulnerability ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2024-58282 (Serendipity 2.5.0 contains a remote code execution vulnerability that ...)
TODO: check
CVE-2024-58281 (Dotclear 2.29 contains a remote code execution vulnerability that allo ...)
TODO: check
CVE-2024-58280 (CMSimple 5.15 contains a remote command execution vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-58279 (appRain CMF 4.0.5 contains an authenticated remote code execution vuln ...)
- TODO: check
+ NOT-FOR-US: appRain CMF
CVE-2023-53776 (Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB
CVE-2023-53775 (Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB
CVE-2023-53741 (Screen SFT DAB 1.9.3 contains a weak session management vulnerability ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB
CVE-2023-53740 (Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB
CVE-2020-36902 (UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypa ...)
- TODO: check
+ NOT-FOR-US: UBICOD Medivision Digital Signage
CVE-2020-36901 (UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request ...)
- TODO: check
+ NOT-FOR-US: UBICOD Medivision Digital Signage
CVE-2020-36900 (All-Dynamics Digital Signage System 2.0.2 contains a cross-site reques ...)
- TODO: check
+ NOT-FOR-US: All-Dynamics Digital Signage System
CVE-2020-36899 (QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated fil ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36898 (QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated fil ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36897 (QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated rem ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36896 (QiHang Media Web Digital Signage 3.0.9 contains a cleartext credential ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36895 (EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated ...)
- TODO: check
+ NOT-FOR-US: EIBIZ i-Media Server Digital Signage
CVE-2020-36894 (Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication ...)
- TODO: check
+ NOT-FOR-US: Eibiz i-Media Server Digital Signage
CVE-2020-36893 (Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traver ...)
- TODO: check
+ NOT-FOR-US: Eibiz i-Media Server Digital Signage
CVE-2020-36892 (Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Eibiz i-Media Server Digital Signage
CVE-2020-36888 (SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration ...)
- TODO: check
+ NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2020-36887 (SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated info ...)
- TODO: check
+ NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2020-36886 (SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request fo ...)
- TODO: check
+ NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2020-36885 (Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vul ...)
- TODO: check
+ NOT-FOR-US: Sony IPELA Network Camera
CVE-2020-36884 (BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less conta ...)
- TODO: check
+ NOT-FOR-US: BrightSign Digital Signage Diagnostic Web Server
CVE-2020-36883 (SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authentica ...)
- TODO: check
+ NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2025-14083
- keycloak <itp> (bug #1088287)
CVE-2025-13327
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f2aa634f9bec4ae4c83d775a96a04a629cf8a2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f2aa634f9bec4ae4c83d775a96a04a629cf8a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251211/ffaa917d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list