[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 11 20:14:06 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85b04681 by security tracker role at 2025-12-11T20:13:58+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-67742 (In JetBrains TeamCity before 2025.11 path traversal was possible via f ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-67741 (In JetBrains TeamCity before 2025.11 stored XSS was possible via sessi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-67740 (In JetBrains TeamCity before 2025.11 improper access control could exp ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-67739 (In JetBrains TeamCity before 2025.11.2 improper repository URL validat ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-66918 (edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scri ...)
TODO: check
CVE-2025-66048 (Several stack-based buffer overflow vulnerabilities exists in the MFER ...)
@@ -29,33 +29,33 @@ CVE-2025-65472 (A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php
CVE-2025-65471 (An arbitrary file upload vulnerability in the /admin/manager.php compo ...)
TODO: check
CVE-2025-64995 (A privilege escalation vulnerability was discovered in TeamViewer DEX ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64994 (A privilege escalation vulnerability was discovered in TeamViewer DEX ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64993 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64992 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64991 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64990 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64989 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64988 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64987 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64986 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-64701 (QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privileg ...)
TODO: check
CVE-2025-64669 (Improper access control in Windows Admin Center allows an authorized a ...)
TODO: check
CVE-2025-59803 (Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing v ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-59802 (Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing v ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-56130 (OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0( ...)
TODO: check
CVE-2025-56129 (OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing ...)
@@ -135,85 +135,85 @@ CVE-2025-56079 (OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G
CVE-2025-56077 (OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 al ...)
TODO: check
CVE-2025-55314 (An issue was discovered in Foxit PDF and Editor for Windows and macOS ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-55313 (An issue was discovered in Foxit PDF and Editor for Windows and macOS ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-55312 (An issue was discovered in Foxit PDF and Editor for Windows before 13. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-55311 (An issue was discovered in Foxit PDF and Editor for Windows and macOS ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-55310 (An issue was discovered in Foxit PDF and Editor for Windows and macOS ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-55309 (An issue was discovered in Foxit PDF and Editor for Windows and macOS ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-55308 (An issue was discovered in Foxit PDF and Editor for Windows before 13. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-55307 (An issue was discovered in Foxit PDF and Editor for Windows before 13. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-46266 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Content ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-44016 (A vulnerability in TeamViewer DEX Client (former 1E client) - Content ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-36938 (In U-Boot of append_uint32_le(), there is a possible fault injection d ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36937 (In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36936 (In GetTachyonCommand of tachyon_server_common.h, there is a possible o ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36935 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36934 (In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, t ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36932 (In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc. ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36931 (In GetHostAddress of gxp_buffer.h, there is a possible out of bounds w ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36930 (In GetHostAddress of gxp_buffer.h, there is a possible out of bounds w ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36929 (In AreFencesRegistered of gxp_fence_manager.cc, there is a possible in ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36928 (In GetHostAddress of gxp_buffer.h, there is a possible out of bounds w ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36927 (In GetTachyonCommand of tachyon_server_common.h, there is a possible o ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36925 (In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out o ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36924 (In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36923 (In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, the ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36922 (In bigo_map of bigo_iommu.c, there is a possible information disclosur ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36921 (In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36919 (In aocc_read of aoc_channel_dev.c, there is a possible double free due ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36918 (In aoc_service_read_message of aoc_ipc_core.c, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36917 (In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36916 (In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible do ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36912 (In cellular modem, there is a possible denial of service due to a logi ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-36889 (In onCreateTasks of CameraActivity.java, there is a possible permissio ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-14535 (A vulnerability was identified in UTT \u8fdb\u53d6 512W up to 3.1.7.7- ...)
TODO: check
CVE-2025-14534 (A vulnerability was determined in UTT \u8fdb\u53d6 512W up to 3.1.7.7- ...)
TODO: check
CVE-2025-14531 (A vulnerability was found in code-projects Rental Management System 2. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-14530 (A vulnerability has been found in SourceCodester Real Estate Property ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-14529 (A flaw has been found in Campcodes Retro Basketball Shoes Online Store ...)
TODO: check
CVE-2025-14528 (A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-14527 (A weakness has been identified in projectworlds Advanced Library Manag ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2025-14526 (A security flaw has been discovered in Tenda CH22 1.0.0.1. This affect ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-14523 (A flaw in libsoup\u2019s HTTP header handling allows multiple Host: he ...)
TODO: check
CVE-2025-14522 (A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c1 ...)
@@ -231,41 +231,41 @@ CVE-2025-14517 (A vulnerability was determined in Yalantis uCrop 2.2.11. This af
CVE-2025-14516 (A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this i ...)
TODO: check
CVE-2025-14515 (A vulnerability has been found in Campcodes Supplier Management System ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-14514 (A flaw has been found in Campcodes Supplier Management System 1.0. Aff ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-14281
REJECTED
CVE-2025-14265 (In versions of ScreenConnect\u2122 prior to 25.8, server-side validati ...)
TODO: check
CVE-2025-14046 (An improper neutralization of input vulnerability was identified in Gi ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2025-13912 (Multiple constant-time implementations in wolfSSL before version 5.8.4 ...)
TODO: check
CVE-2025-13780 (pgAdmin versions up to 9.10 are affected by a Remote Code Execution (R ...)
TODO: check
CVE-2025-13481 (IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticat ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13214 (IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injec ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13211 (IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticat ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13148 (IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authe ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13124 (Authorization Bypass Through User-Controlled Key vulnerability in Neti ...)
TODO: check
CVE-2025-13003 (Authorization Bypass Through User-Controlled Key vulnerability in Aksi ...)
TODO: check
CVE-2025-12687 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Content ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-12532
REJECTED
CVE-2024-8273 (Authentication Bypass by Spoofing vulnerability in HYPR Server allows ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2024-42197 (HCL Workload Scheduler stores user credentials in plain text which can ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-40593 (A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-XXXX [DOS (crash) via special crafted encrypted message]
- rust-sequoia-openpgp 2.1.0-1 (bug #1122582)
NOTE: Fixed by: https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5 (openpgp/v2.1.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85b0468187fa43aba2011b1bfc2c3966b8c661f3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85b0468187fa43aba2011b1bfc2c3966b8c661f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251211/51c9299c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list