[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 12 20:39:00 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
040a7540 by Salvatore Bonaccorso at 2025-12-12T21:38:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2025-8083 (The Preset configuration https://v2.vuetifyjs.com/en/features/presets ...)
- TODO: check
+ NOT-FOR-US: Vuetify
CVE-2025-8082 (Improper neutralization of the title date in the 'VDatePicker' compone ...)
- TODO: check
+ NOT-FOR-US: Vuetify
CVE-2025-67819 (An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack o ...)
- TODO: check
+ NOT-FOR-US: weaviate
CVE-2025-67818 (An issue was discovered in Weaviate OSS before 1.33.4. An attacker wit ...)
- TODO: check
+ NOT-FOR-US: weaviate
CVE-2025-67734 (Frappe Learning Management System (LMS) is a learning system that help ...)
- TODO: check
+ NOT-FOR-US: Frappe Learning Management System (LMS)
CVE-2025-67344 (jshERP v3.5 and earlier is affected by a stored Cross Site Scripting ( ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2025-67342 (RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerabi ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2025-67341 (jshERP versions 3.5 and earlier are affected by a stored XSS vulnerabi ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2025-66430 (Plesk 18.0 has Incorrect Access Control.)
- TODO: check
+ NOT-FOR-US: Plesk
CVE-2025-65854 (Insecure permissions in the scheduled tasks feature of MineAdmin v3.x ...)
- TODO: check
+ NOT-FOR-US: MineAdmin
CVE-2025-65530 (An eval injection in the malware de-obfuscation routines of CloudLinux ...)
- TODO: check
+ NOT-FOR-US: CloudLinux ai-bolit
CVE-2025-64011 (Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Ref ...)
- nextcloud-server <itp> (bug #941708)
CVE-2025-58770 (APTIOV contains a vulnerability in BIOS where a user may cause \u201cI ...)
@@ -37,15 +37,15 @@ CVE-2025-53960 (When encrypting sensitive data, weak encryption keys that are fi
CVE-2025-40829 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
CVE-2025-36755 (The CleverDisplay BlueOne hardware player is designed with its USB int ...)
- TODO: check
+ NOT-FOR-US: CleverDisplay BlueOne hardware player
CVE-2025-36746 (SolarEdge monitoring platform contains a Cross\u2011Site Scripting (XS ...)
- TODO: check
+ NOT-FOR-US: SolarEdge monitoring platform
CVE-2025-36745 (SolarEdge SE3680H ships with an outdated Linux kernel containing unpat ...)
- TODO: check
+ NOT-FOR-US: SolarEdge SE3680H
CVE-2025-36744 (SolarEdge SE3680H has unauthenticated disclosure of sensitive informat ...)
- TODO: check
+ NOT-FOR-US: SolarEdge SE3680H
CVE-2025-36743 (SolarEdge SE3680H has an exposed debug/test interface accessible to un ...)
- TODO: check
+ NOT-FOR-US: SolarEdge SE3680H
CVE-2025-26866 (A remote code execution vulnerability exists where a malicious Raft no ...)
TODO: check
CVE-2025-23408 (Weak Password Requirements vulnerability in Apache Fineract. This iss ...)
@@ -53,7 +53,7 @@ CVE-2025-23408 (Weak Password Requirements vulnerability in Apache Fineract. Th
CVE-2025-14578 (A weakness has been identified in itsourcecode Student Management Syst ...)
NOT-FOR-US: itsourcecode System
CVE-2025-14572 (A vulnerability was found in UTT \u8fdb\u53d6 512W up to 1.7.7-171114. ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2025-14571 (A vulnerability has been found in projectworlds Advanced Library Manag ...)
NOT-FOR-US: Project Worlds
CVE-2025-14570 (A flaw has been found in projectworlds Advanced Library Management Sys ...)
@@ -61,13 +61,13 @@ CVE-2025-14570 (A flaw has been found in projectworlds Advanced Library Manageme
CVE-2025-14569 (A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affe ...)
TODO: check
CVE-2025-14568 (A security vulnerability has been detected in haxxorsid Stock-Manageme ...)
- TODO: check
+ NOT-FOR-US: haxxorsid Stock-Management-System
CVE-2025-14567 (A weakness has been identified in haxxorsid Stock-Management-System up ...)
- TODO: check
+ NOT-FOR-US: haxxorsid Stock-Management-System
CVE-2025-14566 (A security flaw has been discovered in kidaze CourseSelectionSystem up ...)
- TODO: check
+ NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2025-14565 (A vulnerability was identified in kidaze CourseSelectionSystem up to 4 ...)
- TODO: check
+ NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2025-14442 (The Secure Copy Content Protection and Content Locking plugin for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14174 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to ...)
@@ -83,9 +83,9 @@ CVE-2025-14030 (The AI Feeds plugin for WordPress is vulnerable to Stored Cross-
CVE-2025-13993 (The MailerLite \u2013 Signup forms (official) plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13733 (BuhoNTFS contains an insecure XPC service that allows local, unprivile ...)
- TODO: check
+ NOT-FOR-US: BuhoNTFS
CVE-2025-13506 (Execution with Unnecessary Privileges vulnerability in Nebim Neyir Com ...)
- TODO: check
+ NOT-FOR-US: Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP
CVE-2025-12965 (The Magical Posts Display plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12960 (The Simple CSV Table plugin for WordPress is vulnerable to Directory T ...)
@@ -103,15 +103,15 @@ CVE-2025-12407 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more!
CVE-2025-12348 (The Icegram Express - Email Subscribers, Newsletters and Marketing Aut ...)
NOT-FOR-US: WordPress plugin
CVE-2024-58314 (Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticate ...)
- TODO: check
+ NOT-FOR-US: Atcom 100M IP Phones firmware
CVE-2024-58311 (Dormakaba Saflok System 6000 contains a predictable key generation alg ...)
- TODO: check
+ NOT-FOR-US: Dormakaba Saflok System 6000
CVE-2024-58305 (WonderCMS 4.3.2 contains a cross-site scripting vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: WonderCMS
CVE-2024-58299 (PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the ' ...)
NOT-FOR-US: PCMan FTP Server
CVE-2024-14010 (Typora 1.7.4 contains a command injection vulnerability in the PDF exp ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2025-40345 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.17.11-1
[bullseye] - linux 5.10.247-1
@@ -417,7 +417,7 @@ CVE-2024-58313 (xbtitFM 4.1.18 contains an insecure file upload vulnerability th
CVE-2024-58312 (xbtitFM 4.1.18 contains a path traversal vulnerability that allows una ...)
NOT-FOR-US: xbtitFM
CVE-2024-58310 (APC Network Management Card 4 contains a path traversal vulnerability ...)
- TODO: check
+ NOT-FOR-US: APC Network Management Card
CVE-2024-58309 (xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability ...)
NOT-FOR-US: xbtitFM
CVE-2024-58308 (Quick.CMS 6.7 contains a SQL injection vulnerability that allows unaut ...)
@@ -258265,7 +258265,7 @@ CVE-2023-29146
CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure w ...)
NOT-FOR-US: Malwarebytes EDR
CVE-2023-29144 (Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in s ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes
CVE-2023-29143
RESERVED
CVE-2023-29142
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040a75405183df18391d749d7399ebc0af4f3c8c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040a75405183df18391d749d7399ebc0af4f3c8c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251212/1657d3b2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list