[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 16 22:02:31 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d14f3ac7 by Salvatore Bonaccorso at 2025-12-16T23:02:09+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -200,7 +200,7 @@ CVE-2025-68281 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.17.12-1
NOTE: https://git.kernel.org/linus/eb2d6774cc0d9d6ab8f924825695a85c14b2e0c2 (6.18-rc6)
CVE-2025-68270 (The Open edX Platform is a learning management platform. Prior to comm ...)
- TODO: check
+ NOT-FOR-US: Open edX Platform
CVE-2025-68269 (In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed ...)
TODO: check
CVE-2025-68268 (In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on t ...)
@@ -646,11 +646,11 @@ CVE-2025-68162 (In JetBrains TeamCity before 2025.11 maven embedder allowed load
CVE-2025-68156 (Expr is an expression language and expression evaluation for Go. Prior ...)
TODO: check
CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC) support for V ...)
- TODO: check
+ NOT-FOR-US: React Server Components (RSC) support plugin for Vite
CVE-2025-68154 (systeminformation is a System and OS information library for node.js. ...)
TODO: check
CVE-2025-68150 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2025-68146 (filelock is a platform-independent file lock for Python. In versions p ...)
TODO: check
CVE-2025-68142 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...)
@@ -658,11 +658,11 @@ CVE-2025-68142 (PyMdown Extensions is a set of extensions for the `Python-Markdo
CVE-2025-68130 (tRPC allows users to build and consume fully typesafe APIs without sch ...)
NOT-FOR-US: Next.js
CVE-2025-68116 (FileRise is a self-hosted web file manager / WebDAV server. Versions p ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2025-68115 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2025-68113 (ALTCHA is privacy-first software for captcha and bot protection. A cry ...)
- TODO: check
+ NOT-FOR-US: ALTCHA
CVE-2025-68088 (Missing Authorization vulnerability in merkulove Huger for Elementor h ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-68087 (Missing Authorization vulnerability in merkulove Modalier for Elemento ...)
@@ -738,37 +738,37 @@ CVE-2025-67929 (Missing Authorization vulnerability in templateinvaders TI WooCo
CVE-2025-67912 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67874 (ChurchCRM is an open-source church management system. Prior to version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-67751 (ChurchCRM is an open-source church management system. Prior to version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-67748 (Fickling is a Python pickling decompiler and static analyzer. Versions ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2025-67747 (Fickling is a Python pickling decompiler and static analyzer. Versions ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2025-67744 (DeepChat is an open-source artificial intelligence agent platform that ...)
- TODO: check
+ NOT-FOR-US: DeepChat
CVE-2025-67736 (The FreePBX module tts (Text to Speech) for FreePBX, an open-source we ...)
- TODO: check
+ NOT-FOR-US: FreePBX module tts (Text to Speech) for FreePBX
CVE-2025-67735 (Netty is an asynchronous, event-driven network application framework. ...)
TODO: check
CVE-2025-67722 (FreePBX is an open-source web-based graphical user interface (GUI) tha ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2025-67715 (Weblate is a web based localization tool. In versions prior to 5.15, i ...)
TODO: check
CVE-2025-67492 (Weblate is a web based localization tool. In versions prior to 5.15, i ...)
TODO: check
CVE-2025-66635 (Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Co ...)
- TODO: check
+ NOT-FOR-US: SEIKO EPSON Web Config
CVE-2025-66482 (Misskey is an open source, federated social media platform. Attackers ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2025-66449 (ConvertXis a self-hosted online file converter. In versions prior to 0 ...)
- TODO: check
+ NOT-FOR-US: ConvertXis
CVE-2025-66407 (Weblate is a web based localization tool. The Create Component functio ...)
TODO: check
CVE-2025-66402 (Misskey is an open source, federated social media platform. Starting i ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2025-66357 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper che ...)
- TODO: check
+ NOT-FOR-US: CHOCO TEI WATCHER mini (IB-MCT001)
CVE-2025-66167 (Missing Authorization vulnerability in merkulove Lottier lottier-guten ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-66166 (Missing Authorization vulnerability in merkulove Lottier for Elementor ...)
@@ -814,31 +814,31 @@ CVE-2025-66121 (Missing Authorization vulnerability in SiteGround SiteGround Sec
CVE-2025-66120 (Missing Authorization vulnerability in CatFolders CatFolders catfolder ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-65834 (Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory ...)
- TODO: check
+ NOT-FOR-US: Meltytech Shotcut
CVE-2025-65593 (nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65592 (nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65591 (nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65590 (nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65589 (nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65581 (An open redirect vulnerability exists in the Account module in Volosof ...)
- TODO: check
+ NOT-FOR-US: Volosoft ABP Framework
CVE-2025-65427 (An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi ...)
- TODO: check
+ NOT-FOR-US: Dbit
CVE-2025-65319 (When using the attachment interaction functionality, Blue Mail 1.140.1 ...)
- TODO: check
+ NOT-FOR-US: Blue Mail
CVE-2025-65318 (When using the attachment interaction functionality, Canary Mail 5.1.4 ...)
- TODO: check
+ NOT-FOR-US: Canary Mail
CVE-2025-65076 (WaveView client allows users to execute restricted set of predefined c ...)
- TODO: check
+ NOT-FOR-US: WaveView client
CVE-2025-65075 (WaveView client allows users to execute restricted set of predefined c ...)
- TODO: check
+ NOT-FOR-US: WaveView client
CVE-2025-65074 (WaveView client allows users to execute restricted set of predefined c ...)
- TODO: check
+ NOT-FOR-US: WaveView client
CVE-2025-64725 (Weblate is a web based localization tool. In versions prior to 5.15, i ...)
TODO: check
CVE-2025-64639 (Missing Authorization vulnerability in WP Compress WP Compress for Mai ...)
@@ -890,9 +890,9 @@ CVE-2025-64238 (Missing Authorization vulnerability in NicolasKulka WPS Bidouill
CVE-2025-64237 (Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Intere ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-64012 (InvoicePlane commit debb446c is vulnerable to Incorrect Access Control ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2025-63414 (A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06 ...)
- TODO: check
+ NOT-FOR-US: Allsky WebUI
CVE-2025-62864 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices b ...)
TODO: check
CVE-2025-62863 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices b ...)
@@ -910,7 +910,7 @@ CVE-2025-62330 (HCL DevOps Deploy is susceptible to a cleartext transmission of
CVE-2025-62329 (HCL DevOps Deploy / HCL Launch is susceptible to a race condition in h ...)
NOT-FOR-US: HCL
CVE-2025-61976 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper che ...)
- TODO: check
+ NOT-FOR-US: CHOCO TEI WATCHER mini (IB-MCT001)
CVE-2025-59947 (NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to ...)
TODO: check
CVE-2025-59935 (GLPI is a free asset and IT management software package. Starting in v ...)
@@ -13680,7 +13680,7 @@ CVE-2025-64343 ((conda) Constructor is a tool that enables users to create insta
CVE-2025-64339 (ClipBucket v5 is an open source video sharing platform. In versions 5. ...)
NOT-FOR-US: ClipBucket
CVE-2025-64338 (ClipBucket v5 is an open source video sharing platform. In versions 5. ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-64336 (ClipBucket v5 is an open source video sharing platform. In versions 5. ...)
NOT-FOR-US: ClipBucket
CVE-2025-64329 (containerd is an open-source container runtime. Versions 1.7.28 and be ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14f3ac72251685cebaa2cc5fe2a14f772a8b4e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14f3ac72251685cebaa2cc5fe2a14f772a8b4e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251216/a6c8a01f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list