[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 17 20:14:04 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4936515 by security tracker role at 2025-12-17T20:13:56+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-67895 (Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow ...)
TODO: check
CVE-2025-67285 (A SQL injection vulnerability was found in the '/cts/admin/?page=zone' ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-67174 (A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows at ...)
TODO: check
CVE-2025-67173 (A Cross-Site Request Forgery (CSRF) in the page creation/editing funct ...)
@@ -19,9 +19,9 @@ CVE-2025-67165 (An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.1
CVE-2025-67164 (An authenticated arbitrary file upload vulnerability in the /storage/p ...)
TODO: check
CVE-2025-67074 (A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-67073 (A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-66953 (CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.1 ...)
TODO: check
CVE-2025-66924 (A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s ...)
@@ -101,9 +101,9 @@ CVE-2025-14096 (A vulnerability exists in multiple Radiometer products that allo
CVE-2025-14095 (A "Privilege boundary violation" vulnerability is identified affecting ...)
TODO: check
CVE-2025-14081 (The Ultimate Member plugin for WordPress is vulnerable to Profile Priv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13537 (The Live Composer \u2013 Free WordPress Website Builder plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13352 (Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin ve ...)
TODO: check
CVE-2025-13326 (Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Run ...)
@@ -113,7 +113,7 @@ CVE-2025-13324 (Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.
CVE-2025-13321 (Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive info ...)
TODO: check
CVE-2025-13217 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12689 (Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 1 ...)
TODO: check
CVE-2024-46062 (Miniconda3 macOS installers before 23.11.0-1 contain a local privilege ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c493651526b1b362d3d17e0b8e25f40d985ac8e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c493651526b1b362d3d17e0b8e25f40d985ac8e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/361a2a20/attachment.htm>
More information about the debian-security-tracker-commits
mailing list