[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 17 21:39:48 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f53e66b9 by Salvatore Bonaccorso at 2025-12-17T22:39:25+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,65 +23,65 @@ CVE-2025-67074 (A Buffer overflow vulnerability in function fromAdvSetMacMtuWan
CVE-2025-67073 (A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin ...)
NOT-FOR-US: Tenda
CVE-2025-66953 (CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.1 ...)
- TODO: check
+ NOT-FOR-US: narda miteq Uplink Power Contril Unit UPC2
CVE-2025-66924 (A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s ...)
- TODO: check
+ NOT-FOR-US: Open Source Point of Sale
CVE-2025-66923 (A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s ...)
- TODO: check
+ NOT-FOR-US: Open Source Point of Sale
CVE-2025-66921 (A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Mo ...)
- TODO: check
+ NOT-FOR-US: Open Source Point of Sale
CVE-2025-66646 (RIOT is an open-source microcontroller operating system, designed to m ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2025-66397 (ChurchCRM is an open-source church management system. Prior to version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-66396 (ChurchCRM is an open-source church management system. Prior to version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-66395 (ChurchCRM is an open-source church management system. Prior to version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-65855 (The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (fi ...)
- TODO: check
+ NOT-FOR-US: Netun Solutions HelpFlash IoT
CVE-2025-65233 (Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9 ...)
- TODO: check
+ NOT-FOR-US: SLiMS (slims9_bulian)
CVE-2025-65203 (KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored cre ...)
- TODO: check
+ NOT-FOR-US: KeePassXC-Browser
CVE-2025-65185 (There is a username enumeration via local user login in Entrinsik Info ...)
- TODO: check
+ NOT-FOR-US: Entrinsik Informer
CVE-2025-62690 (Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-62521 (ChurchCRM is an open-source church management system. Prior to version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-62190 (Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-61736 (Successful exploitation of this vulnerability could result in the prod ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2025-53919 (An issue was discovered in the Portrait Dell Color Management applicat ...)
- TODO: check
+ NOT-FOR-US: Portrait Dell Color Management application
CVE-2025-53398 (The Portrait Dell Color Management application 3.3.8 for Dell monitors ...)
- TODO: check
+ NOT-FOR-US: Portrait Dell Color Management application
CVE-2025-44005 (An attacker can bypass authorization checks and force a Step CA ACME o ...)
- TODO: check
+ NOT-FOR-US: smallstep Step-CA
CVE-2025-43873 (Successful exploitation of these vulnerabilities could allow an attack ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2025-34442 (AVideo versions prior to 20.0 disclose absolute filesystem paths via m ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-34441 (AVideo versions prior to 20.0 expose sensitive user information throug ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-34440 (AVideo versions prior to 20.0 contain an open redirect vulnerability c ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-34439 (AVideo versions prior to 20.0 arevulnerable to an open redirect flaw d ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-34438 (AVideo versions prior to 20.0 contain an insecure direct object refere ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-34437 (AVideo versions prior to 20.0 permit any authenticated user to upload ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-34436 (AVideo versions prior to 20.0 allow any authenticated user to upload f ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-34435 (AVideo versions prior to 20.0 arevulnerable to an insecure direct obje ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-34434 (AVideo versions prior to 20.0 with the ImageGallery plugin enabled is ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2025-26381 (Successful exploitation of this vulnerability could allow an attacker ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2025-20393 (Cisco is aware of a potential vulnerability. Cisco is currently ...)
TODO: check
CVE-2025-14828
@@ -89,17 +89,17 @@ CVE-2025-14828
CVE-2025-14727 (A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite ...)
TODO: check
CVE-2025-14347 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Proliz Software Ltd. OBS (Student Affairs Information System)
CVE-2025-14266 (CSRF in Ercom Cryptobox administration console allows attacker to trig ...)
- TODO: check
+ NOT-FOR-US: Ercom Cryptobox administration console
CVE-2025-14101 (Authorization Bypass Through User-Controlled Key vulnerability in GG S ...)
- TODO: check
+ NOT-FOR-US: PaperWork
CVE-2025-14097 (A vulnerability in the application software of multiple Radiometer pro ...)
- TODO: check
+ NOT-FOR-US: Radiometer
CVE-2025-14096 (A vulnerability exists in multiple Radiometer products that allow an a ...)
- TODO: check
+ NOT-FOR-US: Radiometer
CVE-2025-14095 (A "Privilege boundary violation" vulnerability is identified affecting ...)
- TODO: check
+ NOT-FOR-US: Radiometer
CVE-2025-14081 (The Ultimate Member plugin for WordPress is vulnerable to Profile Priv ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13537 (The Live Composer \u2013 Free WordPress Website Builder plugin for Wor ...)
@@ -107,19 +107,19 @@ CVE-2025-13537 (The Live Composer \u2013 Free WordPress Website Builder plugin f
CVE-2025-13352 (Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin ve ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-13326 (Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Run ...)
- TODO: check
+ NOT-FOR-US: Mattermost Desktop App
CVE-2025-13324 (Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-13321 (Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive info ...)
- TODO: check
+ NOT-FOR-US: Mattermost Desktop App
CVE-2025-13217 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12689 (Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-46062 (Miniconda3 macOS installers before 23.11.0-1 contain a local privilege ...)
- TODO: check
+ NOT-FOR-US: Miniconda3 macOS installers
CVE-2024-46060 (Anaconda3 macOS installers before 2024.06-1 contain a local privilege ...)
- TODO: check
+ NOT-FOR-US: Anaconda3 macOS installers
CVE-2024-29371 (In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS ...)
TODO: check
CVE-2024-29370 (In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allow ...)
@@ -161,25 +161,25 @@ CVE-2025-34288 (Nagios XI versions prior to 2026R1.1 arevulnerable to local priv
CVE-2025-14817 (The component com.transsion.tranfacmode.entrance.main.MainActivity in ...)
NOT-FOR-US: TECNO Mobile
CVE-2025-14801 (A security vulnerability has been detected in xiweicheng TMS up to 2.2 ...)
- TODO: check
+ NOT-FOR-US: xiweicheng TMS
CVE-2025-14701 (An input neutralization vulnerability in the Server MOTD component of ...)
- TODO: check
+ NOT-FOR-US: Crafty Controller
CVE-2025-14700 (An input neutralization vulnerability in the Webhook Template componen ...)
- TODO: check
+ NOT-FOR-US: Crafty Controller
CVE-2025-14466 (A vulnerability in the web interface of the G\xfcralp Fortimus Series, ...)
- TODO: check
+ NOT-FOR-US: Gueralp Systems
CVE-2025-14399 (The Download Plugins and Themes in ZIP from Dashboard plugin for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14385 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14305 (ListCheck.exe developed by Acer has a Local Privilege Escalation vulne ...)
- TODO: check
+ NOT-FOR-US: ListCheck (Acer)
CVE-2025-14304 (Certain motherboard models developed by ASRock and its subsidiaries, A ...)
- TODO: check
+ NOT-FOR-US: ASRock
CVE-2025-14303 (Certain motherboard models developed by MSI has a Protection Mechanism ...)
- TODO: check
+ NOT-FOR-US: MSI
CVE-2025-14302 (Certain motherboard models developed by GIGABYTE has a Protection Mech ...)
- TODO: check
+ NOT-FOR-US: GIGABYTE
CVE-2025-14154 (The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14061 (The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script ...)
@@ -357507,7 +357507,7 @@ CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow
NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 (R_2_4_4)
NOTE: Tests: https://github.com/libexpat/libexpat/commit/acf956f14bf79a5e6383a969aaffec98bfbc2e44
CVE-2022-23851 (Netaxis API Orchestrator (APIO) before 0.19.3 allows server side templ ...)
- TODO: check
+ NOT-FOR-US: Netaxis API Orchestrator (APIO)
CVE-2022-0341 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
NOT-FOR-US: vditor
CVE-2022-0340
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f53e66b9f70cddc62948ccadea88fbb55a739f0b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f53e66b9f70cddc62948ccadea88fbb55a739f0b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/4ba28ebc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list