[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 18 21:29:04 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a42dc607 by Salvatore Bonaccorso at 2025-12-18T22:28:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -122,13 +122,13 @@ CVE-2025-40891 (A Stored HTML Injection vulnerability was discovered in the Time
CVE-2025-40602 (A local privilege escalation vulnerability due to insufficient authori ...)
NOT-FOR-US: SonicWall
CVE-2025-1031 (Authorization Bypass Through User-Controlled Key vulnerability in Utar ...)
- TODO: check
+ NOT-FOR-US: SoliClub
CVE-2025-1030 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
- TODO: check
+ NOT-FOR-US: SoliClub
CVE-2025-1029 (Use of Hard-coded Credentials vulnerability in Utarit Information Serv ...)
- TODO: check
+ NOT-FOR-US: SoliClub
CVE-2025-14896 (due to insufficient sanitazation in Vega\u2019s `convert()` function w ...)
- TODO: check
+ NOT-FOR-US: Yuzu tech Kroki
CVE-2025-14889 (A security flaw has been discovered in Campcodes Advanced Voting Manag ...)
NOT-FOR-US: Campcodes
CVE-2025-14885 (A flaw has been found in SourceCodester Client Database Management Sys ...)
@@ -152,7 +152,7 @@ CVE-2025-14860 (Use-after-free in the Disability Access APIs component. This vul
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-98/#CVE-2025-14860
CVE-2025-14823 (In deployments using the ScreenConnect\u2122 Certificate Signing Exten ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2025-14744 (Unicode RTLO characters could allow malicious websites to spoof filena ...)
TODO: check
CVE-2025-14739 (Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR ...)
@@ -176,79 +176,79 @@ CVE-2025-13641 (The Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN G
CVE-2025-13110 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10910 (A flaw in the binding process of Govee\u2019s cloud platform and devic ...)
- TODO: check
+ NOT-FOR-US: Govee
CVE-2024-58323 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58322 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58321 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58320 (An information disclosure vulnerability in Kentico Xperience allows pu ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58319 (A reflected cross-site scripting vulnerability in Kentico Xperience al ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58318 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58317 (A cookie security configuration vulnerability in Kentico Xperience all ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2023-53944 (EasyPHP Webserver 14.1 contains a path traversal vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: EasyPHP Webserver
CVE-2023-53943 (GLPI 9.5.7 contains a username enumeration vulnerability in the lost p ...)
TODO: check
CVE-2023-53942 (File Thingie 2.5.7 contains an authenticated file upload vulnerability ...)
- TODO: check
+ NOT-FOR-US: File Thingie
CVE-2023-53941 (EasyPHP Webserver 14.1 contains an OS command injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: EasyPHP Webserver
CVE-2023-53940 (Codigo Markdown Editor 1.0.1 contains a code execution vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Codigo Markdown Editor
CVE-2023-53939 (TinyWebGallery v2.5 contains a stored cross-site scripting vulnerabili ...)
- TODO: check
+ NOT-FOR-US: TinyWebGallery
CVE-2023-53938 (RockMongo 1.1.7 contains a stored cross-site scripting vulnerability t ...)
- TODO: check
+ NOT-FOR-US: RockMongo
CVE-2023-53937 (Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Hubstaff
CVE-2023-53936 (Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerab ...)
- TODO: check
+ NOT-FOR-US: Cameleon CMS
CVE-2023-53935 (WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-a ...)
- TODO: check
+ NOT-FOR-US: WBiz Desk
CVE-2023-53934 (A denial of service vulnerability in Kentico Xperience allows attacker ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2023-53738 (A reflected cross-site scripting vulnerability in Kentico Xperience al ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2023-53737 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2023-53736 (A reflected cross-site scripting vulnerability in Kentico Xperience al ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50686 (An information disclosure vulnerability in Kentico Xperience allows at ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50685 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50684 (An HTML injection vulnerability in Kentico Xperience allows attackers ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50683 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50682 (A CRLF injection vulnerability in Kentico Xperience allows attackers t ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50681 (A reflected cross-site scripting vulnerability in Kentico Xperience al ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50680 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2021-47712 (A cryptography vulnerability in Kentico Xperience allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2021-47711 (A SQL injection vulnerability in Kentico Xperience allows authenticate ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2020-36891 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2020-36890 (An access control bypass vulnerability in Kentico Xperience allows adm ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2020-36889 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2019-25230 (An information disclosure vulnerability in Kentico Xperience allows au ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2019-25229 (An unrestricted file upload vulnerability in Kentico Xperience allows ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2019-25228 (An information disclosure vulnerability in Kentico Xperience allows at ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2025-68325 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/9fefc78f7f02d71810776fdeb119a05a946a27cc (6.19-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42dc607779bc286d7b4846cef6e277de117667f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42dc607779bc286d7b4846cef6e277de117667f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/268b95bf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list