[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 19 08:13:38 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66eb382b by security tracker role at 2025-12-19T08:13:26+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55,45 +55,45 @@ CVE-2025-67843 (A Server-Side Template Injection (SSTI) vulnerability in the MDX
CVE-2025-67842 (The Static Asset API in Mintlify Platform before 2025-11-15 allows rem ...)
TODO: check
CVE-2025-67653 (Advantech WebAccess/SCADAis vulnerable to directory traversal, which m ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-67163 (A stored cross-site scripting (XSS) vulnerability in Simple Machines F ...)
TODO: check
CVE-2025-66522 (A stored cross-site scripting (XSS) vulnerability exists in the Digita ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66521 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
TODO: check
CVE-2025-66520 (A stored cross-site scripting (XSS) vulnerability exists in the Portfo ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66519 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
TODO: check
CVE-2025-66502 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
TODO: check
CVE-2025-66501 (A stored cross-site scripting (XSS) vulnerability exists in pdfonline. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66500 (A stored cross-site scripting (XSS) vulnerability exists in webplugins ...)
TODO: check
CVE-2025-66499 (A heap-based buffer overflow vulnerability exists in the PDF parsing o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66498 (A memory corruption vulnerability exists in the 3D annotation handling ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66497 (A memory corruption vulnerability exists in the 3D annotation handling ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66496 (A memory corruption vulnerability exists in the 3D annotation handling ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66495 (A use-after-free vulnerability exists in the annotation handling of Fo ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66494 (A use-after-free vulnerability exists in the PDF file parsing of Foxit ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66493 (A use-after-free vulnerability exists in the AcroForm handling of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66174 (There is an improper authentication vulnerability in some Hikvision DV ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2025-66173 (There is a privilege escalation vulnerability in some Hikvision DVR pr ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2025-65046 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
TODO: check
CVE-2025-65041 (Improper authorization in Microsoft Partner Center allows an unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-65037 (Improper control of generation of code ('code injection') in Azure Con ...)
TODO: check
CVE-2025-64677 (Improper neutralization of input during web page generation ('cross-si ...)
@@ -127,11 +127,11 @@ CVE-2025-62000 (BullWall Ransomware Containment does not entirely inspect a file
CVE-2025-59529 (Avahi is a system which facilitates service discovery on a local netwo ...)
TODO: check
CVE-2025-53710 (Due to a product misconfiguration in certain deployment types, it was ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2025-52692 (Successful exploitation of the vulnerability could allow an attacker w ...)
TODO: check
CVE-2025-46268 (Advantech WebAccess/SCADA is vulnerable to SQL injection, which may al ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-34452 (Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 con ...)
TODO: check
CVE-2025-34451 (rofl0r/proxychains-ng versions up to and including 4.17 and prior to c ...)
@@ -141,9 +141,9 @@ CVE-2025-34450 (merbanan/rtl_433 versions up to and including 25.02 and prior to
CVE-2025-34449 (Genymobile/scrcpy versions up to and including 3.3.3 and prior to comm ...)
TODO: check
CVE-2025-14940 (A vulnerability was determined in code-projects Scholars Tracking Syst ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-14939 (A vulnerability was found in code-projects Online Appointment Booking ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-14910 (A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts th ...)
TODO: check
CVE-2025-14909 (A weakness has been identified in JeecgBoot up to 3.9.0. The impacted ...)
@@ -151,43 +151,43 @@ CVE-2025-14909 (A weakness has been identified in JeecgBoot up to 3.9.0. The imp
CVE-2025-14908 (A security flaw has been discovered in JeecgBoot up to 3.9.0. The affe ...)
TODO: check
CVE-2025-14900 (A security vulnerability has been detected in CodeAstro Real Estate Ma ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-14899 (A weakness has been identified in CodeAstro Real Estate Management Sys ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-14898 (A security flaw has been discovered in CodeAstro Real Estate Managemen ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-14897 (A vulnerability was identified in CodeAstro Real Estate Management Sys ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-14850 (Advantech WebAccess/SCADAis vulnerable to directory traversal, which m ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-14849 (Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, w ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-14848 (Advantech WebAccess/SCADA is vulnerable to absolute directory traversa ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-14733 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may all ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-14546 (Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cr ...)
TODO: check
CVE-2025-14449 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14267 (Incomplete removal of sensitive information before transfer vulnerabil ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-13999 (The HTML5 Audio Player \u2013 The Ultimate No-Code Podcast, MP3 & Audi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13941 (A local privilege escalation vulnerability exists in the Foxit PDF Rea ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-13911 (The vulnerability affects Ignition SCADA applications where Python sc ...)
TODO: check
CVE-2025-13754 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13427 (An authentication bypass vulnerability in Google Cloud Dialogflow CX M ...)
TODO: check
CVE-2025-13307 (The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13008 (An information disclosure vulnerability in M-Files Server before versi ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-11774 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2025-14876
- qemu <unfixed>
NOTE: https://lore.kernel.org/qemu-devel/20251214090939.408436-1-zhenwei.pi@linux.dev/T/#u
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66eb382bc02fe0ad9ace904b4cbcc66c158f96e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66eb382bc02fe0ad9ace904b4cbcc66c158f96e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251219/be5f619f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list