[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 24 08:42:42 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e776453c by Salvatore Bonaccorso at 2025-12-24T09:42:17+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -83,55 +83,55 @@ CVE-2025-14933 (NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Ex
CVE-2025-14932 (NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code ...)
TODO: check
CVE-2025-14931 (Hugging Face smolagents Remote Python Executor Deserialization of Untr ...)
- TODO: check
+ NOT-FOR-US: Hugging Face smolagents
CVE-2025-14930 (Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remot ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14929 (Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14928 (Hugging Face Transformers HuBERT convert_config Code Injection Remote ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14927 (Hugging Face Transformers SEW-D convert_config Code Injection Remote C ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14926 (Hugging Face Transformers SEW convert_config Code Injection Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14925 (Hugging Face Accelerate Deserialization of Untrusted Data Remote Code ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Accelerate
CVE-2025-14924 (Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted D ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14922 (Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remo ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Diffusers
CVE-2025-14921 (Hugging Face Transformers Transformer-XL Model Deserialization of Untr ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14920 (Hugging Face Transformers Perceiver Model Deserialization of Untrusted ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14501 (Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Der ...)
- TODO: check
+ NOT-FOR-US: Sante PACS Server
CVE-2025-14500 (IceWarp14 X-File-Operation Command Injection Remote Code Execution Vul ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2025-14499 (IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2025-14498 (TradingView Desktop Electron Uncontrolled Search Path Local Privilege ...)
TODO: check
CVE-2025-14497 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14496 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14495 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14494 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14493 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14492 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14491 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14490 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14489 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14488 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
- gimp 3.2.0~RC2-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1139/
@@ -149,47 +149,47 @@ CVE-2025-14422 (GIMP PNM File Parsing Integer Overflow Remote Code Execution Vul
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1136/
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb (GIMP_3_2_0_RC2)
CVE-2025-14421 (pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14420 (pdfforge PDF Architect CBZ File Parsing Directory Traversal Remote Cod ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14419 (pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14418 (pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14417 (pdfforge PDF Architect Launch Insufficient UI Warning Remote Code Exec ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14416 (pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14415 (Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop Launch
CVE-2025-14414 (Soda PDF Desktop Word File Insufficient UI Warning Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14413 (Soda PDF Desktop CBZ File Parsing Directory Traversal Remote Code Exec ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14412 (Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14411 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Discl ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14410 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Discl ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14409 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Exec ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14408 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Discl ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14407 (Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14406 (Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14405 (PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escal ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-14404 (PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-14403 (PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution V ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-14402 (PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-14401 (PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-13773 (The Print Invoice & Delivery Notes for WooCommerce plugin for WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13767 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e776453c06540644c50a0058491620349e507ab4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e776453c06540644c50a0058491620349e507ab4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251224/9b3ae619/attachment.htm>
More information about the debian-security-tracker-commits
mailing list