[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 24 21:18:50 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1d371108 by Salvatore Bonaccorso at 2025-12-24T22:18:25+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-68916 (Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsuplo ...)
- TODO: check
+ NOT-FOR-US: Riello UPS NetMan 208 Application
CVE-2025-68915 (Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbann ...)
- TODO: check
+ NOT-FOR-US: Riello UPS NetMan 208 Application
CVE-2025-68914 (Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi ...)
- TODO: check
+ NOT-FOR-US: Riello UPS NetMan 208 Application
CVE-2025-68750 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.37-1
[bookworm] - linux 6.1.147-1
@@ -244,7 +244,7 @@ CVE-2025-67622 (Cross-Site Request Forgery (CSRF) vulnerability in titopandub Ev
CVE-2025-67621 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-60935 (An open redirect vulnerability in the login endpoint of Blitz Panel v1 ...)
- TODO: check
+ NOT-FOR-US: Blitz Panel
CVE-2025-5448
REJECTED
CVE-2025-43876 (Under certain circumstances a successful exploitation could result in ...)
@@ -252,21 +252,21 @@ CVE-2025-43876 (Under certain circumstances a successful exploitation could resu
CVE-2025-43875 (Under certain circumstances a successful exploitation could result in ...)
NOT-FOR-US: Johnson Controls
CVE-2025-3232 (A remote unauthenticated attacker may be able to bypass authentication ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi Electric
CVE-2025-36154 (IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleart ...)
NOT-FOR-US: IBM
CVE-2025-2515 (A vulnerability was found in BlueChi, a multi-node systemd service con ...)
- TODO: check
+ NOT-FOR-US: BlueChi
CVE-2025-2155 (Unrestricted Upload of File with Dangerous Type vulnerability in Echo ...)
- TODO: check
+ NOT-FOR-US: Specto CM
CVE-2025-2154 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Specto CM
CVE-2024-40317 (A reflected cross-site scripting (XSS) vulnerability in MyNET up to v2 ...)
- TODO: check
+ NOT-FOR-US: MyNET
CVE-2024-39037 (MyNET up to v26.08.316 was discovered to contain an Unauthenticated SQ ...)
- TODO: check
+ NOT-FOR-US: MyNET
CVE-2024-35322 (MyNET up to v26.08 was discovered to contain a reflected cross-site sc ...)
- TODO: check
+ NOT-FOR-US: MyNET
CVE-2023-54161 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux <unfixed>
CVE-2023-54160 (In the Linux kernel, the following vulnerability has been resolved: f ...)
@@ -1094,115 +1094,115 @@ CVE-2022-50712 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b4cafb3d2c740f8d1b1234b43ac4a60e5291c960 (6.2-rc1)
CVE-2019-25258 (LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2019-25257 (LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2019-25256 (VideoFlow Digital Video Protection DVP 2.10 contains an authenticated ...)
- TODO: check
+ NOT-FOR-US: VideoFlow Digital Video Protection DVP
CVE-2019-25255 (VideoFlow Digital Video Protection DVP 2.10 contains an authenticated ...)
- TODO: check
+ NOT-FOR-US: VideoFlow Digital Video Protection DVP
CVE-2019-25254 (KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulne ...)
- TODO: check
+ NOT-FOR-US: KYOCERA Net Admin
CVE-2019-25253 (KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injec ...)
- TODO: check
+ NOT-FOR-US: KYOCERA Net Admin
CVE-2019-25252 (Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerab ...)
- TODO: check
+ NOT-FOR-US: Teradek VidiU Pro
CVE-2019-25251 (Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnera ...)
- TODO: check
+ NOT-FOR-US: Teradek VidiU Pro
CVE-2019-25250 (Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request for ...)
- TODO: check
+ NOT-FOR-US: Devolo dLAN 500 AV Wireless+
CVE-2019-25249 (devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass ...)
- TODO: check
+ NOT-FOR-US: Devolo dLAN 500 AV Wireless+
CVE-2019-25248 (Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Beward N100
CVE-2019-25247 (Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request f ...)
- TODO: check
+ NOT-FOR-US: Beward N100
CVE-2019-25246 (Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file ...)
- TODO: check
+ NOT-FOR-US: Beward N100
CVE-2019-25245 (Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnera ...)
- TODO: check
+ NOT-FOR-US: Ross Video DashBoard
CVE-2019-25244 (Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulne ...)
- TODO: check
+ NOT-FOR-US: Legrand BTicino Driver Manager F454
CVE-2019-25243 (FaceSentry 6.4.8 contains an authenticated remote command injection vu ...)
TODO: check
CVE-2019-25242 (FaceSentry Access Control System 6.4.8 contains a cross-site request f ...)
- TODO: check
+ NOT-FOR-US: FaceSentry Access Control System
CVE-2019-25241 (FaceSentry Access Control System 6.4.8 contains a critical authenticat ...)
- TODO: check
+ NOT-FOR-US: FaceSentry Access Control System
CVE-2019-25240 (Rifatron 5brid DVR contains an unauthenticated vulnerability in the an ...)
- TODO: check
+ NOT-FOR-US: Rifatron 5brid DVR
CVE-2019-25239 (V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated informat ...)
- TODO: check
+ NOT-FOR-US: V-SOL GPON/EPON OLT Platform
CVE-2019-25238 (V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forger ...)
- TODO: check
+ NOT-FOR-US: V-SOL GPON/EPON OLT Platform
CVE-2019-25237 (V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vul ...)
- TODO: check
+ NOT-FOR-US: V-SOL GPON/EPON OLT Platform
CVE-2019-25236 (iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability ...)
- TODO: check
+ NOT-FOR-US: iSeeQ Hybrid DVR WH-H4
CVE-2019-25235 (Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Smartwares HOME easy
CVE-2019-25234 (SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery ...)
- TODO: check
+ NOT-FOR-US: SmartHouse Webapp
CVE-2019-25233 (AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-si ...)
- TODO: check
+ NOT-FOR-US: AVE DOMINAplus
CVE-2018-25156 (Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability ...)
- TODO: check
+ NOT-FOR-US: Teradek Cube
CVE-2018-25155 (Teradek Slice 7.3.15 contains a cross-site request forgery vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Teradek Slice
CVE-2018-25154 (GNU Barcode 0.99 contains a buffer overflow vulnerability in its code ...)
TODO: check
CVE-2018-25153 (GNU Barcode 0.99 contains a memory leak vulnerability in the command l ...)
TODO: check
CVE-2018-25152 (Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnera ...)
- TODO: check
+ NOT-FOR-US: Ecessa Edge EV150
CVE-2018-25151 (Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site requ ...)
- TODO: check
+ NOT-FOR-US: Ecessa WANWorx WVR-30
CVE-2018-25150 (Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forger ...)
- TODO: check
+ NOT-FOR-US: Ecessa
CVE-2018-25149 (Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vu ...)
- TODO: check
+ NOT-FOR-US: Microhard Systems IPn4G
CVE-2018-25148 (Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote c ...)
- TODO: check
+ NOT-FOR-US: Microhard Systems IPn4G
CVE-2018-25147 (Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials t ...)
- TODO: check
+ NOT-FOR-US: Microhard Systems IPn4G
CVE-2018-25146 (Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Microhard Systems IPn4G
CVE-2018-25145 (Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure ...)
- TODO: check
+ NOT-FOR-US: Microhard Systems IPn4G
CVE-2018-25144 (Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulner ...)
- TODO: check
+ NOT-FOR-US: Microhard Systems IPn4G
CVE-2018-25143 (Microhard Systems IPn4G 1.1.0 contains a service vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: Microhard Systems IPn4G
CVE-2018-25142 (NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthentica ...)
- TODO: check
+ NOT-FOR-US: NovaRad
CVE-2018-25141 (FLIR thermal traffic cameras contain an unauthenticated vulnerability ...)
- TODO: check
+ NOT-FOR-US: FLIR
CVE-2018-25140 (FLIR thermal traffic cameras contain an unauthenticated device manipul ...)
- TODO: check
+ NOT-FOR-US: FLIR
CVE-2018-25139 (FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerabil ...)
- TODO: check
+ NOT-FOR-US: FLIR
CVE-2018-25138 (FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel ...)
- TODO: check
+ NOT-FOR-US: FLIR
CVE-2018-25137 (FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerab ...)
- TODO: check
+ NOT-FOR-US: FLIR Brickstream
CVE-2018-25136 (FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerab ...)
- TODO: check
+ NOT-FOR-US: FLIR Brickstream
CVE-2018-25135 (Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: Anviz AIM CrossChex Standard
CVE-2018-25134 (Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypas ...)
- TODO: check
+ NOT-FOR-US: Synaccess netBooter NP-02x/NP-08x
CVE-2018-25133 (Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forger ...)
- TODO: check
+ NOT-FOR-US: Synaccess netBooter NP-0801DU
CVE-2018-25131 (Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored c ...)
- TODO: check
+ NOT-FOR-US: Leica Geosystems GR10/GR25/GR30/GR50 GNSS
CVE-2018-25130 (Beward Intercom 2.3.1 contains a credentials disclosure vulnerability ...)
- TODO: check
+ NOT-FOR-US: Beward Intercom
CVE-2018-25129 (SOCA Access Control System 180612 contains multiple insecure direct ob ...)
- TODO: check
+ NOT-FOR-US: SOCA Access Control System
CVE-2018-25128 (SOCA Access Control System 180612 contains multiple SQL injection vuln ...)
- TODO: check
+ NOT-FOR-US: SOCA Access Control System
CVE-2018-25127 (SOCA Access Control System 180612 contains a cross-site request forger ...)
- TODO: check
+ NOT-FOR-US: SOCA Access Control System
CVE-2025-68734 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.17.9-1
[bullseye] - linux 5.10.247-1
@@ -2058,7 +2058,7 @@ CVE-2023-53982 (PMB 7.4.6 contains a SQL injection vulnerability in the storage
CVE-2023-52210 (Vulnerability in Tyche softwares Product Delivery Date for WooCommerce ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2021-47739 (Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulne ...)
- TODO: check
+ NOT-FOR-US: Epic Games Easy Anti-Cheat
CVE-2021-47738 (CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability ...)
NOT-FOR-US: CSZ CMS
CVE-2021-47737 (CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows aut ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d3711086a9a7dbf63f10522c1304720caed5e31
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d3711086a9a7dbf63f10522c1304720caed5e31
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251224/b4b14e5e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list