[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 30 20:39:29 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1a6c8eb by Salvatore Bonaccorso at 2025-12-30T21:38:56+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,11 +4,11 @@ CVE-2025-69261 (WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha
NOTE: Fixed by: https://github.com/WasmEdge/WasmEdge/commit/37cc9fa19bd23edbbdaa9252059b17f191fa4d17 (0.16.0-alpha.3)
TODO: check details on affected range
CVE-2025-69257 (theshit is a command-line utility that automatically detects and fixes ...)
- TODO: check
+ NOT-FOR-US: theshit
CVE-2025-69256 (The Serverless Framework is a framework for using AWS Lambda and other ...)
- TODO: check
+ NOT-FOR-US: Serverless Framework
CVE-2025-69210 (FacturaScripts is open-source enterprise resource planning and account ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2025-69204 (ImageMagick is free and open-source software used for editing and mani ...)
- imagemagick 8:7.1.2.12+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
@@ -134,22 +134,22 @@ CVE-2025-68950 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec (7.1.2-12)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/5655e26ee9032a208ad9add1fde2877205d5e540 (6.9.13-37)
CVE-2025-68926 (RustFS is a distributed object storage system built in Rust. In versio ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2025-68618 (ImageMagick is free and open-source software used for editing and mani ...)
- imagemagick 8:7.1.2.12+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb (7.1.2-12)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/693c8497290ea0c7cac75d3068ea4fa70d7d507e (6.9.13-37)
CVE-2025-66848 (JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r ...)
- TODO: check
+ NOT-FOR-US: JD Cloud NAS routers
CVE-2025-66835 (TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi ...)
- TODO: check
+ NOT-FOR-US: TrueConf Client
CVE-2025-66834 (A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 ...)
- TODO: check
+ NOT-FOR-US: TrueConf Server
CVE-2025-66824 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meetin ...)
- TODO: check
+ NOT-FOR-US: TrueConf Server
CVE-2025-66823 (An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the ...)
- TODO: check
+ NOT-FOR-US: TrueConf Server
CVE-2025-66103 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-66094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -157,7 +157,7 @@ CVE-2025-66094 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-66080 (Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-65925 (An issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A le ...)
- TODO: check
+ NOT-FOR-US: Zeroheight (SaaS)
CVE-2025-65411 (A NULL pointer dereference in the src/path.c component of GNU Unrtf v0 ...)
TODO: check
CVE-2025-65409 (A divide-by-zero in the encryption/decryption routines of GNU Recutils ...)
@@ -175,11 +175,11 @@ CVE-2025-62128 (Missing Authorization vulnerability in SiteLock SiteLock Securit
CVE-2025-62112 (Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-61557 (nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Travers ...)
- TODO: check
+ NOT-FOR-US: nixseparatedebuginfod
CVE-2025-59129 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-56332 (Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attac ...)
- TODO: check
+ NOT-FOR-US: fosrl/pangolin
CVE-2025-52835 (Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-50343 (An issue was discovered in matio 1.5.28. A heap-based memory corruptio ...)
@@ -191,17 +191,17 @@ CVE-2025-15358 (DVP-12SE11T - Denial of Service Vulnerability)
CVE-2025-15353 (A vulnerability was detected in itsourcecode Society Management System ...)
NOT-FOR-US: itsourcecode System
CVE-2025-15264 (A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2025-15263 (A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affec ...)
- TODO: check
+ NOT-FOR-US: BiggiDroid Simple PHP CMS
CVE-2025-15262 (A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. ...)
- TODO: check
+ NOT-FOR-US: BiggiDroid Simple PHP CMS
CVE-2025-15258 (A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-15257 (A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Aff ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-15256 (A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-15255 (A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impact ...)
NOT-FOR-US: Tenda
CVE-2025-15254 (A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the ...)
@@ -211,27 +211,27 @@ CVE-2025-15253 (A vulnerability has been found in Tenda M3 1.0.0.13(4903). The i
CVE-2025-15252 (A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element ...)
NOT-FOR-US: Tenda
CVE-2025-15251 (A vulnerability was detected in beecue FastBee up to 2.1. Impacted is ...)
- TODO: check
+ NOT-FOR-US: FastBee
CVE-2025-15250 (A security vulnerability has been detected in 08CMS Novel System up to ...)
- TODO: check
+ NOT-FOR-US: 08CMS Novel System
CVE-2025-15249 (A weakness has been identified in zhujunliang3 work_platform up to 6bc ...)
- TODO: check
+ NOT-FOR-US: zhujunliang3 work_platform
CVE-2025-15248 (A security flaw has been discovered in sunhailin12315 product-review \ ...)
- TODO: check
+ NOT-FOR-US: sunhailin12315 product-review
CVE-2025-15247 (A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd ...)
- TODO: check
+ NOT-FOR-US: gmg137 snap7-rs
CVE-2025-15246 (A vulnerability was determined in aizuda snail-job up to 1.7.0 on macO ...)
- TODO: check
+ NOT-FOR-US: aizuda snail-job
CVE-2025-15245 (A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the ...)
NOT-FOR-US: D-Link
CVE-2025-15244 (A vulnerability has been found in PHPEMS up to 11.0. This impacts an u ...)
- TODO: check
+ NOT-FOR-US: PHPEMS
CVE-2025-15243 (A flaw has been found in code-projects Simple Stock System 1.0. This a ...)
NOT-FOR-US: code-projects
CVE-2025-15242 (A vulnerability was detected in PHPEMS up to 11.0. The impacted elemen ...)
- TODO: check
+ NOT-FOR-US: PHPEMS
CVE-2025-15241 (A security vulnerability has been detected in CloudPanel Community Edi ...)
- TODO: check
+ NOT-FOR-US: CloudPanel
CVE-2025-15234 (A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is ...)
NOT-FOR-US: Tenda
CVE-2025-15103 (DVP-12SE11T - Authentication Bypass via Partial Password Disclosure)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a6c8eb8165343ea74c180bdd9f7404cc2c03a9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a6c8eb8165343ea74c180bdd9f7404cc2c03a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251230/2b8bb6f5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list