[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 9 11:38:23 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
515f854b by Moritz Mühlenhoff at 2025-07-09T12:38:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,37 +9,37 @@ CVE-2025-7218 (A vulnerability was found in Campcodes Payroll Management System
CVE-2025-7217 (A vulnerability has been found in Campcodes Payroll Management System ...)
NOT-FOR-US: Campcodes
CVE-2025-7216 (A vulnerability, which was classified as critical, was found in lty628 ...)
- TODO: check
+ NOT-FOR-US: lty628 Aidigu
CVE-2025-7215 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: FNKvision
CVE-2025-7214 (A vulnerability classified as problematic was found in FNKvision FNK-G ...)
- TODO: check
+ NOT-FOR-US: FNKvision
CVE-2025-7213 (A vulnerability classified as critical has been found in FNKvision FNK ...)
- TODO: check
+ NOT-FOR-US: FNKvision
CVE-2025-7212 (A vulnerability was found in itsourcecode Insurance Management System ...)
NOT-FOR-US: itsourcecode System
CVE-2025-7211 (A vulnerability was found in code-projects LifeStyle Store 1.0. It has ...)
NOT-FOR-US: code-projects
CVE-2025-7210 (A vulnerability was found in code-projects/Fabian Ros Library Manageme ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7209 (A vulnerability has been found in 9fans plan9port up to 9da5b44 and cl ...)
- TODO: check
+ NOT-FOR-US: plan9port
CVE-2025-7208 (A vulnerability was found in 9fans plan9port up to 9da5b44. It has bee ...)
- TODO: check
+ NOT-FOR-US: plan9port
CVE-2025-7207 (A vulnerability, which was classified as problematic, was found in mru ...)
TODO: check
CVE-2025-7206 (A vulnerability, which was classified as critical, has been found in D ...)
NOT-FOR-US: D-Link
CVE-2025-7200 (A vulnerability, which was classified as critical, was found in krishn ...)
- TODO: check
+ NOT-FOR-US: krishna9772 Pharmacy Management System
CVE-2025-7199 (A vulnerability, which was classified as critical, has been found in c ...)
NOT-FOR-US: code-projects
CVE-2025-7198 (A vulnerability classified as critical was found in code-projects Jonn ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7197 (A vulnerability classified as critical has been found in code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7196 (A vulnerability was found in code-projects Jonnys Liquor 1.0. It has b ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7194 (A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been ...)
NOT-FOR-US: D-Link
CVE-2025-7059 (The Simple Featured Image plugin for WordPress is vulnerable to Stored ...)
@@ -185,13 +185,13 @@ CVE-2025-43582 (Substance3D - Viewer versions 0.22 and earlier are affected by a
CVE-2025-3780 (The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings S ...)
NOT-FOR-US: WordPress plugin
CVE-2025-34085 (An unrestricted file upload vulnerability in the WordPress Simple File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-34084 (An unauthenticated information disclosure vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-34083 (An unrestricted file upload vulnerability exists in the WordPress AIT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-34077 (An authentication bypass vulnerability exists in the WordPress Pie Reg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30313 (Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out ...)
NOT-FOR-US: Adobe
CVE-2025-27203 (Adobe Connect versions 24.0 and earlier are affected by a Deserializat ...)
@@ -210,14 +210,14 @@ CVE-2025-4674
NOTE: https://github.com/golang/go/commit/e9d2c032b14c17083be0f8f0c822565199d2994f (go1.23.11)
NOTE: https://github.com/golang/go/issues/74380
CVE-2025-7363 (The TitleIcon extension for MediaWiki is vulnerable to stored XSS thro ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension TitleIcon
CVE-2025-7362 (The MsUpload extension for MediaWiki is vulnerable to stored XSS via t ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension MsUpload
CVE-2025-7345 (A flaw exists in gdk\u2011pixbuf within the gdk_pixbuf__jpeg_image_loa ...)
- gdk-pixbuf <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249
CVE-2025-7326 (Weak authentication in EOLASP.NET Core allows an unauthorized attacker ...)
- TODO: check
+ NOT-FOR-US: EOLASP.NET Core
CVE-2025-7193 (A vulnerability was found in itsourcecode Agri-Trading Online Shopping ...)
NOT-FOR-US: itsourcecode System
CVE-2025-7192 (A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classifi ...)
@@ -289,15 +289,15 @@ CVE-2025-5451 (A stack-based buffer overflow in Ivanti Connect Secure before ver
CVE-2025-5450 (Improper access control in the certificate management component of Iva ...)
NOT-FOR-US: Ivanti
CVE-2025-53545 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
- TODO: check
+ NOT-FOR-US: Press
CVE-2025-53513 (The /charms endpoint on a Juju controller lacked sufficient authorizat ...)
- juju <removed>
CVE-2025-53512 (The /log endpoint on a Juju controller lacked sufficient authorization ...)
- juju <removed>
CVE-2025-53480 (The CheckUser extension\u2019s Special:Investigate page has a vulnerab ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension CheckUser
CVE-2025-53479 (The CheckUser extension\u2019s Special:CheckUser interface is vulnerab ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension CheckUser
CVE-2025-53372 (node-code-sandbox-mcp is a Node.js\u2013based Model Context Protocol s ...)
NOT-FOR-US: node-code-sandbox-mcp
CVE-2025-53355 (MCP Server Kubernetes is an MCP Server that can connect to a Kubernete ...)
@@ -435,19 +435,19 @@ CVE-2025-49671 (Exposure of sensitive information to an unauthorized actor in Wi
CVE-2025-49670 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
NOT-FOR-US: Microsoft
CVE-2025-49669 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49668 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49667 (Double free in Windows Win32K - ICOMP allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49666 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49665 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49664 (Exposure of sensitive information to an unauthorized actor in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49663 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49661 (Untrusted pointer dereference in Windows Ancillary Function Driver for ...)
TODO: check
CVE-2025-49660 (Use after free in Windows Event Tracing allows an authorized attacker ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/515f854b58e7013075214aaf3baf80244cb82903
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/515f854b58e7013075214aaf3baf80244cb82903
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250709/c9cb4c0a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list