[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 23 22:06:11 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1fcfcc7b by Salvatore Bonaccorso at 2025-07-23T23:05:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable to
CVE-2025-8020 (All versions of the package private-ip are vulnerable to Server-Side R ...)
TODO: check
CVE-2025-7766 (LantronixProvisioning Manager is vulnerable to XML external entity att ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2025-7724 (An unauthenticated OS command injection vulnerability existsin VIGI NV ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-7723 (A command injection vulnerability exists that can be exploited after a ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-7722 (The Social Streams plugin for WordPress is vulnerable to privilege esc ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6261 (The Fleetwire Fleet Management plugin for WordPress is vulnerable to S ...)
@@ -39,41 +39,41 @@ CVE-2025-5818 (The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash pl
CVE-2025-5753 (The Valuation Calculator plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-54455 (Use of Hard-coded Credentials vulnerability in Samsung Electronics Mag ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54454 (Use of Hard-coded Credentials vulnerability in Samsung Electronics Mag ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54453 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54452 (Improper Authentication vulnerability in Samsung Electronics MagicINFO ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54451 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54450 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54449 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54448 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54447 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54446 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54445 (Improper Restriction of XML External Entity Reference vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54444 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54443 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54442 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54441 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54440 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54439 (Unrestricted Upload of File with Dangerous Type vulnerability in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54438 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-54297 (A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joom ...)
NOT-FOR-US: Joomla
CVE-2025-54296 (A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla ...)
@@ -87,25 +87,25 @@ CVE-2025-54141 (ViewVC is a browser interface for CVS and Subversion version con
CVE-2025-54140 (pyLoad is a free and open-source Download Manager written in pure Pyth ...)
TODO: check
CVE-2025-54139 (HAX CMS allows users to manage their microsite universe with a NodeJS ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54138 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2025-54137 (HAX CMS NodeJS allows users to manage their microsite universe with a ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54120 (PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. ...)
- TODO: check
+ NOT-FOR-US: PCL (Plain Craft Launcher) Minecraft launcher
CVE-2025-54072 (yt-dlp is a feature-rich command-line audio/video downloader. In versi ...)
TODO: check
CVE-2025-53882 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
TODO: check
CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without enc ...)
- TODO: check
+ NOT-FOR-US: DuraComm
CVE-2025-53538 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
TODO: check
CVE-2025-51462 (Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app ...)
- TODO: check
+ NOT-FOR-US: RAGFlow
CVE-2025-50481 (A cross-site scripting (XSS) vulnerability in the component /blog/blog ...)
- TODO: check
+ NOT-FOR-US: Mezzanine CMS
CVE-2025-50477 (A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect ...)
TODO: check
CVE-2025-50127 (A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was disc ...)
@@ -115,23 +115,23 @@ CVE-2025-4700 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2025-4439 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
TODO: check
CVE-2025-4411 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Dataprom Informatics PACS-ACSS
CVE-2025-4296 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...)
- TODO: check
+ NOT-FOR-US: HotelRunner B2B
CVE-2025-48733 (DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function ...)
- TODO: check
+ NOT-FOR-US: DuraComm
CVE-2025-47187 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Serie ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2025-46686 (Redis through 7.4.3 allows memory consumption via a multi-bulk command ...)
TODO: check
CVE-2025-46171 (vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the ...)
NOT-FOR-US: vBulletin
CVE-2025-46099 (In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or creat ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to redirect vict ...)
TODO: check
CVE-2025-43881 (Improper validation of specified quantity in input issue exists in Rea ...)
- TODO: check
+ NOT-FOR-US: Real-time Bus Tracking System
CVE-2025-43489 (A potential security vulnerability has been identified in the Poly Cla ...)
NOT-FOR-US: HP
CVE-2025-43488 (A potential security vulnerability has been identified in the Poly Cla ...)
@@ -155,13 +155,13 @@ CVE-2025-43020 (A potential command injection vulnerability has been identified
CVE-2025-42947 (SAP FICA ODN framework allows a high privileged user to inject value i ...)
NOT-FOR-US: SAP
CVE-2025-41687 (An unauthenticated remote attacker may use a stack based buffer overfl ...)
- TODO: check
+ NOT-FOR-US: Weidmueller Interface GmbH & Co. KG
CVE-2025-41684 (An authenticated remote attacker can execute arbitrary commands with r ...)
- TODO: check
+ NOT-FOR-US: Weidmueller Interface GmbH & Co. KG
CVE-2025-41683 (An authenticated remote attacker can execute arbitrary commands with r ...)
- TODO: check
+ NOT-FOR-US: Weidmueller Interface GmbH & Co. KG
CVE-2025-41425 (DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site script ...)
- TODO: check
+ NOT-FOR-US: DuraComm
CVE-2025-40599 (An authenticated arbitrary file upload vulnerability exists in the SMA ...)
NOT-FOR-US: SonicWall
CVE-2025-40598 (A Reflected cross-site scripting (XSS) vulnerability exists in the SMA ...)
@@ -181,9 +181,9 @@ CVE-2025-33076 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1
CVE-2025-33020 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transm ...)
NOT-FOR-US: IBM
CVE-2025-31701 (A vulnerability has been found in Dahua products. Attackers could exp ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2025-31700 (A vulnerability has been found in Dahua products. Attackers could exp ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2025-2634 (Out of bounds read vulnerability due to improper bounds checking in NI ...)
NOT-FOR-US: National Instruments
CVE-2025-2633 (Out of bounds read vulnerability due to improper bounds checking in NI ...)
@@ -207,9 +207,9 @@ CVE-2024-40682 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.
CVE-2024-12310 (A vulnerability in Imprivata Enterprise Access Management(formerly Imp ...)
TODO: check
CVE-2022-4978 (Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows unauth ...)
- TODO: check
+ NOT-FOR-US: Steppschuh
CVE-2018-25114 (A remote code execution vulnerability exists within osCommerce Online ...)
- TODO: check
+ NOT-FOR-US: osCommerce Online Merchant
CVE-2018-25113 (An unauthenticated path traversal vulnerability exists in Dicoogle PAC ...)
TODO: check
CVE-2017-20198 (The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deplo ...)
@@ -494,25 +494,25 @@ CVE-2025-46354 (A denial of service vulnerability exists in the Distributed Tran
CVE-2025-46267 (Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If e ...)
NOT-FOR-US: Elecom
CVE-2025-36520 (A null pointer dereference vulnerability exists in the net_connectmsg ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-36512 (A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 d ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-35966 (A null pointer dereference vulnerability exists in the CDB2SQLQUERY pr ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-34143 (An authentication bypass vulnerability exists in ETQ Reliance on the C ...)
- TODO: check
+ NOT-FOR-US: ETQ Reliance
CVE-2025-34142 (An XML External Entity (XXE) injection vulnerability exists in ETQ Rel ...)
- TODO: check
+ NOT-FOR-US: ETQ Reliance
CVE-2025-34141 (A reflected cross-site scripting (XSS) vulnerability exists in ETQ Rel ...)
- TODO: check
+ NOT-FOR-US: ETQ Reliance
CVE-2025-34140 (An authorization bypass vulnerability exists in ETQ Reliance (legacy C ...)
- TODO: check
+ NOT-FOR-US: ETQ Reliance
CVE-2025-31513 (An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One ...)
- TODO: check
+ NOT-FOR-US: AlertEnterprise Guardian
CVE-2025-31512 (An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One ...)
- TODO: check
+ NOT-FOR-US: AlertEnterprise Guardian
CVE-2025-31511 (An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One ...)
- TODO: check
+ NOT-FOR-US: AlertEnterprise Guardian
CVE-2024-38335 (IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could ...)
NOT-FOR-US: IBM
CVE-2015-10140 (The Ajax Load More plugin before 2.8.1.2 does not have authorisation i ...)
@@ -815,11 +815,11 @@ CVE-2025-50151 (File access paths in configuration files uploaded by users with
- apache-jena <unfixed>
NOTE: https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss
CVE-2025-4130 (Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allo ...)
- TODO: check
+ NOT-FOR-US: PAVO
CVE-2025-4129 (Authorization Bypass Through User-Controlled Key vulnerability in PAVO ...)
- TODO: check
+ NOT-FOR-US: PAVO
CVE-2025-4040 (Authorization Bypass Through User-Controlled Key vulnerability in Turp ...)
- TODO: check
+ NOT-FOR-US: Turpak Automatic Station Monitoring System
CVE-2025-49656 (Users with administrator access can create databases files outside the ...)
NOT-FOR-US: Fuseki
CVE-2025-46123 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
@@ -865,31 +865,31 @@ CVE-2025-43976 (The com.enflick.android.tn2ndLine application through 24.17.1.0
CVE-2025-43720 (Headwind MDM before 5.33.1 makes configuration details accessible to u ...)
NOT-FOR-US: Headwind MDM
CVE-2025-41681 (A high privileged remote attacker can gain persistent XSS via POST req ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41679 (An unauthenticated remote attacker could exploit a buffer overflow vul ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41678 (A high privileged remote attacker can alter the configuration database ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41677 (A high privileged remote attacker can exhaust critical system resource ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41676 (A high privileged remote attacker can exhaust critical system resource ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41675 (A high privileged remote attacker can execute arbitrary system command ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41674 (A high privileged remote attacker can execute arbitrary system command ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41673 (A high privileged remote attacker can execute arbitrary system command ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2025-41459 (Insufficient protection against brute-force and runtime manipulation i ...)
- TODO: check
+ NOT-FOR-US: Two App Studio Journey
CVE-2025-41458 (Unencrypted storage in the database in Two App Studio Journey v5.5.9 f ...)
- TODO: check
+ NOT-FOR-US: Two App Studio Journey
CVE-2025-41100 (Incorrect authentication vulnerability in ParkingDoor. Through this vu ...)
- TODO: check
+ NOT-FOR-US: ParkingDoor
CVE-2025-36846 (An issue was discovered in Eveo URVE Web Manager 27.02.2025. The appli ...)
- TODO: check
+ NOT-FOR-US: Eveo URVE Web Manager
CVE-2025-36845 (An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpo ...)
- TODO: check
+ NOT-FOR-US: Eveo URVE Web Manager
CVE-2025-36603 (Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of ...)
NOT-FOR-US: Dell / EMC
CVE-2025-36107 (IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow mal ...)
@@ -907,17 +907,17 @@ CVE-2025-30477 (Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a us
CVE-2025-30192 (An attacker spoofing answers to ECS enabled requests sent out by the R ...)
TODO: check
CVE-2025-2301 (Authorization Bypass Through User-Controlled Key vulnerability in Akbi ...)
- TODO: check
+ NOT-FOR-US: Akbim Software Online Exam Registration
CVE-2025-1469 (Authorization Bypass Through User-Controlled Key vulnerability in Turt ...)
- TODO: check
+ NOT-FOR-US: Turtek Software Eyotek
CVE-2024-6107 (Due to insufficient verification, an attacker could use a malicious cl ...)
TODO: check
CVE-2024-55040 (Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring Sys ...)
- TODO: check
+ NOT-FOR-US: Sensaphone WEB600 Monitoring System
CVE-2024-13974 (A business logic vulnerability in the Up2Date component of Sophos Fire ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2024-13973 (A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2025-7921 (Certain modem models developed by Askey has a Stack-based Buffer Overf ...)
NOT-FOR-US: Askey
CVE-2025-7920 (WinMatrix3 Web package developed by Simopro Technology has a Reflected ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fcfcc7b6478be4cfdb5eb87a067b13edac7289d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fcfcc7b6478be4cfdb5eb87a067b13edac7289d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250723/d796a194/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list