[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 25 22:01:51 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34ff1dd0 by Salvatore Bonaccorso at 2025-07-25T23:00:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-8197 (A global buffer overflow vulnerability was found in the soup_head
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383525
TODO: check, clarify upstream status, details for libsoup2.4
CVE-2025-8183 (NULL Pointer Dereference in \xb5D3TN via non-singleton destination End ...)
- TODO: check
+ NOT-FOR-US: ud3tn
CVE-2025-8168 (A vulnerability was found in D-Link DIR-513 1.10. It has been rated as ...)
NOT-FOR-US: D-Link
CVE-2025-8167 (A vulnerability was found in code-projects Church Donation System 1.0. ...)
@@ -13,13 +13,13 @@ CVE-2025-8166 (A vulnerability was found in code-projects Church Donation System
CVE-2025-8165 (A vulnerability was found in code-projects Food Review System 1.0 and ...)
NOT-FOR-US: code-projects
CVE-2025-8164 (A vulnerability has been found in code-projects Public Chat Room 1.0 a ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-8163 (A vulnerability, which was classified as critical, was found in deerwm ...)
- TODO: check
+ NOT-FOR-US: deerwms deer-wms-2
CVE-2025-8162 (A vulnerability, which was classified as critical, has been found in d ...)
- TODO: check
+ NOT-FOR-US: deerwms deer-wms-2
CVE-2025-8161 (A vulnerability classified as critical was found in deerwms deer-wms-2 ...)
- TODO: check
+ NOT-FOR-US: deerwms deer-wms-2
CVE-2025-8160 (A vulnerability classified as critical has been found in Tenda AC20 up ...)
NOT-FOR-US: Tenda
CVE-2025-8159 (A vulnerability was found in D-Link DIR-513 1.0. It has been rated as ...)
@@ -39,11 +39,11 @@ CVE-2025-8139 (A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521.
CVE-2025-8138 (A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and c ...)
NOT-FOR-US: TOTOLINK
CVE-2025-5254 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Kron Technologies Kron PAM
CVE-2025-5253 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Kron Technologies Kron PAM
CVE-2025-54596 (Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 all ...)
- TODO: check
+ NOT-FOR-US: Abnormal Security (from Abnormal AI)
CVE-2025-52455 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau ...)
NOT-FOR-US: Salesforce
CVE-2025-52454 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau ...)
@@ -61,33 +61,33 @@ CVE-2025-52447 (Authorization Bypass Through User-Controlled Key vulnerability i
CVE-2025-52446 (Authorization Bypass Through User-Controlled Key vulnerability in Sale ...)
NOT-FOR-US: Salesforce
CVE-2025-52360 (A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search f ...)
- TODO: check
+ NOT-FOR-US: Koha Library Management System
CVE-2025-51411 (A reflected cross-site scripting (XSS) vulnerability exists in Institu ...)
- TODO: check
+ NOT-FOR-US: Institute-of-Current-Students
CVE-2025-46199 (Cross Site Scripting vulnerability in grav v.1.7.48 and before allows ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-46198 (Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1. ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-45960 (Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows ...)
- TODO: check
+ NOT-FOR-US: tawk.to Live Chat
CVE-2025-45939 (Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery (S ...)
- TODO: check
+ NOT-FOR-US: Apwide Golive
CVE-2025-45893 (OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scriptin ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2025-45892 (OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scriptin ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2025-45777 (An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara ...)
- TODO: check
+ NOT-FOR-US: Chavara Family Welfare Centre Chavara Matrimony Site
CVE-2025-45467 (Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as ...)
- TODO: check
+ NOT-FOR-US: Unitree Go1
CVE-2025-45466 (Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control ...)
- TODO: check
+ NOT-FOR-US: Unitree Go1
CVE-2025-45406 (A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6 ...)
TODO: check
CVE-2025-44608 (CloudClassroom-PHP Project v1.0 was discovered to contain a SQL inject ...)
- TODO: check
+ NOT-FOR-US: CloudClassroom-PHP Project
CVE-2025-43712 (JHipster before v.8.9.0 allows privilege escalation via a modified aut ...)
- TODO: check
+ NOT-FOR-US: JHipster
CVE-2025-3873 (The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 f ...)
NOT-FOR-US: Silicon Labs
CVE-2025-3508 (Certain HP DesignJet products may be vulnerable to information disclos ...)
@@ -226,65 +226,65 @@ CVE-2025-38431 (In the Linux kernel, the following vulnerability has been resolv
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ff8abbd248c1f52df0c321690b88454b13ff54b2 (6.16-rc4)
CVE-2025-36728 (Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This iss ...)
- TODO: check
+ NOT-FOR-US: Simplehelp
CVE-2025-36727 (Inclusion of Functionality from Untrusted Control Sphere vulnerability ...)
- TODO: check
+ NOT-FOR-US: Simplehelp
CVE-2025-34139 (A vulnerability exists in SitecoreExperience Manager (XM),Experience P ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2025-34138 (A vulnerability exists in SitecoreExperience Manager (XM),Experience P ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2025-34136 (An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2025-34114 (A client-side security misconfiguration vulnerability exists in OpenBl ...)
- TODO: check
+ NOT-FOR-US: OpenBlow whistleblowing platform
CVE-2025-30135 (An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Ov ...)
- TODO: check
+ NOT-FOR-US: IROAD Dashcam FX2 devices
CVE-2025-30086 (CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows infor ...)
TODO: check
CVE-2025-2329 (In high traffic environments, a Silicon Labs OpenThread RCP (see impac ...)
NOT-FOR-US: Silicon Labs
CVE-2025-29631 (An issue in Gardyn 4 allows a remote attacker execute arbitrary code)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2025-29630 (An issue in Gardyn 4 allows a remote attacker with the corresponding s ...)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2025-29629 (An issue in Gardyn 4 allows a remote attacker to obtain sensitive info ...)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2025-29628 (An issue in Gardyn 4 allows a remote attacker to obtain sensitive info ...)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2024-48730 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote ...)
- TODO: check
+ NOT-FOR-US: ETSI Open-Source MANO (OSM)
CVE-2024-48729 (An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote ...)
- TODO: check
+ NOT-FOR-US: ETSI Open-Source MANO (OSM)
CVE-2024-13976 (A DLL injection vulnerability exists in Commvault for Windows 11.20.0, ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2024-13975 (A local privilege escalation vulnerability exists in Commvault for Win ...)
- TODO: check
+ NOT-FOR-US: Commvault
CVE-2023-7306 (The Frontend File Manager Plugin plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2023-53155 (goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the ...)
- TODO: check
+ NOT-FOR-US: EmbedThis GoAhead
CVE-2022-4979 (A cross-site scripting (XSS) vulnerability exists in Sitecore Experien ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2020-36850 (An information disclosure vulnerability exits in Sitecore JSS React Sa ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2016-15046 (A client-side remote code execution vulnerability exists in Samsung Se ...)
- TODO: check
+ NOT-FOR-US: Samsung Security Manager
CVE-2015-10142 (Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 1 ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2014-125119 (A filename spoofing vulnerability exists in WinRAR when opening specia ...)
TODO: check
CVE-2014-125118 (A command injection vulnerability exists in the eScan Web Management C ...)
- TODO: check
+ NOT-FOR-US: eScan Web Management Console
CVE-2014-125117 (A stack-based buffer overflow vulnerability in the my_cgi.cgi componen ...)
NOT-FOR-US: D-Link
CVE-2014-125116 (A remote code execution vulnerability exists in HybridAuth versions 2. ...)
- TODO: check
+ NOT-FOR-US: HybridAuth
CVE-2014-125115 (An unauthenticated SQL injection vulnerability exists in Pandora FMS v ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2014-125114 (A stack-based buffer overflow vulnerability exists in i-Ftp version 2. ...)
- TODO: check
+ NOT-FOR-US: i-Ftp
CVE-2013-10032 (An authenticated remote code execution vulnerability exists in GetSimp ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2025-38430 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.35-1
NOTE: https://git.kernel.org/linus/1244f0b2c3cecd3f349a877006e67c9492b41807 (6.16-rc1)
@@ -621,7 +621,7 @@ CVE-2025-54379 (LF Edge eKuiper is a lightweight IoT data analytics and stream p
CVE-2025-54369
REJECTED
CVE-2025-53940 (Quiet is an alternative to team chat apps like Slack, Discord, and Ele ...)
- TODO: check
+ NOT-FOR-US: Quiet
CVE-2025-3614 (The ElementsKit Elementor Addons and Templates plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2025-32429 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -809,7 +809,7 @@ CVE-2025-1299 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2025-0765 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2016-15044 (A remote code execution vulnerability exists in Kaltura versions prior ...)
- TODO: check
+ NOT-FOR-US: Kaltura
CVE-2025-8070 (The Windows service configuration of ABP and AES contains an unquoted ...)
NOT-FOR-US: Asustor
CVE-2025-8069 (During the AWS Client VPN client installation on Windows devices, the ...)
@@ -823,7 +823,7 @@ CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to 2.4
NOTE: Inroduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=963d8d782fc98fb6dc3a66f0068795f9920c269d
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7ea06e994093fa0bcca0d0ee2c1db271d8d7885d
CVE-2025-8022 (Versions of the package bun after 0.0.12 are vulnerable to Improper Ne ...)
- TODO: check
+ NOT-FOR-US: bun
CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable to Dire ...)
NOT-FOR-US: files-bucket-server Node.js module
CVE-2025-8020 (All versions of the package private-ip are vulnerable to Server-Side R ...)
@@ -956,7 +956,7 @@ CVE-2025-46171 (vBulletin 3.8.7 is vulnerable to a denial-of-service condition v
CVE-2025-46099 (In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or creat ...)
NOT-FOR-US: Pluck CMS
CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to redirect vict ...)
- TODO: check
+ NOT-FOR-US: Pinokio
CVE-2025-43881 (Improper validation of specified quantity in input issue exists in Rea ...)
NOT-FOR-US: Real-time Bus Tracking System
CVE-2025-43489 (A potential security vulnerability has been identified in the Poly Cla ...)
@@ -1032,7 +1032,7 @@ CVE-2024-40686 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.
CVE-2024-40682 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
NOT-FOR-US: IBM
CVE-2024-12310 (A vulnerability in Imprivata Enterprise Access Management(formerly Imp ...)
- TODO: check
+ NOT-FOR-US: Imprivata Enterprise Access Management
CVE-2022-4978 (Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows unauth ...)
NOT-FOR-US: Steppschuh
CVE-2018-25114 (A remote code execution vulnerability exists within osCommerce Online ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34ff1dd012ad17ce239245176fd506af3af6a309
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34ff1dd012ad17ce239245176fd506af3af6a309
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250725/96204f62/attachment.htm>
More information about the debian-security-tracker-commits
mailing list