[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 26 15:11:39 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
673f69b0 by Moritz Muehlenhoff at 2025-06-26T16:08:50+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55,7 +55,7 @@ CVE-2025-6641 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Informatio
CVE-2025-6640 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Executi ...)
NOT-FOR-US: PDF-XChange
CVE-2025-6624 (Versions of the package snyk before 1.1297.3 are vulnerable to Inserti ...)
- TODO: check
+ NOT-FOR-US: snyk CLI
CVE-2025-6546 (The Drive Folder Embedder plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6540 (The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
@@ -105,9 +105,9 @@ CVE-2025-52934
CVE-2025-4334 (The Simple User Registration plugin for WordPress is vulnerable to Pri ...)
NOT-FOR-US: WordPress plugin
CVE-2025-48497 (Cross-site request forgery vulnerability exists in iroha Board version ...)
- TODO: check
+ NOT-FOR-US: iroha Board
CVE-2025-41404 (Direct request ('Forced Browsing') issue exists in iroha Board version ...)
- TODO: check
+ NOT-FOR-US: iroha Board
CVE-2025-3863 (The Post Carousel Slider for Elementor plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2025-37101 (A potential security vulnerability has been identified in HPE OneView ...)
@@ -155,7 +155,7 @@ CVE-2025-6605 (A vulnerability classified as critical was found in SourceCodeste
CVE-2025-6604 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester
CVE-2025-6603 (A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011 ...)
- TODO: check
+ NOT-FOR-US: coldfunction qCUDA
CVE-2025-6543 (Memory overflow vulnerability leading to unintended control flow and D ...)
NOT-FOR-US: Citrix
CVE-2025-6445 (ServiceStack FindType Directory Traversal Remote Code Execution Vulner ...)
@@ -218,17 +218,17 @@ CVE-2025-52576 (Kanboard is project management software that focuses on the Kanb
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7
NOTE: https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1 (v1.2.46)
CVE-2025-52569 (GitForge.jl is a unified interface for interacting with Git "forges." ...)
- TODO: check
+ NOT-FOR-US: GitForge.jl
CVE-2025-52483 (Registrator is a GitHub app that automates creation of registration pu ...)
- TODO: check
+ NOT-FOR-US: Registrator GitHub app
CVE-2025-52480 (Registrator is a GitHub app that automates creation of registration pu ...)
- TODO: check
+ NOT-FOR-US: Registrator GitHub app
CVE-2025-52479 (HTTP.jl provides HTTP client and server functionality for Julia, and U ...)
- TODO: check
+ NOT-FOR-US: HTTP.jl
CVE-2025-50179 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-50178 (GitForge.jl is a unified interface for interacting with Git "forges." ...)
- TODO: check
+ NOT-FOR-US: GitForge.jl
CVE-2025-4656 (Vault Community and Vault Enterprise rekey and recovery key operations ...)
NOT-FOR-US: HashiCorp Vault
CVE-2025-49845 (Discourse is an open-source discussion platform. The visibility of pos ...)
@@ -254,19 +254,19 @@ CVE-2025-48954 (Discourse is an open-source discussion platform. Versions prior
CVE-2025-45333 (berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnera ...)
TODO: check
CVE-2025-45332 (vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerabil ...)
- TODO: check
+ NOT-FOR-US: c-ray
CVE-2025-44206 (Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hex ...)
- TODO: check
+ NOT-FOR-US: Hexagon HxGN OnCall Dispatch Advantag
CVE-2025-41647 (A local, low-privileged attacker can learn the password of the connect ...)
TODO: check
CVE-2025-41256 (Cyberduck and Mountain Duck improper handle TLS certificate pinning fo ...)
- TODO: check
+ NOT-FOR-US: Cyberduck and Mountain Duck
CVE-2025-41255 (Cyberduck and Mountain Duck improperly handle TLS certificate pinning ...)
- TODO: check
+ NOT-FOR-US: Cyberduck and Mountain Duck
CVE-2025-25905 (Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and befor ...)
- TODO: check
+ NOT-FOR-US: CADClick
CVE-2025-25012 (URL redirection to an untrusted site ('Open Redirect') in Kibana can l ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2025-20282 (A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC coul ...)
NOT-FOR-US: Cisco
CVE-2025-20281 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
@@ -274,7 +274,7 @@ CVE-2025-20281 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC
CVE-2025-20264 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2024-57708 (An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a d ...)
- TODO: check
+ NOT-FOR-US: OneTrust SDK
CVE-2024-27685 (SQL Injection vulnerability in Student Record system Using PHP and MyS ...)
TODO: check
CVE-2023-44915 (A cross-site scripting (XSS) vulnerability in the component /Login.php ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673f69b03fee7720f8ab5e0c0543596623622414
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673f69b03fee7720f8ab5e0c0543596623622414
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250626/ed82cd33/attachment.htm>
More information about the debian-security-tracker-commits
mailing list