[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 27 08:25:28 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
669118d9 by Moritz Muehlenhoff at 2025-06-27T09:24:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-6707 (Under certain conditions, an authenticated user request may execu
CVE-2025-6706 (An authenticated user may trigger a use after free that may result in ...)
- mongodb <removed>
CVE-2025-6703 (Improper Input Validation vulnerability in Mozilla neqo leads to an un ...)
- TODO: check
+ NOT-FOR-US: neqo
CVE-2025-6702 (A vulnerability, which was classified as problematic, was found in lin ...)
NOT-FOR-US: linlinjava litemall
CVE-2025-6701 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -69,19 +69,19 @@ CVE-2025-53122 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-53121 (Multiple stored XSS were found on different nodes with unsanitized par ...)
NOT-FOR-US: OpenNMS
CVE-2025-53013 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
- TODO: check
+ NOT-FOR-US: Himmelblau
CVE-2025-53007 (arduino-esp32 provides an Arduino core for the ESP32. Versions prior t ...)
- TODO: check
+ NOT-FOR-US: arduino-esp32
CVE-2025-53002 (LLaMA-Factory is a tuning library for large language models. A remote ...)
- TODO: check
+ NOT-FOR-US: LLaMA-Factory
CVE-2025-52904 (File Browser provides a file managing interface within a specified dir ...)
- TODO: check
+ NOT-FOR-US: filebrowser
CVE-2025-52903 (File Browser provides a file managing interface within a specified dir ...)
- TODO: check
+ NOT-FOR-US: filebrowser
CVE-2025-52902 (File Browser provides a file managing interface within a specified dir ...)
- TODO: check
+ NOT-FOR-US: filebrowser
CVE-2025-52900 (File Browser provides a file managing interface within a specified dir ...)
- TODO: check
+ NOT-FOR-US: filebrowser
CVE-2025-52887 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
- cpp-httplib <unfixed>
NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjhg-gf59-p92h
@@ -90,7 +90,7 @@ CVE-2025-52887 (cpp-httplib is a C++11 single-file header-only cross platform HT
CVE-2025-52573 (iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protoc ...)
NOT-FOR-US: iOS Simulator MCP Server (ios-simulator-mcp)
CVE-2025-52477 (Octo-STS is a GitHub App that acts like a Security Token Service (STS) ...)
- TODO: check
+ NOT-FOR-US: Octo-STS GitHub app
CVE-2025-51672 (A time-based blind SQL injection vulnerability was identified in the P ...)
NOT-FOR-US: PHPGurukul
CVE-2025-51671 (A SQL injection vulnerability was discovered in the PHPGurukul Dairy F ...)
@@ -100,7 +100,7 @@ CVE-2025-50350 (PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerab
CVE-2025-49603 (Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Inc ...)
NOT-FOR-US: Northern.tech Mender Server
CVE-2025-49592 (n8n is a workflow automation platform. Versions prior to 1.98.0 have a ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2025-49003 (DataEase is an open source business intelligence and data visualizatio ...)
NOT-FOR-US: DataEase
CVE-2025-48923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -110,7 +110,7 @@ CVE-2025-48922 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-48921 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-44141 (A Cross-Site Scripting (XSS) vulnerability exists in the node creation ...)
- TODO: check
+ NOT-FOR-US: Backdrop CMS
CVE-2025-3773 (A sensitive information exposure vulnerability in System Information ...)
TODO: check
CVE-2025-3771 (A path or symbolic link manipulation vulnerability in SIR 1.0.3 and pr ...)
@@ -128,21 +128,21 @@ CVE-2025-34047 (A path traversal vulnerability exists in the Leadsec SSL VPN (fo
CVE-2025-34046 (An unauthenticated file upload vulnerability exists in the Fanwei E-Of ...)
TODO: check
CVE-2025-34045 (A path traversal vulnerability exists in WeiPHP 5.0, an open source We ...)
- TODO: check
+ NOT-FOR-US: WeiPHP
CVE-2025-34044 (A remote command injection vulnerability exists in the confirm.php int ...)
- TODO: check
+ NOT-FOR-US: WIFISKY
CVE-2025-34043 (A remote command injection vulnerability exists in Vacron Network Vide ...)
- TODO: check
+ NOT-FOR-US: Vacron Network Video Recorder
CVE-2025-34042 (An authenticated command injection vulnerability exists in the Beward ...)
- TODO: check
+ NOT-FOR-US: Beward N100 IP Camera
CVE-2025-30131 (An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticat ...)
- TODO: check
+ NOT-FOR-US: IROAD Dashcam FX2
CVE-2025-29331 (An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote a ...)
TODO: check
CVE-2024-6174 (When a non-x86 platform is detected, cloud-init grants root access to ...)
TODO: check
CVE-2024-56915 (Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Si ...)
- TODO: check
+ - netbox <itp> (bug #1017079)
CVE-2024-52928 (Arc before 1.26.1 on Windows has a bypass issue in the site settings t ...)
TODO: check
CVE-2024-11584 (cloud-initthrough 25.1.2 includes the systemd socket unitcloud-init-ho ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/669118d9c761c7293eb49bdc89331edaf0f77c3e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/669118d9c761c7293eb49bdc89331edaf0f77c3e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250627/1f2a6e7a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list