[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 26 08:30:02 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6068e4be by Salvatore Bonaccorso at 2025-11-26T09:29:36+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,41 +3,41 @@ CVE-2025-9558 (There is a potential OOB Write vulnerability in the gen_prov_star
CVE-2025-9557 (An out-of-bound write can lead to an arbitrary code execution. Even on ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-66269 (The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privi ...)
- TODO: check
+ NOT-FOR-US: UPSilon
CVE-2025-66266 (The RupsMon.exe service executable in UPSilon 2000 has insecure permis ...)
- TODO: check
+ NOT-FOR-US: UPSilon
CVE-2025-66265 (CMService.exe creates the C:\\usr directory and subdirectories with in ...)
- TODO: check
+ NOT-FOR-US: MegaTec Taiwan
CVE-2025-66264 (The CMService.exe service runs with SYSTEM privileges and contains an ...)
- TODO: check
+ NOT-FOR-US: MegaTec Taiwan
CVE-2025-66263 (Unauthenticated Arbitrary File Read via Null Byte Injection in DB Elec ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66262 (Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Elect ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66261 (Unauthenticated OS Command Injection (restore_settings.php) in DB Elec ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66260 (PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomuni ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66259 (Authenticated Root Remote Code Execution via improrer user input filte ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66258 (Stored Cross-Site Scripting via XML Injection in DB Electronica Teleco ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66257 (Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Ele ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66256 (Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Elect ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66255 (Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Ele ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66254 (Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB E ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66253 (Unauthenticated OS Command Injection (start_upgrade.php) in DB Electro ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66252 (Infinite Loop Denial of Service via Failed File Deletion in DB Electro ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66251 (Unauthenticated Path Traversal with Arbitrary File Deletion in DB Elec ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66250 (Unauthenticated Arbitrary File Upload (status_contents.php) in DB Elec ...)
- TODO: check
+ NOT-FOR-US: DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
CVE-2025-66235
REJECTED
CVE-2025-66234
@@ -55,15 +55,15 @@ CVE-2025-66229
CVE-2025-66228
REJECTED
CVE-2025-66026 (REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: REDAXO CMS
CVE-2025-66025 (Caido is a web security auditing toolkit. Prior to version 0.53.0, the ...)
- TODO: check
+ NOT-FOR-US: Caido
CVE-2025-66022 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
- TODO: check
+ NOT-FOR-US: FACTION
CVE-2025-66021 (OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in ...)
TODO: check
CVE-2025-66020 (Valibot helps validate data using a schema. In versions from 0.31.0 to ...)
- TODO: check
+ NOT-FOR-US: Valibot
CVE-2025-66019 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
TODO: check
CVE-2025-65963 (Files is a module for managing files inside spaces and user profiles. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6068e4be529b8ad98eebd1c49bdda61e08fb0842
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6068e4be529b8ad98eebd1c49bdda61e08fb0842
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251126/6d3479e8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list