[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Nov 27 19:42:30 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6089c15 by Moritz Muehlenhoff at 2025-11-27T20:42:17+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58,7 +58,7 @@ CVE-2025-3784 (Cleartext Storage of Sensitive Information Vulnerability in GX Wo
CVE-2025-34351 (Anyscale Ray 2.52.0 contains an insecure default configuration in whic ...)
NOT-FOR-US: Ray
CVE-2025-13762 (Improper Input Validation vulnerability in CyberArk CyberArk Secure We ...)
- TODO: check
+ NOT-FOR-US: CyberArk
CVE-2025-13680 (The Tiger theme for WordPress is vulnerable to Privilege Escalation in ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13675 (The Tiger theme for WordPress is vulnerable to Privilege Escalation in ...)
@@ -78,7 +78,7 @@ CVE-2025-13157 (The QODE Wishlist for WooCommerce plugin for WordPress is vulner
CVE-2025-13143 (The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12758 (Versions of the package validator before 13.15.22 are vulnerable to In ...)
- TODO: check
+ NOT-FOR-US: Node validator
CVE-2025-12713 (The Soundslides plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12712 (The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
@@ -241,7 +241,7 @@ CVE-2025-12571 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
CVE-2025-11461 (Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsa ...)
NOT-FOR-US: Frappe CRM
CVE-2021-4472 (The mistral-dashboard plugin for openstack has a local file inclusion ...)
- TODO: check
+ NOT-FOR-US: mistral plugin
CVE-2025-9558 (There is a potential OOB Write vulnerability in the gen_prov_start fun ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-9557 (An out-of-bound write can lead to an arbitrary code execution. Even on ...)
@@ -630,7 +630,7 @@ CVE-2025-65998 (Apache Syncope can be configured to store the user password valu
CVE-2025-65503 (Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 a ...)
NOT-FOR-US: Redboltz async_mqtt
CVE-2025-65502 (Null pointer dereference in add_ca_certs() in Cesanta Mongoose before ...)
- TODO: check
+ NOT-FOR-US: Cesenta Mongoose
CVE-2025-65501 (Null pointer dereference in coap_dtls_info_callback() in OISM libcoap ...)
- libcoap3 <unfixed> (bug #1121415)
[trixie] - libcoap3 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6089c15798f6c05880fabbb56af0655d238191f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6089c15798f6c05880fabbb56af0655d238191f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251127/15fc0d08/attachment.htm>
More information about the debian-security-tracker-commits
mailing list