[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 10 10:58:35 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dbab771f by Salvatore Bonaccorso at 2025-10-10T11:57:53+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,31 +45,31 @@ CVE-2025-55321 (Improper neutralization of input during web page generation ('cr
CVE-2025-43296 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2025-35062 (Newforma Info Exchange (NIX) before version 2023.1 by default allows a ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35061 (Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35060 (Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35059 (Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' pro ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35058 (Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' all ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35057 (Newforma Info Exchange (NIX) '/RemoteWeb/IntegrationServices.ashx' all ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35056 (Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'St ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35055 (Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allo ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35054 (Newforma Info Exchange (NIX) stores credentials used to configure NPC ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35053 (Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/Mark ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35052 (Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35051 (Newforma Project Center Server (NPCS) accepts serialized .NET data via ...)
- TODO: check
+ NOT-FOR-US: Newforma Project Center Server (NPCS)
CVE-2025-35050 (Newforma Info Exchange (NIX) accepts serialized .NET data via the '/re ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-34248 (D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory ...)
NOT-FOR-US: D-Link
CVE-2025-21070 (Out-of-bounds write in the SPI decoder in Samsung Notes prior to versi ...)
@@ -125,15 +125,15 @@ CVE-2025-21045 (Insecure storage of sensitive information in Galaxy Watch prior
CVE-2025-21044 (Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Rele ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-11570 (Versions of the package drupal-pattern-lab/unified-twig-extensions fro ...)
- TODO: check
+ NOT-FOR-US: drupal-pattern-lab/unified-twig-extensions
CVE-2025-11569 (All versions of the package cross-zip are vulnerable to Directory Trav ...)
TODO: check
CVE-2025-11558 (A vulnerability was found in code-projects E-Commerce Website 1.0. Imp ...)
- TODO: check
+ NOT-FOR-US: code-projects E-Commerce Website
CVE-2025-11557 (A vulnerability has been found in projectworlds Gate Pass Management S ...)
NOT-FOR-US: Project Worlds
CVE-2025-11556 (A flaw has been found in code-projects Simple Leave Manager 1.0. This ...)
- TODO: check
+ NOT-FOR-US: code-projects Simple Leave Manager
CVE-2025-11555 (A vulnerability was detected in Campcodes Online Learning Management S ...)
NOT-FOR-US: Campcodes
CVE-2025-11450 (ServiceNow has addressed a reflected cross-site scripting vulnerabilit ...)
@@ -143,7 +143,7 @@ CVE-2025-11449 (ServiceNow has addressed a reflected cross-site scripting vulner
CVE-2025-10124 (The Booking Manager WordPress plugin before 2.1.15 registers a shortc ...)
NOT-FOR-US: WordPress plugin
CVE-2016-15047 (AVTECH devices that include the CloudSetup.cgi management endpoint are ...)
- TODO: check
+ NOT-FOR-US: AVTECH
CVE-2025-61724 [net/textproto: excessive CPU consumption in Reader.ReadResponse]
- golang-1.25 1.25.2-1
- golang-1.24 1.24.8-1
@@ -383,7 +383,7 @@ CVE-2025-11550 (A vulnerability was found in Tenda W12 3.0.0.6(3948). The impact
CVE-2025-11549 (A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affecte ...)
NOT-FOR-US: Tenda
CVE-2025-11371 (In the default installation and configuration of Gladinet CentreStack ...)
- TODO: check
+ NOT-FOR-US: Gladinet CentreStack and TrioFox
CVE-2025-11198 (A Missing Authentication for Critical Function vulnerability in Junipe ...)
NOT-FOR-US: Juniper
CVE-2025-10862 (The Popup builder with Gamification, Multi-Step Popups, Page-Level Tar ...)
@@ -405,7 +405,7 @@ CVE-2025-10239 (In Flowmon versions prior to 12.5.5, a vulnerability has been id
CVE-2023-37401 (IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy fi ...)
NOT-FOR-US: IBM
CVE-2017-20203 (NetSarang Xmanager Enterprise 5.0 Build 1232,Xmanager 5.0 Build 1045,X ...)
- TODO: check
+ NOT-FOR-US: NetSarang
CVE-2025-39963 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbab771f6d6936ffd3718e7b06a72fed466f4ece
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbab771f6d6936ffd3718e7b06a72fed466f4ece
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251010/fe846efb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list