[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 15 10:57:36 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06802b16 by Moritz Mühlenhoff at 2025-10-15T11:57:02+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,11 +21,11 @@ CVE-2025-62441
CVE-2025-62440
REJECTED
CVE-2025-62376 (pwn.college DOJO is an education platform for learning cybersecurity. ...)
- TODO: check
+ NOT-FOR-US: pwn.college DOJO
CVE-2025-62374 (Parse Javascript SDK provides access to the powerful Parse Server back ...)
- TODO: check
+ NOT-FOR-US: Parse Javascript SDK
CVE-2025-61941 (A path traversal issue exists in WXR9300BE6P series firmware versions ...)
- TODO: check
+ NOT-FOR-US: WXR9300BE6P
CVE-2025-61804 (Animate versions 23.0.13, 24.0.10 and earlier are affected by a Heap-b ...)
NOT-FOR-US: Adobe
CVE-2025-61797 (Adobe Experience Manager versions 11.6 and earlier are affected by a s ...)
@@ -204,11 +204,11 @@ CVE-2025-39966 (In the Linux kernel, the following vulnerability has been resolv
CVE-2025-31702 (A vulnerability exists in certain Dahua embedded products. Third-party ...)
NOT-FOR-US: Dahua
CVE-2025-26861 (RemoteCall Remote Support Program (for Operator) versions prior to 5.3 ...)
- TODO: check
+ NOT-FOR-US: RemoteCall Remote Support Program
CVE-2025-26860 (RemoteCall Remote Support Program (for Operator) versions prior to 5.1 ...)
- TODO: check
+ NOT-FOR-US: RemoteCall Remote Support Program
CVE-2025-26859 (RemoteView PC Application Console versions prior to 6.0.2 contain an u ...)
- TODO: check
+ NOT-FOR-US: RemoteView PC Application Console
CVE-2025-11746 (The XStore theme for WordPress is vulnerable to Local File Inclusion i ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11501 (The Dynamically Display Posts plugin for WordPress is vulnerable to SQ ...)
@@ -222,21 +222,21 @@ CVE-2025-11160 (The WPBakery Page Builder plugin for WordPress is vulnerable to
CVE-2025-10406 (The BlindMatrix e-Commerce WordPress plugin before 3.1 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13991 (Huijietong Cloud Video Platform contains a path traversal vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Huijietong Cloud Video Platform
CVE-2023-7311 (BYTEVALUE Intelligent Flow Control Router contains a command injection ...)
- TODO: check
+ NOT-FOR-US: BYTEVALUE
CVE-2023-7305 (SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerabil ...)
- TODO: check
+ NOT-FOR-US: SmartBI
CVE-2023-7304 (Ruijie RG-UAC Application Management Gateway contains a command inject ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2018-25117 (VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) ...)
- TODO: check
+ NOT-FOR-US: VestaCP
CVE-2017-20205 (Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic con ...)
- TODO: check
+ NOT-FOR-US: Valve SDK
CVE-2017-20204 (DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undoc ...)
- TODO: check
+ NOT-FOR-US: DBLTek
CVE-2011-10033 (The WordPress pluginis-human <= v1.4.2 containsan eval injection vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11756
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -655,7 +655,7 @@ CVE-2025-54889 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2025-54822 (An improper authorization vulnerability [CWE-285] in Fortinet FortiOS ...)
NOT-FOR-US: Fortinet
CVE-2025-54603 (An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 t ...)
- TODO: check
+ NOT-FOR-US: Claroty Secure Access
CVE-2025-54284 (Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-o ...)
NOT-FOR-US: Adobe
CVE-2025-54283 (Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-o ...)
@@ -677,23 +677,23 @@ CVE-2025-54273 (Substance3D - Viewer versions 0.25.2 and earlier are affected by
CVE-2025-53845 (An improper authentication vulnerability [CWE-287] in Fortinet FortiAn ...)
NOT-FOR-US: Fortinet
CVE-2025-53782 (Incorrect implementation of authentication algorithm in Microsoft Exch ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53768 (Use after free in Xbox allows an authorized attacker to elevate privil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53717 (Reliance on untrusted inputs in a security decision in Windows Virtual ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53150 (Use after free in Windows Digital Media allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53139 (Cleartext transmission of sensitive information in Windows Hello allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50175 (Use after free in Windows Digital Media allows an authorized attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50174 (Use after free in Windows Device Association Broker service allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-50152 (Out-of-bounds read in Windows Kernel allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49708 (Use after free in Microsoft Graphics Component allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49201 (A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, ...)
NOT-FOR-US: Fortinet
CVE-2025-48813 (Use of a key past its expiration date in Virtual Secure Mode allows an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06802b160b14aa3649fd556e4bdc9bcc16ce7a8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06802b160b14aa3649fd556e4bdc9bcc16ce7a8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251015/68f0e025/attachment.htm>
More information about the debian-security-tracker-commits
mailing list