[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 16 22:25:44 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72f716b6 by Salvatore Bonaccorso at 2025-10-16T23:25:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58,7 +58,7 @@ CVE-2025-62415 (Bagisto is an open source laravel eCommerce platform. In Bagisto
CVE-2025-62414 (Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3. ...)
NOT-FOR-US: Bagisto
CVE-2025-62413 (MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: MQTTX
CVE-2025-62412 (LibreNMS is a community-based GPL-licensed network monitoring system. ...)
NOT-FOR-US: LibreNMS
CVE-2025-62411 (LibreNMS is a community-based GPL-licensed network monitoring system. ...)
@@ -102,55 +102,55 @@ CVE-2025-61789 (Icinga DB Web provides a graphical interface for Icinga monitori
CVE-2025-61581 (** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complex ...)
TODO: check
CVE-2025-61554 (A divide-by-zero in VirtIO network device emulation in BitVisor from c ...)
- TODO: check
+ NOT-FOR-US: BitVisor
CVE-2025-61553 (An out-of-bounds write in VirtIO network device emulation in BitVisor ...)
- TODO: check
+ NOT-FOR-US: BitVisor
CVE-2025-61543 (A Host Header Injection vulnerability exists in the password reset fun ...)
- TODO: check
+ NOT-FOR-US: CraftMyCMS
CVE-2025-61541 (Webmin 2.510 is vulnerable to a Host Header Injection in the password ...)
TODO: check
CVE-2025-61540 (SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the userna ...)
- TODO: check
+ NOT-FOR-US: Ultimate PHP Board
CVE-2025-61539 (Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 v ...)
- TODO: check
+ NOT-FOR-US: Ultimate PHP Board
CVE-2025-61536 (FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magi ...)
- TODO: check
+ NOT-FOR-US: FelixRiddle dev-jobs-handlebars
CVE-2025-61514 (An arbitrary file upload vulnerability in SageMath, Inc CoCalc before ...)
TODO: check
CVE-2025-61330 (A hard-coded weak password vulnerability has been discovered in all Ma ...)
- TODO: check
+ NOT-FOR-US: Magic-branded devices from Chinese network equipment manufacturer H3C
CVE-2025-60855 (Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient vali ...)
- TODO: check
+ NOT-FOR-US: Reolink Video Doorbell WiFi
CVE-2025-60641 (The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerab ...)
- TODO: check
+ NOT-FOR-US: Vfront
CVE-2025-60639 (Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-2 ...)
- TODO: check
+ NOT-FOR-US: gsigel14 ATLAS-EPIC
CVE-2025-60358 (radare2 v.5.9.8 and before contains a memory leak in the function _loa ...)
TODO: check
CVE-2025-58426 (desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic ...)
- TODO: check
+ NOT-FOR-US: desknet
CVE-2025-58115 (ChatLuck contains a cross-site scripting vulnerability in Guest User S ...)
- TODO: check
+ NOT-FOR-US: ChatLuck
CVE-2025-58079 (Improper Protection of Alternate Path (CWE-424) in the AppSuite of des ...)
- TODO: check
+ NOT-FOR-US: desknet
CVE-2025-58075 (Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= ...)
TODO: check
CVE-2025-58073 (Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= ...)
TODO: check
CVE-2025-58051 (Nextcloud Tables allows you to create your own tables with individual ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Tables
CVE-2025-56700 (Boolean SQL injection vulnerability in the web app of Base Digitale Gr ...)
- TODO: check
+ NOT-FOR-US: Base Digitale Group spa product Centrax Open PSIM
CVE-2025-56699 (SQL injection vulnerability in the cmd component of Base Digitale Grou ...)
- TODO: check
+ NOT-FOR-US: Base Digitale Group spa product Centrax Open PSIM
CVE-2025-55072 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R ...)
- TODO: check
+ NOT-FOR-US: desknet
CVE-2025-55035 (Mattermost Desktop App versions <=5.13.0 fail to manage modals in the ...)
TODO: check
CVE-2025-54859 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R ...)
- TODO: check
+ NOT-FOR-US: desknet
CVE-2025-54760 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R ...)
- TODO: check
+ NOT-FOR-US: desknet
CVE-2025-54658 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
NOT-FOR-US: Fortinet
CVE-2025-54539 (A Deserialization of Untrusted Data vulnerability exists in the Apache ...)
@@ -158,17 +158,17 @@ CVE-2025-54539 (A Deserialization of Untrusted Data vulnerability exists in the
CVE-2025-54499 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use ...)
TODO: check
CVE-2025-54461 (ChatLuck contains an insufficient granularity of access control vulner ...)
- TODO: check
+ NOT-FOR-US: ChatLuck
CVE-2025-53951 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
NOT-FOR-US: Fortinet
CVE-2025-53950 (An Exposure of Private Personal Information ('Privacy Violation') vuln ...)
NOT-FOR-US: Fortinet
CVE-2025-53858 (ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. ...)
- TODO: check
+ NOT-FOR-US: ChatLuck
CVE-2025-53092 (Strapi is an open source headless content management system. Strapi ve ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2025-52583 (Reflected cross-site scripting (XSS) vulnerability in desknet's Web Se ...)
- TODO: check
+ NOT-FOR-US: desknet
CVE-2025-46752 (A insertion of sensitive information into log file in Fortinet FortiDL ...)
NOT-FOR-US: Fortinet
CVE-2025-41443 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
@@ -180,27 +180,27 @@ CVE-2025-41254 (STOMP over WebSocket applications may be vulnerable to a securit
CVE-2025-41253 (The following versions of Spring Cloud Gateway Server Webflux may be v ...)
TODO: check
CVE-2025-3930 (Strapi uses JSON Web Tokens (JWT) for authentication. After logout or ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2025-36128 (IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denia ...)
NOT-FOR-US: IBM
CVE-2025-36002 (IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and I ...)
NOT-FOR-US: IBM
CVE-2025-34519 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an ...)
- TODO: check
+ NOT-FOR-US: Ilevia EVE X1 Server firmware
CVE-2025-34518 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a r ...)
- TODO: check
+ NOT-FOR-US: Ilevia EVE X1 Server firmware
CVE-2025-34517 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an ...)
- TODO: check
+ NOT-FOR-US: Ilevia EVE X1 Server firmware
CVE-2025-34516 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a u ...)
- TODO: check
+ NOT-FOR-US: Ilevia EVE X1 Server firmware
CVE-2025-34515 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an ...)
- TODO: check
+ NOT-FOR-US: Ilevia EVE X1 Server firmware
CVE-2025-34514 (Ilevia EVE X1 Server firmware versions \u2264 4.7.18.0.eden contain au ...)
- TODO: check
+ NOT-FOR-US: Ilevia EVE X1 Server firmware
CVE-2025-34513 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an ...)
- TODO: check
+ NOT-FOR-US: Ilevia EVE X1 Server firmware
CVE-2025-34512 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a r ...)
- TODO: check
+ NOT-FOR-US: Ilevia EVE X1 Server firmware
CVE-2025-34255 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observa ...)
NOT-FOR-US: D-Link
CVE-2025-34254 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observa ...)
@@ -208,29 +208,29 @@ CVE-2025-34254 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an o
CVE-2025-34253 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored c ...)
NOT-FOR-US: D-Link
CVE-2025-25298 (Strapi is an open source headless CMS. The @strapi/core package before ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2025-24833 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO versi ...)
- TODO: check
+ NOT-FOR-US: desknet
CVE-2025-22381 (Aggie 2.6.1 has a Host Header injection vulnerability in the forgot pa ...)
- TODO: check
+ NOT-FOR-US: Aggie
CVE-2025-11854
REJECTED
CVE-2025-11853 (A vulnerability was determined in Sismics Teedy up to 1.11. This affec ...)
- TODO: check
+ NOT-FOR-US: Sismics Teedy
CVE-2025-11852 (A vulnerability was found in Apeman ID71 218.53.203.117. The impacted ...)
- TODO: check
+ NOT-FOR-US: Apeman ID71
CVE-2025-11851 (A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affect ...)
- TODO: check
+ NOT-FOR-US: Apeman ID71
CVE-2025-11842 (A security vulnerability has been detected in Shazwazza Smidge up to 4 ...)
- TODO: check
+ NOT-FOR-US: Shazwazza Smidge
CVE-2025-11840 (A weakness has been identified in GNU Binutils 2.45. The affected elem ...)
TODO: check
CVE-2025-11839 (A security flaw has been discovered in GNU Binutils 2.45. Impacted is ...)
TODO: check
CVE-2025-11493 (The ConnectWise Automate Agent does not fully verify the authenticity ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2025-11492 (In the ConnectWise Automate Agent, communications could be configured ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2025-10611 (Due to an insufficient access control implementation in multiple WSO2 ...)
NOT-FOR-US: WSO2
CVE-2025-10545 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
@@ -240,7 +240,7 @@ CVE-2025-0277 (HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insec
CVE-2025-0276 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerab ...)
NOT-FOR-US: HCL
CVE-2024-56143 (Strapi is an open-source headless content management system. In versio ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2025-62585 (Whale browser before 4.33.325.17 allows an attacker to bypass the Cont ...)
NOT-FOR-US: Whale Browser
CVE-2025-62584 (Whale browser before 4.33.325.17 allows an attacker to bypass the Same ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f716b679220cc12d6b5896cfed916c1c22f8d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f716b679220cc12d6b5896cfed916c1c22f8d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/e926792b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list