[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 22 21:48:54 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
47f70ff0 by Moritz Muehlenhoff at 2025-10-22T22:48:38+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2025-61873
NOTE: Fixed by: https://github.com/bestpractical/rt/commit/cade8b90c696e8c08438be2cb469a78342b5cb0f (rt-5.0.9)
NOTE: Fixed by: https://github.com/bestpractical/rt/commit/2f5798fee46155a947f57dfafed2542f03906dd7 (rt-4.4.9)
CVE-2025-8848 (A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2025-6833 (The All in One Time Clock Lite \u2013 Tracking Employee Time Has Never ...)
NOT-FOR-US: WordPress plugin
CVE-2025-62659 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -17,15 +17,15 @@ CVE-2025-62659 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2025-62611 (aiomysql is a library for accessing a MySQL database from the asyncio. ...)
TODO: check
CVE-2025-62610 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2025-62607 (Nautobot Single Source of Truth (SSoT) is an app for Nautobot. Prior t ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2025-62606 (my little forum is a PHP and MySQL based internet forum that displays ...)
- TODO: check
+ NOT-FOR-US: my little forum
CVE-2025-62604 (MeterSphere is an open source continuous testing platform. Prior to ve ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2025-62513 (OpenBao is an open source identity-based secrets management system. In ...)
- TODO: check
+ - openbao <itp> (bug #1069794)
CVE-2025-62248 (A reflected cross-site scripting (XSS) vulnerability, resulting from ...)
NOT-FOR-US: Liferay
CVE-2025-62247 (Missing Authorization in Collection Provider component in the Liferay ...)
@@ -95,7 +95,7 @@ CVE-2025-62006 (Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.
CVE-2025-62005 (Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SU ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-61035 (The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incor ...)
- TODO: check
+ NOT-FOR-US: seffaflik
CVE-2025-60343 (Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 ...)
NOT-FOR-US: Tenda
CVE-2025-60342 (Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow ...)
@@ -241,7 +241,7 @@ CVE-2025-58916 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-57870 (A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11 ...)
NOT-FOR-US: Esri
CVE-2025-56447 (TM2 Monitoring v3.04 contains an authentication bypass and plaintext c ...)
- TODO: check
+ NOT-FOR-US: TM2 Monitoring
CVE-2025-53428 (Incorrect Privilege Assignment vulnerability in N-Media Simple User Re ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -473,11 +473,11 @@ CVE-2025-48091 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-48082 (Incorrect Privilege Assignment vulnerability in Progress Planner Progr ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-41110 (Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vi ...)
- TODO: check
+ NOT-FOR-US: Ghost Robotics Vision
CVE-2025-41109 (Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfac ...)
- TODO: check
+ NOT-FOR-US: Ghost Robotics Vision
CVE-2025-41108 (The communication protocol implemented in Ghost Robotics Vision 60 v0. ...)
- TODO: check
+ NOT-FOR-US: Ghost Robotics Vision
CVE-2025-39534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32657 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -487,9 +487,9 @@ CVE-2025-32283 (Deserialization of Untrusted Data vulnerability in designthemes
CVE-2025-31634 (Deserialization of Untrusted Data vulnerability in designthemes Insura ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30944 (Missing Authorization vulnerability in Essekia Tablesome Table Premium ...)
- TODO: check
+ NOT-FOR-US: Essekia Tablesome Table
CVE-2025-24934 (Software which sets SO_REUSEPORT_LB on a socket and then connects it t ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2025-23299 (NVIDIA Bluefield and ConnectX contain a vulnerability in the managemen ...)
TODO: check
CVE-2025-22178 (Jira Align is vulnerable to an authorization issue. A low-privilege us ...)
@@ -523,7 +523,7 @@ CVE-2025-11958 (An improper input validation in the Security Dashboard ignored-t
CVE-2025-11957 (Improper authorization in the temporary access workflow of Devolutions ...)
NOT-FOR-US: Devolutions
CVE-2025-11952 (Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnera ...)
- TODO: check
+ NOT-FOR-US: Oct8ne Chatbot
CVE-2025-11915 (Connection desynchronization between an HTTP proxy and the model backe ...)
TODO: check
CVE-2025-11883 (The Responsive Progress Bar plugin for WordPress is vulnerable to Stor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47f70ff08a2be61b4fd1d1313f49fa726b75a83f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47f70ff08a2be61b4fd1d1313f49fa726b75a83f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251022/6771825c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list