[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 31 20:45:59 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56ced1cb by Salvatore Bonaccorso at 2025-10-31T21:45:39+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -106,7 +106,7 @@ CVE-2025-62267 (Multiple cross-site scripting (XSS) vulnerabilities in web conte
CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in Languauge Overri ...)
NOT-FOR-US: Liferay
CVE-2025-62232 (Sensitive data exposure via logging in basic-auth leads to plaintext u ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-61427 (A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO A ...)
NOT-FOR-US: BEO GmbH BEO Atlas Einfuhr Ausfuhr
CVE-2025-61141 (sqls-server/sqls 0.2.28 is vulnerable to command injection in the conf ...)
@@ -134,19 +134,19 @@ CVE-2025-57106 (Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to
CVE-2025-54763 (FutureNet MA and IP-K series provided by Century Systems Co., Ltd. con ...)
NOT-FOR-US: Century Systems
CVE-2025-52665 (A malicious actor with access to the management network could exploit ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-52664 (SQL injection in Revive Adserver 6.0.0 causes potential disruption or ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2025-52663 (A vulnerability was identified in certain UniFi Talk devices where int ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-4952 (Tampering of the registry entries might have led to preventing the ESE ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2025-48984 (A vulnerability allowing remote code execution (RCE) on the Backup Ser ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2025-48983 (A vulnerability in the Mount service of Veeam Backup & Replication, wh ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2025-48982 (This vulnerability in Veeam Agent for Microsoft Windows allows for Loc ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2025-48980 (In Brave Browser Desktop versions prior to 1.83.10 that have the split ...)
- brave-browser <itp> (bug #864795)
CVE-2025-40603 (A potential exposure of sensitive information in log files in SonicWal ...)
@@ -154,39 +154,39 @@ CVE-2025-40603 (A potential exposure of sensitive information in log files in So
CVE-2025-36249 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set ...)
NOT-FOR-US: IBM
CVE-2025-34298 (Nagios Log Server versions prior to 2024R1.3.2 contain a privilege esc ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34287 (Nagios XI versions prior to 2024R2 contain an improperly owned script, ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34286 (Nagios XI versions prior to 2026R1 contain a remote code execution vu ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34284 (Nagios XI versions prior to2024R2contain a command injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34283 (Nagios XI versions prior to2024R1.4.2revealed API keys to users who we ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34280 (NagiosNetwork Analyzer versions prior to2024R2.0.1 contain a vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyzer
CVE-2025-34278 (Nagios Network Analyzer versions prior to2024R1 contain a stored cross ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyser
CVE-2025-34277 (Nagios Log Server versions prior to2024R1.3.1 contain a code injection ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34274 (Nagios Log Server versions prior to 2024R2.0.3 contain an execution wi ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34273 (Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect au ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34272 (In Nagios Log Server versions prior to 2024R2.0.3, when a user's confi ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34271 (Nagios Log Server versions prior to2024R2.0.2 contain a vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34270 (Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34269 (Nagios Fusion versions prior to R2.1 contain a vulnerability due to th ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2025-34249 (Nagios Fusion versions prior to 2024R2.1contain a brute-force bypass i ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2025-34135 (Nagios XI versions prior to2024R1.4.2configure some systemd unit files ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34134 (Nagios XI versions prior to 2024R1.4.2 contain a remote code execution ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-33003 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allo ...)
NOT-FOR-US: IBM
CVE-2025-30191 (Malicious content from E-Mail can be used to perform a redressing atta ...)
@@ -204,9 +204,9 @@ CVE-2025-12553 (Email Server Certificate Verification Disabled.This issue affect
CVE-2025-12552 (Insufficient Password Policy.This issue affects BLU-IC2: through 1.19. ...)
NOT-FOR-US: Azure Access Technology
CVE-2025-12547 (A vulnerability was identified in LogicalDOC Community Edition up to 9 ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2025-12546 (A vulnerability was determined in LogicalDOC Community Edition up to 9 ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2025-12521 (The Analytify Pro plugin for WordPress is vulnerable to Sensitive Info ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12509 (On a client with an admin user, a Global_Shipping script can be implem ...)
@@ -216,9 +216,9 @@ CVE-2025-12508 (When using domain users as BRAIN2 users, communication with Acti
CVE-2025-12507 (The service Bizerba Communication Server (BCS) has an unquoted service ...)
NOT-FOR-US: Bizerba
CVE-2025-12501 (Integer overflow in GameMaker IDE below 2024.14.0 version can lead to ...)
- TODO: check
+ NOT-FOR-US: GameMaker IDE
CVE-2025-12460 (An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 ...)
- TODO: check
+ NOT-FOR-US: Afterlogic Aurora webmail
CVE-2025-12357 (By manipulating the Signal Level Attenuation Characterization (SLAC) ...)
TODO: check
CVE-2025-12175 (The The Events Calendar plugin for WordPress is vulnerable to unauthor ...)
@@ -244,173 +244,173 @@ CVE-2025-10897 (The WooCommerce Designer Pro theme for WordPress is vulnerable t
CVE-2025-10693 (When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR ...)
NOT-FOR-US: Silicon Labs
CVE-2024-58273 (Nagios Log Server versions prior to 2024R1.0.2 contain a local privile ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2024-58272 (Nagios Log Server versions prior to 2024R1 contain a stored cross-site ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2024-14009 (Nagios XI versions prior to2024R1.0.1contain a privilege escalation vu ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14008 (Nagios XI versions prior to 2024R1.3.2contain a remote command executi ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14006 (Nagios XI versions prior to 2024R1.2.2contain a host header injection ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14005 (Nagios XI versions prior to 2024R1.2 contain a command injection vulne ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14004 (Nagios XI versions prior to 2024R1.2 containa privilege escalation vul ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14003 (Nagios XI versions prior to 2024R1.2 arevulnerable to remote code exec ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14002 (Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14001 (Nagios XI versions prior to 2024R1.1.3are vulnerable to cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14000 (Nagios XI versions prior to 2024R1.1.3are vulnerable to cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13999 (Nagios XI versions prior to 2024R1.1.3, under certain circumstances,di ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13996 (Nagios XI versions prior to2024R1.1.3did not invalidate all other acti ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13995 (Nagios XI versions prior to2024R1.1.2 may (confirmed in2024R1.1 and 20 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13994 (Nagios XI versions prior to2024R1.1.2 contain a missing authorization ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13993 (Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13992 (Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site s ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7325 (Anheng Mingyu Operation and Maintenance Audit and Risk Control System ...)
- TODO: check
+ NOT-FOR-US: Anheng Mingyu Operation and Maintenance Audit and Risk Control System
CVE-2023-7323 (Nagios Log Server versions prior to 2024R1are vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2023-7322 (Nagios Log Server versions prior to 2024R1 contain an incorrect author ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2023-7321 (Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-sit ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2023-7319 (Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cro ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyzer
CVE-2023-7318 (Nagios XI versions prior to < 2024R1.0.2 are vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7317 (Nagios XI versions prior to 2024R1contain a missing access control vul ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7316 (Nagios XI versions prior to 2024R1 are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7315 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7314 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7313 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7312 (Nagios Fusion versions prior to4.2.0 contain a stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2023-53690 (Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2023-53689 (Nagios Fusion versions prior to4.2.0 contain a reflected cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2023-53688 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50588 (Nagios XI versions prior to5.8.9are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50587 (Nagios XI versions prior to5.8.9are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50586 (Nagios XI versions prior to5.8.9are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50585 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50584 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-4461 (Seeyon Zhiyuan OA Web Application System versions up to and including ...)
- TODO: check
+ NOT-FOR-US: Seeyon Zhiyuan OA Web Application System
CVE-2021-47700 (Nagios XI versions prior to5.8.7used a temporary directory for Highcha ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47699 (Nagios XI versions prior to5.8.7are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47697 (Nagios XI versions prior to5.8.0are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47696 (Nagios XI versions prior to5.8.0are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47695 (Nagios XI versions prior to5.8.0are vulnerable to stored cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47694 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47693 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47692
REJECTED
CVE-2021-47691 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47690 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47689 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36869 (Nagios XI versions prior to5.7.5contain a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36868 (Nagios XI versions prior to5.7.3contain a privilege escalation vulnera ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36867 (Nagios XI versions prior to5.7.3contain a command injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36866 (Nagios XI versions prior to5.7.2are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36865 (Nagios XI versions prior to5.7.2are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36864 (Nagios XI versions prior to5.7.2are vulnerable to cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36863 (Nagios XI versions prior to5.7.2allow PHP files to be uploaded to the ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36862 (Nagios XI versions prior to5.6.11contain unauthenticated vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36861 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36860 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36859 (The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36858 (Nagios Log Server versions prior to 2.1.6contain cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2020-36857 (Nagios XI versions prior to 5.6.14 containa post-authentication SQL in ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36856 (Nagios XI versions prior to 5.6.14 contain an authenticated remote com ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-25123 (Nagios XI versions prior to5.5.7contain a privilege escalation vulnera ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-25122 (Nagios XI versions prior to5.4.13contain a remote code execution vulne ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-25121 (Nagios XI versions prior to5.4.13 are vulnerable to cross-site scripti ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-25119 (Nagios Fusion versions prior to 4.1.5 arevulnerable to cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2017-20209 (Nagios Fusion versions prior to 4.0.1arevulnerable to cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2016-15053 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site scriptin ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2016-15052 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site scriptin ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2016-15051 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site scriptin ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2016-15050 (Nagios XI versions prior to5.2.4 containa SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2016-15049 (Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2013-10074 (Nagios XI versions prior to2012R2.6are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2013-10073 (Nagios XI versions prior to2012R1.6 contain ashell command injection v ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2013-10072 (Nagios XI versions prior to2012R1.6 contain an authorization flaw in t ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2013-10071 (Nagios XI versions prior to2012R1.6contain a reflected cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2012-10063 (Nagios XI versions prior to2012R1.3 containa SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10040 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10039 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10038 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10037 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10036 (Nagios XI versions prior to2011R1.9are vulnerable to cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10035 (Nagios XI versions prior to2011R1.9contain privilege escalation vulner ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-40106 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/87b318ba81dda2ee7b603f4f6c55e78ec3e95974 (6.18-rc3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56ced1cbe47d78b956123626295973e031a65594
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56ced1cbe47d78b956123626295973e031a65594
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251031/a7d3c46a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list