[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 3 08:03:09 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9d773863 by Salvatore Bonaccorso at 2025-09-03T09:02:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2025-6685 (ATEN eco DC Missing Authorization Privilege Escalation Vulnerabil
CVE-2025-6519 (E3 Site Supervisor (firmware version < 2.31F01) has a default admin us ...)
NOT-FOR-US: E3 Site Supervisor
CVE-2025-5662 (A deserialization vulnerability exists in the H2O-3 REST API (POST /99 ...)
- TODO: check
+ NOT-FOR-US: h2oai/h2o-3
CVE-2025-57778 (There is an out of bounds write vulnerability due to improper bounds c ...)
NOT-FOR-US: National Instruments
CVE-2025-57777 (There is an out of bounds write vulnerability due to improper bounds c ...)
@@ -73,43 +73,43 @@ CVE-2025-57612 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac052
CVE-2025-57611 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Nul ...)
TODO: check
CVE-2025-57140 (rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/D ...)
- TODO: check
+ NOT-FOR-US: rsbi-pom
CVE-2025-56254 (PHPGurukul Employee Leave Management System 2.1 contains an Insecure D ...)
NOT-FOR-US: PHPGurukul
CVE-2025-55824 (ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which al ...)
- TODO: check
+ NOT-FOR-US: ModStartCMS
CVE-2025-55476 (FireShare FileShare 1.2.25 contains a time-based blind SQL injection v ...)
- TODO: check
+ NOT-FOR-US: FireShare
CVE-2025-55474 (Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which a ...)
- TODO: check
+ NOT-FOR-US: Many Notes
CVE-2025-55473 (Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version ...)
- TODO: check
+ NOT-FOR-US: Asian Arts Talents Foundation (AATF) Website
CVE-2025-55472 (SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in ...)
- TODO: check
+ NOT-FOR-US: Tirreno
CVE-2025-55373 (Incorrect access control in Beakon Application before v5.4.3 allows au ...)
- TODO: check
+ NOT-FOR-US: Beakon Application
CVE-2025-55372 (An arbitrary file upload vulnerability in Beakon Application before v5 ...)
- TODO: check
+ NOT-FOR-US: Beakon Application
CVE-2025-54599 (The Bevy Event service through 2025-07-22, as used for eBay Seller Eve ...)
- TODO: check
+ NOT-FOR-US: Bevy Event service
CVE-2025-52551 (E2 Facility Management Systems use a proprietary protocol that allows ...)
- TODO: check
+ NOT-FOR-US: E2 Facility Management Systems
CVE-2025-52550 (E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgra ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52549 (E3 Site Supervisor Control (firmware version < 2.31F01) generates the ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52548 (E3 Site Supervisor Control (firmware version < 2.31F01) contains a hid ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52547 (E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains a ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52546 (E3 Site Supervisor Control (firmware version < 2.31F01) has a floor pl ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52545 (E3 Site Supervisor Control (firmware version < 2.31F01) RCI service co ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52544 (E3 Site Supervisor Control (firmware version < 2.31F01) has a floor pl ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52543 (E3 Site Supervisor Control (firmware version < 2.31F01) application se ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-51966 (A cross-site scripting (XSS) vulnerability exists in the PDF preview f ...)
TODO: check
CVE-2025-50757 (Wavlink WN535K3 20191010 was found to contain a command injection vuln ...)
@@ -117,47 +117,47 @@ CVE-2025-50757 (Wavlink WN535K3 20191010 was found to contain a command injectio
CVE-2025-50755 (Wavlink WN535K3 20191010 was found to contain a command injection vuln ...)
NOT-FOR-US: Wavlink
CVE-2025-50565 (Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filt ...)
- TODO: check
+ NOT-FOR-US: Doubo ERP
CVE-2025-46810 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
TODO: check
CVE-2025-46047 (A User enumeration vulnerability in the /CredentialsServlet/ForgotPass ...)
- TODO: check
+ NOT-FOR-US: Silverpeas
CVE-2025-43726 (Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, ...)
NOT-FOR-US: Dell / EMC
CVE-2025-41690 (A low-privileged attacker in bluetooth range may be able to access the ...)
- TODO: check
+ NOT-FOR-US: Promag
CVE-2025-41031 (Lack of authorisation in Deporsite by T-INNOVA. This vulnerability all ...)
- TODO: check
+ NOT-FOR-US: Deporsite
CVE-2025-41030 (Lack of authorisation in Deporsite by T-INNOVA. This vulnerability all ...)
- TODO: check
+ NOT-FOR-US: Deporsite
CVE-2025-36162 (IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 coul ...)
NOT-FOR-US: IBM
CVE-2025-32100 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-32098 (An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-2414 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Akinsoft OctoCloud
CVE-2025-2413 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2025-0670 (Authorization Bypass Through User-Controlled Key vulnerability in Akin ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2025-0640 (Authorization Bypass Through User-Controlled Key vulnerability in Akin ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2024-58259 (A vulnerability has been identified within Rancher Manager in which it ...)
TODO: check
CVE-2024-52284 (Unauthorized disclosure of sensitive data: Any user with `GET` or `LIS ...)
TODO: check
CVE-2024-51423 (Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.0 ...)
- TODO: check
+ NOT-FOR-US: Infor Global HR GHR
CVE-2024-48705 (Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V14 ...)
NOT-FOR-US: Wavlink
CVE-2024-12974 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2024-12973 (Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTT ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2024-12972 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2025-9815 (A weakness has been identified in alaneuler batteryKid up to 2.1 on ma ...)
NOT-FOR-US: alaneuler batteryKid
CVE-2025-9814 (A security flaw has been discovered in PHPGurukul Beauty Parlour Manag ...)
@@ -215,7 +215,7 @@ CVE-2025-58161 (MobSF is a mobile application security testing tool used. In ver
CVE-2025-57808 (ESPHome is a system to control microcontrollers remotely through Home ...)
NOT-FOR-US: ESPHome
CVE-2025-44017 ("Gunosy" App contains a vulnerability where sensitive information may ...)
- TODO: check
+ NOT-FOR-US: Gunosy App
CVE-2024-28988 (SolarWinds Web Help Desk was found to be susceptible to a Java Deseria ...)
NOT-FOR-US: SolarWinds
CVE-2025-9810 (TOCTOU in linenoiseHistorySavein linenoiseallows local attackers to ov ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d773863dd1acbe3ef21f6cafb6b9d38867edecf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d773863dd1acbe3ef21f6cafb6b9d38867edecf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250903/cc7cd290/attachment.htm>
More information about the debian-security-tracker-commits
mailing list