[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 6 08:44:47 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d79bdfb7 by Salvatore Bonaccorso at 2025-09-06T09:23:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -254,9 +254,9 @@ CVE-2025-48103 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-48102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-35452 (PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use d ...)
- TODO: check
+ NOT-FOR-US: Various pan-tilt-zoom cameras
CVE-2025-35451 (PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use h ...)
- TODO: check
+ NOT-FOR-US: Various pan-tilt-zoom cameras
CVE-2025-32320 (In System UI, there is a possible way to view other users' images due ...)
NOT-FOR-US: Android
CVE-2025-32318 (In Skia, there is a possible out of bounds write due to a heap buffer ...)
@@ -266,11 +266,11 @@ CVE-2025-32317 (In App Widget, there is a possible Information Disclosure due to
CVE-2025-32316 (In gralloc4, there is a possible out of bounds write due to a missing ...)
NOT-FOR-US: Android
CVE-2025-30200 (ECOVACS robot vacuums and base stations communicate via an insecure Wi ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot vacuums and base stations
CVE-2025-30199 (ECOVACS vacuum robot base stations do not validate firmware updates, s ...)
- TODO: check
+ NOT-FOR-US: ECOVACS vacuum robot base stations
CVE-2025-30198 (ECOVACS robot vacuums and base stations communicate via an insecure Wi ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot vacuums and base stations
CVE-2025-27003 (Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Pay ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26461 (In Permission Manager, there is a possible way for the microphone priv ...)
@@ -289,7 +289,7 @@ CVE-2025-10026 (A vulnerability was found in itsourcecode POS Point of Sale Syst
CVE-2025-10025 (A vulnerability has been found in PHPGurukul Online Course Registratio ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10014 (A flaw has been found in elunez eladmin up to 2.7. This impacts the fu ...)
- TODO: check
+ NOT-FOR-US: elunez eladmin
CVE-2025-10013 (A vulnerability was detected in Portabilis i-Educar up to 2.10. This a ...)
NOT-FOR-US: Portabilis
CVE-2025-10012 (A security vulnerability has been detected in Portabilis i-Educar up t ...)
@@ -556,9 +556,9 @@ CVE-2025-58401 (Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Git
CVE-2025-58400 (RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, I ...)
NOT-FOR-US: RATOC RAID Monitoring Manager for Windows
CVE-2025-58362 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2025-58359 (ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised S ...)
- TODO: check
+ NOT-FOR-US: ZF FROST
CVE-2025-58352 (Weblate is a web based localization tool. Versions lower than 5.13.1 c ...)
TODO: check
CVE-2025-58313 (Race condition vulnerability in the device standby module. Impact: Suc ...)
@@ -572,33 +572,33 @@ CVE-2025-58280 (Vulnerability of exposing object heap addresses in the Ark eTS m
CVE-2025-58276 (Permission verification vulnerability in the home screen module Impact ...)
NOT-FOR-US: Huawei
CVE-2025-58179 (Astro is a web framework for content-driven websites. Versions 11.0.3 ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2025-55739 (api is a module for FreePBX@, which is an open source GUI that control ...)
- TODO: check
+ NOT-FOR-US: api module for FreePBX
CVE-2025-55671 (Uncontrolled search path element issue exists in TkEasyGUI versions pr ...)
- TODO: check
+ NOT-FOR-US: TkEasyGUI
CVE-2025-55305 (Electron is a framework for writing cross-platform desktop application ...)
TODO: check
CVE-2025-55244 (Azure Bot Service Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55242 (Exposure of sensitive information to an unauthorized actor in Xbox all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55241 (Azure Entra Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55238 (Dynamics 365 FastTrack Implementation Assets Information Disclosure Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55209 (contactmanager is a module for FreePBX@, which is an open source GUI t ...)
- TODO: check
+ NOT-FOR-US: contactmanager module for FreePBX
CVE-2025-55190 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2025-55037 (Improper neutralization of special elements used in an OS command ('OS ...)
- TODO: check
+ NOT-FOR-US: TkEasyGUI
CVE-2025-54914 (Azure Networking Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-48395 (An attacker with authenticated and privileged access could modify the ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2025-41408 (Improper authorization in handler for custom URL scheme issue in "Yaho ...)
- TODO: check
+ NOT-FOR-US: "Yahoo! Shopping" App for Android
CVE-2025-9636 (pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vul ...)
- pgadmin4 <itp> (bug #834129)
CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site Request For ...)
@@ -1518,7 +1518,7 @@ CVE-2024-13064 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2024-13063 (Authorization Bypass Through User-Controlled Key vulnerability in Akin ...)
NOT-FOR-US: Akinsoft
CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is vulnerab ...)
- TODO: check
+ NOT-FOR-US: mikecao/flight
CVE-2025-57833 (An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12 ...)
- python-django 3:4.2.24-1 (bug #1113865)
NOTE: https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
@@ -1793,17 +1793,17 @@ CVE-2025-57775 (There is a heap-based Buffer Overflow vulnerability due to impro
CVE-2025-57774 (There is an out of bounds write vulnerability due to improper bounds c ...)
NOT-FOR-US: National Instruments
CVE-2025-57616 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A u ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57615 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57614 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Int ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57613 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A n ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57612 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Nul ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57611 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Nul ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57140 (rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/D ...)
NOT-FOR-US: rsbi-pom
CVE-2025-56254 (PHPGurukul Employee Leave Management System 2.1 contains an Insecure D ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d79bdfb7e1f65870b73cea66195ce31a05993683
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d79bdfb7e1f65870b73cea66195ce31a05993683
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250906/c58af17e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list