[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 15 21:38:40 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6504bec3 by Salvatore Bonaccorso at 2025-09-15T22:38:16+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,27 +9,27 @@ CVE-2025-9076 (Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize
CVE-2025-9072 (Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-8396 (Insufficiently specific bounds checking on authorization header could ...)
- TODO: check
+ NOT-FOR-US: Temporal
CVE-2025-6202 (Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigg ...)
TODO: check
CVE-2025-59399 (libocpp before 0.28.0 allows a denial of service (EVerest crash) becau ...)
- TODO: check
+ NOT-FOR-US: libocpp
CVE-2025-59398 (The OCPP implementation in libocpp before 0.26.2 allows a denial of se ...)
- TODO: check
+ NOT-FOR-US: libocpp
CVE-2025-59397 (Open Web Analytics (OWA) before 1.8.1 allows SQL injection.)
- TODO: check
+ NOT-FOR-US: Open Web Analytics (OWA)
CVE-2025-59377 (feiskyer mcp-kubernetes-server through 0.1.11 allows OS command inject ...)
- TODO: check
+ NOT-FOR-US: feiskyer mcp-kubernetes-server
CVE-2025-59376 (feiskyer mcp-kubernetes-server through 0.1.11 does not consider chaine ...)
- TODO: check
+ NOT-FOR-US: feiskyer mcp-kubernetes-server
CVE-2025-59361 (The cleanIptables mutation in Chaos Controller Manager is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Chaos Controller Manager
CVE-2025-59360 (The killProcesses mutation in Chaos Controller Manager is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Chaos Controller Manager
CVE-2025-59359 (The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS ...)
- TODO: check
+ NOT-FOR-US: Chaos Controller Manager
CVE-2025-59358 (The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging ...)
- TODO: check
+ NOT-FOR-US: Chaos Mesh
CVE-2025-59331 (is-arrayish checks if an object can be used like an Array. On 8 Septem ...)
NOT-FOR-US: Next.js
CVE-2025-59330 (error-ex allows error subclassing and stack customization. On 8 Septem ...)
@@ -39,9 +39,9 @@ CVE-2025-59328 (A vulnerability in Apache Fory allows a remote attacker to cause
CVE-2025-59162 (color-convert provides plain color conversion functions in JavaScript. ...)
NOT-FOR-US: Next.js
CVE-2025-59155 (hackmd-mcp is a Model Context Protocol server for integrating HackMD's ...)
- TODO: check
+ NOT-FOR-US: hackmd-mcp
CVE-2025-59154 (Openfire is an XMPP server licensed under the Open Source Apache Licen ...)
- TODO: check
+ NOT-FOR-US: Openfire
CVE-2025-59144 (debug is a JavaScript debugging utility. On 8 September 2025, the npm ...)
NOT-FOR-US: Next.js
CVE-2025-59143 (color is a Javascript color conversion and manipulation library. On 8 ...)
@@ -53,43 +53,43 @@ CVE-2025-59141 (simple-swizzle swizzles function arguments. On 8 September 2025,
CVE-2025-59140 (backlash parses collected strings with escapes. On 8 September 2025, t ...)
NOT-FOR-US: Next.js
CVE-2025-58748 (Dataease is an open source data analytics and visualization platform. ...)
- TODO: check
+ NOT-FOR-US: Dataease
CVE-2025-58177 (n8n is an open source workflow automation platform. From 1.24.0 to bef ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2025-58172 (drawnix is an all in one open-source whiteboard tool. In drawnix versi ...)
- TODO: check
+ NOT-FOR-US: drawnix
CVE-2025-58046 (Dataease is an open-source data visualization and analysis platform. I ...)
- TODO: check
+ NOT-FOR-US: Dataease
CVE-2025-58045 (Dataease is an open source data analytics and visualization platform. ...)
- TODO: check
+ NOT-FOR-US: Dataease
CVE-2025-57248 (A null pointer dereference vulnerability was discovered in SumatraPDF ...)
- TODO: check
+ NOT-FOR-US: SumatraPDF
CVE-2025-57176 (The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Commun ...)
- TODO: check
+ NOT-FOR-US: Ceragon Networks / Siklu Communication EtherHaul series
CVE-2025-57174 (An issue was discovered in Siklu Communications Etherhaul 8010TX and 1 ...)
- TODO: check
+ NOT-FOR-US: Siklu Communications Etherhaul
CVE-2025-57104 (Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx.)
- TODO: check
+ NOT-FOR-US: Teampel
CVE-2025-56710 (A Cross-Site Request Forgery (CSRF) vulnerability was identified in th ...)
NOT-FOR-US: PHPGurukul
CVE-2025-56252 (Cross Site Scripting (xss) vulnerability in ServitiumCRM 2.10 allowing ...)
- TODO: check
+ NOT-FOR-US: ServitiumCRM
CVE-2025-55777
REJECTED
CVE-2025-52344 (Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in ...)
- TODO: check
+ NOT-FOR-US: Explorance Blue
CVE-2025-52053 (TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command ...)
NOT-FOR-US: TOTOLINK
CVE-2025-52048 (In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the fun ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2025-50944 (An issue was discovered in the method push.lite.avtech.com.MySSLSocket ...)
- TODO: check
+ NOT-FOR-US: AVTECH EagleEyes
CVE-2025-50110 (An issue was discovered in the method push.lite.avtech.com.AvtechLib.G ...)
- TODO: check
+ NOT-FOR-US: AVTECH EagleEyes
CVE-2025-49089 (wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/d ...)
- TODO: check
+ NOT-FOR-US: wangxutech MoneyPrinterTurbo
CVE-2025-46408 (An issue was discovered in the methods push.lite.avtech.com.AvtechLib. ...)
- TODO: check
+ NOT-FOR-US: AVTECH EagleEyes
CVE-2025-45091 (Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable ...)
TODO: check
CVE-2025-43800 (Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal ...)
@@ -103,19 +103,19 @@ CVE-2025-43792 (Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and ol
CVE-2025-43791 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...)
NOT-FOR-US: Liferay
CVE-2025-3025 (Elevation of Privileges in the cleaning feature of Gen Digital CCleane ...)
- TODO: check
+ NOT-FOR-US: Gen Digital CCleaner
CVE-2025-36082 (IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally w ...)
NOT-FOR-US: IBM
CVE-2025-10491 (The MongoDB Windows installation MSI may leave ACLs unset on custom in ...)
- TODO: check
+ NOT-FOR-US: MongoDB Windows installation MSI
CVE-2025-10475 (A weakness has been identified in SpyShelter up to 15.4.0.1015. Affect ...)
- TODO: check
+ NOT-FOR-US: SpyShelter
CVE-2025-10473 (A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1 ...)
- TODO: check
+ NOT-FOR-US: yangzongzhuan RuoYi
CVE-2025-10472 (A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1. ...)
- TODO: check
+ NOT-FOR-US: harry0703 MoneyPrinterTurbo
CVE-2025-10471 (A vulnerability was detected in ZKEACMS 4.3. Impacted is the function ...)
- TODO: check
+ NOT-FOR-US: ZKEACMS
CVE-2025-10459 (A security flaw has been discovered in PHPGurukul Beauty Parlour Manag ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10448 (A flaw has been found in Campcodes Online Job Finder System 1.0. This ...)
@@ -141,7 +141,7 @@ CVE-2025-10436 (A weakness has been identified in Campcodes Computer Sales and I
CVE-2025-10435 (A security flaw has been discovered in Campcodes Computer Sales and In ...)
NOT-FOR-US: Campcodes
CVE-2025-10434 (A vulnerability was identified in IbuyuCMS up to 2.6.3. Impacted is an ...)
- TODO: check
+ NOT-FOR-US: IbuyuCMS
CVE-2025-10203 (Relative path traversal vulnerability due to improper input validation ...)
NOT-FOR-US: National Instruments
CVE-2022-50338 (In the Linux kernel, the following vulnerability has been resolved: b ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6504bec3d00fb8e8c0529b6a07e10e6157514f4f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6504bec3d00fb8e8c0529b6a07e10e6157514f4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250915/db432083/attachment.htm>
More information about the debian-security-tracker-commits
mailing list