[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 18 21:29:45 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
77b5c4f2 by Salvatore Bonaccorso at 2025-09-18T22:29:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,29 +3,29 @@ CVE-2025-9992 (The Ghost Kit \u2013 Page Builder Blocks, Motion Effects & Extens
CVE-2025-8565 (The Privacy Policy Generator, Terms & Conditions Generator WordPress P ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6237 (A vulnerability in invokeai version v6.0.0a1 and below allows attacker ...)
- TODO: check
+ NOT-FOR-US: invokeai
CVE-2025-59424 (LinkAce is a self-hosted archive to collect website links. Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: LinkAce
CVE-2025-59421 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
- TODO: check
+ NOT-FOR-US: Frappe Press
CVE-2025-59417 (Lobe Chat is an open-source artificial intelligence chat framework. Pr ...)
- TODO: check
+ NOT-FOR-US: Lobe Chat
CVE-2025-59040 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-57452 (In realme BackupRestore app v15.1.12_2810c08_250314, improper URI sche ...)
- TODO: check
+ NOT-FOR-US: realme BackupRestore app
CVE-2025-55912 (An issue in ClipBucket 5.5.0 and prior versions allows an unauthentica ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-55911 (An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to exec ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-50255 (Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffi ...)
- TODO: check
+ NOT-FOR-US: Smartvista BackOffice SmartVista Suite
CVE-2025-4444 (A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Im ...)
TODO: check
CVE-2025-40678 (Unrestricted upload vulnerability for dangerous file types on Summar S ...)
- TODO: check
+ NOT-FOR-US: Summar Software Employee Portal
CVE-2025-40677 (SQL injection vulnerability in Summar Software\xb4s Portal del Emplead ...)
- TODO: check
+ NOT-FOR-US: Summar Software Employee Portal
CVE-2025-36146 (IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to ...)
NOT-FOR-US: IBM
CVE-2025-36143 (IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileg ...)
@@ -39,49 +39,49 @@ CVE-2025-10688 (A vulnerability was determined in SourceCodester Pet Grooming Ma
CVE-2025-10687 (A vulnerability was found in SourceCodester Responsive E-Learning Syst ...)
NOT-FOR-US: SourceCodester
CVE-2025-10676 (A weakness has been identified in fuyang_lipengjun platform 1.0. Affec ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10675 (A security flaw has been discovered in fuyang_lipengjun platform 1.0. ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10674 (A vulnerability was identified in fuyang_lipengjun platform 1.0. This ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10673 (A vulnerability was determined in itsourcecode Student Information Man ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10672 (A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affec ...)
- TODO: check
+ NOT-FOR-US: whuan132 AIBattery
CVE-2025-10671 (A vulnerability has been found in youth-is-as-pale-as-poetry e-learnin ...)
- TODO: check
+ NOT-FOR-US: youth-is-as-pale-as-poetry e-learning
CVE-2025-10670 (A flaw has been found in itsourcecode E-Logbook with Health Monitoring ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10669 (A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This v ...)
- TODO: check
+ NOT-FOR-US: Airsonic-Advanced
CVE-2025-10668 (A security vulnerability has been detected in itsourcecode Online Disc ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Discussion Forum
CVE-2025-10667 (A weakness has been identified in itsourcecode Online Discussion Forum ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Discussion Forum
CVE-2025-10666 (A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affe ...)
NOT-FOR-US: D-Link
CVE-2025-10665 (A vulnerability was identified in kidaze CourseSelectionSystem up to 4 ...)
- TODO: check
+ NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2025-10664 (A vulnerability was determined in PHPGurukul Small CRM 4.0. This impac ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10663 (A vulnerability was found in PHPGurukul Online Course Registration 3.1 ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10662 (A vulnerability has been found in SeaCMS up to 13.3. The impacted elem ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-10650 (SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH k ...)
- TODO: check
+ NOT-FOR-US: SoftIron HyperCloud
CVE-2025-10207 (Improper Validation of Specified Type of Input vulnerability in ABB FL ...)
NOT-FOR-US: ABB group
CVE-2025-0547 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Parasut Software
CVE-2024-48851 (Improper Validation of Specified Type of Input vulnerability in ABB FL ...)
NOT-FOR-US: ABB group
CVE-2024-25011 (Ericsson Catalog Manager and Ericsson Order Care APIs do not have auth ...)
NOT-FOR-US: Ericsson
CVE-2024-13151 (Authorization Bypass Through User-Controlled SQL Primary Key, CWE - 89 ...)
- TODO: check
+ NOT-FOR-US: Diva
CVE-2023-49367 (An issue in user interface in Kyocera Command Center RX EXOSYS M5521cd ...)
- TODO: check
+ NOT-FOR-US: Kyocera Command Center RX EXOSYS M5521cdn
CVE-2023-53447 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/458c15dfbce62c35fefd9ca637b20a051309c9f1 (6.5-rc1)
@@ -660,7 +660,7 @@ CVE-2025-7977 (Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Co
CVE-2025-5305 (The Password Reset with Code for WordPress REST API WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2025-59415 (Frappe Learning is a learning system that helps users structure their ...)
- TODO: check
+ NOT-FOR-US: Frappe Learning
CVE-2025-23337 (NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HG ...)
TODO: check
CVE-2025-23336 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
@@ -674,11 +674,11 @@ CVE-2025-23316 (NVIDIA Triton Inference Server for Windows and Linux contains a
CVE-2025-23268 (NVIDIA Triton Inference Server contains a vulnerability in the DALI ba ...)
NOT-FOR-US: NVIDIA
CVE-2025-10644 (Wondershare Repairit SAS Token Incorrect Permission Assignment Authent ...)
- TODO: check
+ NOT-FOR-US: Wondershare Repairit SAS Token Incorrect Permission Assignment
CVE-2025-10643 (Wondershare Repairit Incorrect Permission Assignment Authentication By ...)
- TODO: check
+ NOT-FOR-US: Wondershare Repairit Incorrect Permission Assignment
CVE-2025-10642 (A vulnerability has been found in wangchenyi1996 chat_forum up to 80bd ...)
- TODO: check
+ NOT-FOR-US: wangchenyi1996 chat_forum
CVE-2025-10634 (A weakness has been identified in D-Link DIR-823X 240126/240802/250416 ...)
NOT-FOR-US: D-Link
CVE-2025-10632 (A security flaw has been discovered in itsourcecode Online Petshop Man ...)
@@ -704,13 +704,13 @@ CVE-2025-10621 (A vulnerability was determined in SourceCodester Hotel Reservati
CVE-2025-10620 (A flaw has been found in itsourcecode Online Clinic Management System ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10619 (A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This ...)
- TODO: check
+ NOT-FOR-US: sequa-ai sequa-mcp
CVE-2025-10618 (A security vulnerability has been detected in itsourcecode Online Clin ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10617 (A weakness has been identified in SourceCodester Online Polling System ...)
NOT-FOR-US: SourceCodester
CVE-2025-10616 (A security flaw has been discovered in itsourcecode E-Commerce Website ...)
- TODO: check
+ NOT-FOR-US: itsourcecode E-Commerce Website
CVE-2025-10493 (The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct ...)
NOT-FOR-US: WordPress plugin
CVE-2023-49565 (The cbis_manager Podman container is vulnerable to remote command exec ...)
@@ -772,7 +772,7 @@ CVE-2025-59342 (esm.sh is a nobuild content delivery network(CDN) for modern web
CVE-2025-59341 (esm.sh is a nobuild content delivery network(CDN) for modern web devel ...)
NOT-FOR-US: esm.sh
CVE-2025-59340 (jinjava is a Java-based template engine based on django template synta ...)
- TODO: check
+ NOT-FOR-US: Jinjava
CVE-2025-59339 (The Bastion provides authentication, authorization, traceability and a ...)
NOT-FOR-US: Bastion
CVE-2025-59304 (A directory traversal issue in Swetrix Web Analytics API 3.1.1 before ...)
@@ -872,7 +872,7 @@ CVE-2025-10205 (Use of a One-Way Hash with a Predictable Salt vulnerability in A
CVE-2025-10157 (A Protection Mechanism Failure vulnerability in mmaitre314 picklescan ...)
NOT-FOR-US: mmaitre314 picklescan
CVE-2025-10156 (An Improper Handling of Exceptional Conditions vulnerability in the ZI ...)
- TODO: check
+ NOT-FOR-US: mmaitre314 picklescan
CVE-2025-10155 (An Improper Input Validation vulnerability in the scanning logic of mm ...)
NOT-FOR-US: mmaitre314 picklescan
CVE-2025-0879 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -1715,7 +1715,7 @@ CVE-2009-20007 (Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer ov
CVE-2009-20006 (osCommerce versions up to and including 2.2 RC2a contain a vulnerabili ...)
NOT-FOR-US: osCommerce
CVE-2009-20005 (A stack-based buffer overflow exists in the UtilConfigHome.csp endpoin ...)
- TODO: check
+ NOT-FOR-US: InterSystems Cache
CVE-2023-53334 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.1.20-1
NOTE: https://git.kernel.org/linus/ff35f3ea3baba5b81416ac02d005cfbf6dd182fa (6.3-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77b5c4f249717bfaac90cb1059c21a8887d7f7f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77b5c4f249717bfaac90cb1059c21a8887d7f7f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250918/22a36475/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list