Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
964c8432 by Salvatore Bonaccorso at 2025-06-13T22:34:14+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,21 +13,21 @@ CVE-2025-6029 (Use of fixed learning codes, one code to
lock the car and the oth
CVE-2025-49597 (handcraftedinthealps goodby-csv is a highly memory efficient,
flexible ...)
TODO: check
CVE-2025-49587 (XWiki is an open-source wiki software platform. When a user
without sc ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-49586 (XWiki is an open-source wiki software platform. Any XWiki user
with ed ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-49585 (XWiki is a generic wiki platform. In versions before 15.10.16,
16.0.0- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-49584 (XWiki is a generic wiki platform. In XWiki Platform versions
10.9 thro ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-49583 (XWiki is a generic wiki platform. When a user without script
right cre ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-49582 (XWiki is a generic wiki platform. When editing content that
contains " ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-49581 (XWiki is a generic wiki platform. Any user with edit right on
a page ( ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-49580 (XWiki is a generic wiki platform. From 8.2 and 7.4.5 until
17.1.0-rc-1 ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-49468 (A SQL injection vulnerability in No Boss Calendar component
before 5.0 ...)
NOT-FOR-US: Joomla
CVE-2025-48920 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -45,45 +45,45 @@ CVE-2025-48915 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-48914 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-48825 (RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0
contains an i ...)
- TODO: check
+ NOT-FOR-US: RICOH
CVE-2025-46783 (Path traversal vulnerability exists in RICOH Streamline NX V3
PC Clien ...)
- TODO: check
+ NOT-FOR-US: RICOH
CVE-2025-46096 (Directory Traversal vulnerability in solon v.3.1.2 allows a
remote att ...)
TODO: check
CVE-2025-46060 (Buffer Overflow vulnerability in TOTOLINK N600R
v4.3.0cu.7866_B2022506 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-45988 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4,
BL-X10_AC8 v1.0 ...)
- TODO: check
+ NOT-FOR-US: Blink routers
CVE-2025-45987 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4,
BL-X10_AC8 v1.0 ...)
- TODO: check
+ NOT-FOR-US: Blink routers
CVE-2025-45986 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4,
BL-X10_AC8 v1.0 ...)
- TODO: check
+ NOT-FOR-US: Blink routers
CVE-2025-45985 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4,
BL-X10_AC8 v1.0 ...)
- TODO: check
+ NOT-FOR-US: Blink routers
CVE-2025-45984 (Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2,
BL-AC2100_AZ3 V1.0.4 ...)
- TODO: check
+ NOT-FOR-US: Blink routers
CVE-2025-36633 (In Tenable Agent versions prior to 10.8.5 on a Windows host,
it was fo ...)
TODO: check
CVE-2025-36631 (In Tenable Agent versions prior to 10.8.5 on a Windows host,
it was fo ...)
TODO: check
CVE-2025-36506 (External control of file name or path issue exists in RICOH
Streamline ...)
- TODO: check
+ NOT-FOR-US: RICOH
CVE-2025-29902 (Remote code execution that allows unauthorized users to
execute arbitr ...)
TODO: check
CVE-2025-28389 (Weak password requirements in OpenC3 COSMOS v6.0.0 allow
attackers to ...)
- TODO: check
+ NOT-FOR-US: OpenC3 COSMOS
CVE-2025-28388 (OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded
credentials f ...)
- TODO: check
+ NOT-FOR-US: OpenC3 COSMOS
CVE-2025-28386 (A remote code execution (RCE) vulnerability in the Plugin
Management c ...)
- TODO: check
+ NOT-FOR-US: OpenC3 COSMOS
CVE-2025-28384 (An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS
6.0.0 a ...)
- TODO: check
+ NOT-FOR-US: OpenC3 COSMOS
CVE-2025-28382 (An issue in the openc3-api/tables endpoint of OpenC3 COSMOS
6.0.0 allo ...)
- TODO: check
+ NOT-FOR-US: OpenC3 COSMOS
CVE-2025-28381 (A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to
access s ...)
- TODO: check
+ NOT-FOR-US: OpenC3 COSMOS
CVE-2025-28380 (A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS
v6.0.0 all ...)
- TODO: check
+ NOT-FOR-US: OpenC3 COSMOS
CVE-2025-6012 (The Auto Attachments plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5950 (The IndieBlocks plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/964c84322b076e35f8fb9eb17c01ce03cdd27b26
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/964c84322b076e35f8fb9eb17c01ce03cdd27b26
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
