Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
673f69b0 by Moritz Muehlenhoff at 2025-06-26T16:08:50+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55,7 +55,7 @@ CVE-2025-6641 (PDF-XChange Editor U3D File Parsing
Out-Of-Bounds Read Informatio
CVE-2025-6640 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code
Executi ...)
NOT-FOR-US: PDF-XChange
CVE-2025-6624 (Versions of the package snyk before 1.1297.3 are vulnerable to
Inserti ...)
- TODO: check
+ NOT-FOR-US: snyk CLI
CVE-2025-6546 (The Drive Folder Embedder plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6540 (The web-cam plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
@@ -105,9 +105,9 @@ CVE-2025-52934
CVE-2025-4334 (The Simple User Registration plugin for WordPress is vulnerable
to Pri ...)
NOT-FOR-US: WordPress plugin
CVE-2025-48497 (Cross-site request forgery vulnerability exists in iroha Board
version ...)
- TODO: check
+ NOT-FOR-US: iroha Board
CVE-2025-41404 (Direct request ('Forced Browsing') issue exists in iroha Board
version ...)
- TODO: check
+ NOT-FOR-US: iroha Board
CVE-2025-3863 (The Post Carousel Slider for Elementor plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2025-37101 (A potential security vulnerability has been identified in HPE
OneView ...)
@@ -155,7 +155,7 @@ CVE-2025-6605 (A vulnerability classified as critical was
found in SourceCodeste
CVE-2025-6604 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester
CVE-2025-6603 (A vulnerability was found in coldfunction qCUDA up to
db0085400c2f2011 ...)
- TODO: check
+ NOT-FOR-US: coldfunction qCUDA
CVE-2025-6543 (Memory overflow vulnerability leading to unintended control
flow and D ...)
NOT-FOR-US: Citrix
CVE-2025-6445 (ServiceStack FindType Directory Traversal Remote Code Execution
Vulner ...)
@@ -218,17 +218,17 @@ CVE-2025-52576 (Kanboard is project management software
that focuses on the Kanb
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7
NOTE:
https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1
(v1.2.46)
CVE-2025-52569 (GitForge.jl is a unified interface for interacting with Git
"forges." ...)
- TODO: check
+ NOT-FOR-US: GitForge.jl
CVE-2025-52483 (Registrator is a GitHub app that automates creation of
registration pu ...)
- TODO: check
+ NOT-FOR-US: Registrator GitHub app
CVE-2025-52480 (Registrator is a GitHub app that automates creation of
registration pu ...)
- TODO: check
+ NOT-FOR-US: Registrator GitHub app
CVE-2025-52479 (HTTP.jl provides HTTP client and server functionality for
Julia, and U ...)
- TODO: check
+ NOT-FOR-US: HTTP.jl
CVE-2025-50179 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-50178 (GitForge.jl is a unified interface for interacting with Git
"forges." ...)
- TODO: check
+ NOT-FOR-US: GitForge.jl
CVE-2025-4656 (Vault Community and Vault Enterprise rekey and recovery key
operations ...)
NOT-FOR-US: HashiCorp Vault
CVE-2025-49845 (Discourse is an open-source discussion platform. The
visibility of pos ...)
@@ -254,19 +254,19 @@ CVE-2025-48954 (Discourse is an open-source discussion
platform. Versions prior
CVE-2025-45333 (berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD)
vulnera ...)
TODO: check
CVE-2025-45332 (vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: c-ray
CVE-2025-44206 (Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264
and Hex ...)
- TODO: check
+ NOT-FOR-US: Hexagon HxGN OnCall Dispatch Advantag
CVE-2025-41647 (A local, low-privileged attacker can learn the password of the
connect ...)
TODO: check
CVE-2025-41256 (Cyberduck and Mountain Duck improper handle TLS certificate
pinning fo ...)
- TODO: check
+ NOT-FOR-US: Cyberduck and Mountain Duck
CVE-2025-41255 (Cyberduck and Mountain Duck improperly handle TLS certificate
pinning ...)
- TODO: check
+ NOT-FOR-US: Cyberduck and Mountain Duck
CVE-2025-25905 (Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0
and befor ...)
- TODO: check
+ NOT-FOR-US: CADClick
CVE-2025-25012 (URL redirection to an untrusted site ('Open Redirect') in
Kibana can l ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2025-20282 (A vulnerability in an internal API of Cisco ISE and Cisco
ISE-PIC coul ...)
NOT-FOR-US: Cisco
CVE-2025-20281 (A vulnerability in a specific API of Cisco ISE and Cisco
ISE-PIC could ...)
@@ -274,7 +274,7 @@ CVE-2025-20281 (A vulnerability in a specific API of Cisco
ISE and Cisco ISE-PIC
CVE-2025-20264 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2024-57708 (An issue in OneTrust SDK v.6.33.0 allows a local attacker to
cause a d ...)
- TODO: check
+ NOT-FOR-US: OneTrust SDK
CVE-2024-27685 (SQL Injection vulnerability in Student Record system Using PHP
and MyS ...)
TODO: check
CVE-2023-44915 (A cross-site scripting (XSS) vulnerability in the component
/Login.php ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673f69b03fee7720f8ab5e0c0543596623622414
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673f69b03fee7720f8ab5e0c0543596623622414
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
