Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
669118d9 by Moritz Muehlenhoff at 2025-06-27T09:24:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-6707 (Under certain conditions, an authenticated
user request may execu
CVE-2025-6706 (An authenticated user may trigger a use after free that may
result in ...)
- mongodb <removed>
CVE-2025-6703 (Improper Input Validation vulnerability in Mozilla neqo leads
to an un ...)
- TODO: check
+ NOT-FOR-US: neqo
CVE-2025-6702 (A vulnerability, which was classified as problematic, was found
in lin ...)
NOT-FOR-US: linlinjava litemall
CVE-2025-6701 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -69,19 +69,19 @@ CVE-2025-53122 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-53121 (Multiple stored XSS were found on different nodes with
unsanitized par ...)
NOT-FOR-US: OpenNMS
CVE-2025-53013 (Himmelblau is an interoperability suite for Microsoft Azure
Entra ID a ...)
- TODO: check
+ NOT-FOR-US: Himmelblau
CVE-2025-53007 (arduino-esp32 provides an Arduino core for the ESP32. Versions
prior t ...)
- TODO: check
+ NOT-FOR-US: arduino-esp32
CVE-2025-53002 (LLaMA-Factory is a tuning library for large language models. A
remote ...)
- TODO: check
+ NOT-FOR-US: LLaMA-Factory
CVE-2025-52904 (File Browser provides a file managing interface within a
specified dir ...)
- TODO: check
+ NOT-FOR-US: filebrowser
CVE-2025-52903 (File Browser provides a file managing interface within a
specified dir ...)
- TODO: check
+ NOT-FOR-US: filebrowser
CVE-2025-52902 (File Browser provides a file managing interface within a
specified dir ...)
- TODO: check
+ NOT-FOR-US: filebrowser
CVE-2025-52900 (File Browser provides a file managing interface within a
specified dir ...)
- TODO: check
+ NOT-FOR-US: filebrowser
CVE-2025-52887 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
- cpp-httplib <unfixed>
NOTE:
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjhg-gf59-p92h
@@ -90,7 +90,7 @@ CVE-2025-52887 (cpp-httplib is a C++11 single-file
header-only cross platform HT
CVE-2025-52573 (iOS Simulator MCP Server (ios-simulator-mcp) is a Model
Context Protoc ...)
NOT-FOR-US: iOS Simulator MCP Server (ios-simulator-mcp)
CVE-2025-52477 (Octo-STS is a GitHub App that acts like a Security Token
Service (STS) ...)
- TODO: check
+ NOT-FOR-US: Octo-STS GitHub app
CVE-2025-51672 (A time-based blind SQL injection vulnerability was identified
in the P ...)
NOT-FOR-US: PHPGurukul
CVE-2025-51671 (A SQL injection vulnerability was discovered in the PHPGurukul
Dairy F ...)
@@ -100,7 +100,7 @@ CVE-2025-50350 (PHPGurukul Pre-School Enrollment System
Project v1.0 is vulnerab
CVE-2025-49603 (Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1
has Inc ...)
NOT-FOR-US: Northern.tech Mender Server
CVE-2025-49592 (n8n is a workflow automation platform. Versions prior to
1.98.0 have a ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2025-49003 (DataEase is an open source business intelligence and data
visualizatio ...)
NOT-FOR-US: DataEase
CVE-2025-48923 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -110,7 +110,7 @@ CVE-2025-48922 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-48921 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open
Social ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-44141 (A Cross-Site Scripting (XSS) vulnerability exists in the node
creation ...)
- TODO: check
+ NOT-FOR-US: Backdrop CMS
CVE-2025-3773 (A sensitive information exposure vulnerability in System
Information ...)
TODO: check
CVE-2025-3771 (A path or symbolic link manipulation vulnerability in SIR 1.0.3
and pr ...)
@@ -128,21 +128,21 @@ CVE-2025-34047 (A path traversal vulnerability exists in
the Leadsec SSL VPN (fo
CVE-2025-34046 (An unauthenticated file upload vulnerability exists in the
Fanwei E-Of ...)
TODO: check
CVE-2025-34045 (A path traversal vulnerability exists in WeiPHP 5.0, an open
source We ...)
- TODO: check
+ NOT-FOR-US: WeiPHP
CVE-2025-34044 (A remote command injection vulnerability exists in the
confirm.php int ...)
- TODO: check
+ NOT-FOR-US: WIFISKY
CVE-2025-34043 (A remote command injection vulnerability exists in Vacron
Network Vide ...)
- TODO: check
+ NOT-FOR-US: Vacron Network Video Recorder
CVE-2025-34042 (An authenticated command injection vulnerability exists in the
Beward ...)
- TODO: check
+ NOT-FOR-US: Beward N100 IP Camera
CVE-2025-30131 (An issue was discovered on IROAD Dashcam FX2 devices. An
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: IROAD Dashcam FX2
CVE-2025-29331 (An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a
remote a ...)
TODO: check
CVE-2024-6174 (When a non-x86 platform is detected, cloud-init grants root
access to ...)
TODO: check
CVE-2024-56915 (Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to
Cross Si ...)
- TODO: check
+ - netbox <itp> (bug #1017079)
CVE-2024-52928 (Arc before 1.26.1 on Windows has a bypass issue in the site
settings t ...)
TODO: check
CVE-2024-11584 (cloud-initthrough 25.1.2 includes the systemd socket
unitcloud-init-ho ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/669118d9c761c7293eb49bdc89331edaf0f77c3e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/669118d9c761c7293eb49bdc89331edaf0f77c3e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
