Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92a9a112 by Moritz Mühlenhoff at 2025-07-08T14:55:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -133,13 +133,13 @@ CVE-2025-42953 (SAP Netweaver System Configuration does
not perform necessary au
CVE-2025-42952 (SAP Business Warehouse and SAP Plug-In Basis allows an
authenticated a ...)
NOT-FOR-US: SAP
CVE-2025-41668 (A low privileged remote attacker with file access can replace
a critic ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41667 (A low privileged remote attacker with file access can replace
a critic ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41666 (A low privileged remote attacker with file access can replace
a critic ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-41665 (An low privileged remote attacker can enforce the watchdog of
the affe ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-38237 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
TODO: check
CVE-2025-38236 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
@@ -147,23 +147,23 @@ CVE-2025-38236 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-31326 (SAP\ufffdBusinessObjects Business\ufffdIntelligence Platform
(Web Inte ...)
NOT-FOR-US: SAP
CVE-2025-25271 (An unauthenticated adjacent attacker is able to configure a
new OCPP b ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-25270 (An unauthenticated remote attacker can alter the device
configuration ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-25269 (An unauthenticated local attacker can inject a command that is
subsequ ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-25268 (An unauthenticated adjacent attacker can modify configuration
by sendi ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-24006 (A low privileged local attacker can leverage insecure
permissions via ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-24005 (A local attacker with a local user account can leverage a
vulnerable s ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-24004 (A physical attacker with access to the device display via
USB-C can se ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-24003 (An unauthenticated remote attacker can use MQTT messages to
trigger ou ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-24002 (An unauthenticated remote attacker can use MQTT messages to
crash a se ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2025-20695 (In Bluetooth FW, there is a possible system crash due to an
uncaught e ...)
NOT-FOR-US: MediaTek
CVE-2025-20694 (In Bluetooth FW, there is a possible system crash due to an
uncaught e ...)
@@ -249,9 +249,9 @@ CVE-2025-7120 (A vulnerability was found in Campcodes
Complaint Management Syste
CVE-2025-7119 (A vulnerability has been found in Campcodes Complaint
Management Syste ...)
NOT-FOR-US: Campcodes
CVE-2025-7057 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension Quiz
CVE-2025-7056 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension UrlShortener
CVE-2025-6811 (Mescius ActiveReports.NET TypeResolutionService Deserialization
of Unt ...)
NOT-FOR-US: Mescius ActiveReports.NET
CVE-2025-6810 (Mescius ActiveReports.NET ReadValue Deserialization of
Untrusted Data ...)
@@ -336,25 +336,25 @@ CVE-2025-53526 (WeGIA is a web manager for charitable
institutions. An XSS Injec
CVE-2025-53525 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
NOT-FOR-US: WeGIA
CVE-2025-53499 (: Missing Authorization vulnerability in Wikimedia Foundation
Mediawik ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension AbuseFilter
CVE-2025-53498 (: Insufficient Logging vulnerability in Wikimedia Foundation
Mediawiki ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension AbuseFilter
CVE-2025-53497 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension RelatedArticles
CVE-2025-53496 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension MediaSearch
CVE-2025-53495 (Missing Authorization vulnerability in Wikimedia Foundation
Mediawiki ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension AbuseFilter
CVE-2025-53491 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension FlaggedRevs
CVE-2025-53488 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension WikiHiero
CVE-2025-53487 (The ApprovedRevs extension for MediaWiki is vulnerable to
stored XSS i ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension ApprovedRevs
CVE-2025-53486 (The WikiCategoryTagCloud extension is vulnerable to reflected
XSS via ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension WikiCategoryTagCloud
CVE-2025-53478 (The CheckUser extension\u2019s Special:Investigate interface
is vulner ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension CheckUser
CVE-2025-53377 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
NOT-FOR-US: WeGIA
CVE-2025-53376 (Dokploy is a self-hostable Platform as a Service (PaaS) that
simplifie ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92a9a1127c3d3f6fa383cd728d3739331ab3da5b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92a9a1127c3d3f6fa383cd728d3739331ab3da5b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
