Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
515f854b by Moritz Mühlenhoff at 2025-07-09T12:38:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,37 +9,37 @@ CVE-2025-7218 (A vulnerability was found in Campcodes Payroll
Management System
CVE-2025-7217 (A vulnerability has been found in Campcodes Payroll Management
System ...)
NOT-FOR-US: Campcodes
CVE-2025-7216 (A vulnerability, which was classified as critical, was found in
lty628 ...)
- TODO: check
+ NOT-FOR-US: lty628 Aidigu
CVE-2025-7215 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: FNKvision
CVE-2025-7214 (A vulnerability classified as problematic was found in
FNKvision FNK-G ...)
- TODO: check
+ NOT-FOR-US: FNKvision
CVE-2025-7213 (A vulnerability classified as critical has been found in
FNKvision FNK ...)
- TODO: check
+ NOT-FOR-US: FNKvision
CVE-2025-7212 (A vulnerability was found in itsourcecode Insurance Management
System ...)
NOT-FOR-US: itsourcecode System
CVE-2025-7211 (A vulnerability was found in code-projects LifeStyle Store 1.0.
It has ...)
NOT-FOR-US: code-projects
CVE-2025-7210 (A vulnerability was found in code-projects/Fabian Ros Library
Manageme ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7209 (A vulnerability has been found in 9fans plan9port up to 9da5b44
and cl ...)
- TODO: check
+ NOT-FOR-US: plan9port
CVE-2025-7208 (A vulnerability was found in 9fans plan9port up to 9da5b44. It
has bee ...)
- TODO: check
+ NOT-FOR-US: plan9port
CVE-2025-7207 (A vulnerability, which was classified as problematic, was found
in mru ...)
TODO: check
CVE-2025-7206 (A vulnerability, which was classified as critical, has been
found in D ...)
NOT-FOR-US: D-Link
CVE-2025-7200 (A vulnerability, which was classified as critical, was found in
krishn ...)
- TODO: check
+ NOT-FOR-US: krishna9772 Pharmacy Management System
CVE-2025-7199 (A vulnerability, which was classified as critical, has been
found in c ...)
NOT-FOR-US: code-projects
CVE-2025-7198 (A vulnerability classified as critical was found in
code-projects Jonn ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7197 (A vulnerability classified as critical has been found in
code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7196 (A vulnerability was found in code-projects Jonnys Liquor 1.0.
It has b ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7194 (A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It
has been ...)
NOT-FOR-US: D-Link
CVE-2025-7059 (The Simple Featured Image plugin for WordPress is vulnerable to
Stored ...)
@@ -185,13 +185,13 @@ CVE-2025-43582 (Substance3D - Viewer versions 0.22 and
earlier are affected by a
CVE-2025-3780 (The WCFM \u2013 Frontend Manager for WooCommerce along with
Bookings S ...)
NOT-FOR-US: WordPress plugin
CVE-2025-34085 (An unrestricted file upload vulnerability in the WordPress
Simple File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-34084 (An unauthenticated information disclosure vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-34083 (An unrestricted file upload vulnerability exists in the
WordPress AIT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-34077 (An authentication bypass vulnerability exists in the WordPress
Pie Reg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30313 (Illustrator versions 28.7.6, 29.5.1 and earlier are affected
by an out ...)
NOT-FOR-US: Adobe
CVE-2025-27203 (Adobe Connect versions 24.0 and earlier are affected by a
Deserializat ...)
@@ -210,14 +210,14 @@ CVE-2025-4674
NOTE:
https://github.com/golang/go/commit/e9d2c032b14c17083be0f8f0c822565199d2994f
(go1.23.11)
NOTE: https://github.com/golang/go/issues/74380
CVE-2025-7363 (The TitleIcon extension for MediaWiki is vulnerable to stored
XSS thro ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension TitleIcon
CVE-2025-7362 (The MsUpload extension for MediaWiki is vulnerable to stored
XSS via t ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension MsUpload
CVE-2025-7345 (A flaw exists in gdk\u2011pixbuf within the
gdk_pixbuf__jpeg_image_loa ...)
- gdk-pixbuf <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249
CVE-2025-7326 (Weak authentication in EOLASP.NET Core allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: EOLASP.NET Core
CVE-2025-7193 (A vulnerability was found in itsourcecode Agri-Trading Online
Shopping ...)
NOT-FOR-US: itsourcecode System
CVE-2025-7192 (A vulnerability was found in D-Link DIR-645 up to 1.05B01 and
classifi ...)
@@ -289,15 +289,15 @@ CVE-2025-5451 (A stack-based buffer overflow in Ivanti
Connect Secure before ver
CVE-2025-5450 (Improper access control in the certificate management component
of Iva ...)
NOT-FOR-US: Ivanti
CVE-2025-53545 (Press, a Frappe custom app that runs Frappe Cloud, manages
infrastruct ...)
- TODO: check
+ NOT-FOR-US: Press
CVE-2025-53513 (The /charms endpoint on a Juju controller lacked sufficient
authorizat ...)
- juju <removed>
CVE-2025-53512 (The /log endpoint on a Juju controller lacked sufficient
authorization ...)
- juju <removed>
CVE-2025-53480 (The CheckUser extension\u2019s Special:Investigate page has a
vulnerab ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension CheckUser
CVE-2025-53479 (The CheckUser extension\u2019s Special:CheckUser interface is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension CheckUser
CVE-2025-53372 (node-code-sandbox-mcp is a Node.js\u2013based Model Context
Protocol s ...)
NOT-FOR-US: node-code-sandbox-mcp
CVE-2025-53355 (MCP Server Kubernetes is an MCP Server that can connect to a
Kubernete ...)
@@ -435,19 +435,19 @@ CVE-2025-49671 (Exposure of sensitive information to an
unauthorized actor in Wi
CVE-2025-49670 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
NOT-FOR-US: Microsoft
CVE-2025-49669 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49668 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49667 (Double free in Windows Win32K - ICOMP allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49666 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49665 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49664 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49663 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49661 (Untrusted pointer dereference in Windows Ancillary Function
Driver for ...)
TODO: check
CVE-2025-49660 (Use after free in Windows Event Tracing allows an authorized
attacker ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/515f854b58e7013075214aaf3baf80244cb82903
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/515f854b58e7013075214aaf3baf80244cb82903
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
