Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2523fc88 by Salvatore Bonaccorso at 2025-07-09T22:35:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-7381 (ImpactThis is an information disclosure vulnerability
originating from ...)
- TODO: check
+ NOT-FOR-US: Docker Image for Mautic
CVE-2025-7379 (A security bypass vulnerability allows exploitation via Reverse
Tabnab ...)
NOT-FOR-US: Asustor
CVE-2025-7204 (In ConnectWise PSA versions older than 2025.9, a vulnerability
exists ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2025-6514 (mcp-remote is exposed to OS command injection when connecting
to untru ...)
- TODO: check
+ NOT-FOR-US: mcp-remote
CVE-2025-53743 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not
mask Applit ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53742 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores
Applitools AP ...)
@@ -79,15 +79,15 @@ CVE-2025-53546 (Folo organizes feeds content into one
timeline. Using pull_reque
CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware
V22.5.4.9 ...)
NOT-FOR-US: Tenda
CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping
diagnostic ...)
- TODO: check
+ NOT-FOR-US: FiberHome FD602GW-DX-R410 router
CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was
discovere ...)
TODO: check
CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to
utilize i ...)
TODO: check
CVE-2025-44525 (Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX
SDK 7.41 ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX
CC26XX SDK
CVE-2025-44177 (A directory traversal vulnerability was discovered in White
Star Softw ...)
- TODO: check
+ NOT-FOR-US: White Star Software Protop
CVE-2025-3499 (The device has two web servers that expose unauthenticated REST
APIs o ...)
TODO: check
CVE-2025-3498 (An unauthenticated user with management network access can get
and mo ...)
@@ -900,7 +900,7 @@ CVE-2025-21426 (Memory corruption while processing camera
TPG write request.)
CVE-2025-21422 (Cryptographic issue while processing crypto API calls, missing
checks ...)
NOT-FOR-US: Qualcomm
CVE-2025-21195 (Improper link resolution before file access ('link following')
in Serv ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21168 (Substance3D - Designer versions 14.1 and earlier are affected
by an ou ...)
NOT-FOR-US: Adobe
CVE-2025-21167 (Substance3D - Designer versions 14.1 and earlier are affected
by an ou ...)
@@ -360325,7 +360325,7 @@ CVE-2021-27963 (SonLogger before 6.4.1 is affected by
user creation with any use
CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x
before 7.4. ...)
- grafana <removed>
CVE-2021-27961 (evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via
the inde ...)
- TODO: check
+ NOT-FOR-US: evesys
CVE-2021-27960
RESERVED
CVE-2021-27959
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2523fc8851f646975fb724537137922b41d89046
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2523fc8851f646975fb724537137922b41d89046
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
