Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0d6345a1 by Moritz Muehlenhoff at 2025-07-11T12:34:02+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-7442 (The WPGYM - Wordpress Gym Management System
plugin for WordPress
CVE-2025-7436 (A vulnerability was found in Campcodes Online Recruitment
Management S ...)
NOT-FOR-US: Campcodes
CVE-2025-7435 (A vulnerability was found in LiveHelperChat lhc-php-resque
Extension u ...)
- TODO: check
+ NOT-FOR-US: LiveHelperChat
CVE-2025-7434 (A vulnerability was found in Tenda FH451 up to 1.0.0.9 and
classified ...)
NOT-FOR-US: Tenda
CVE-2025-7423 (A vulnerability classified as critical was found in Tenda O3V2
1.0.0.1 ...)
@@ -51,7 +51,7 @@ CVE-2025-5241 (Overly Restrictive Account Lockout Mechanism
vulnerability in Mit
CVE-2025-5028 (Installation file of ESET security products on Windows allow
an atta ...)
NOT-FOR-US: ESET
CVE-2025-53864 (Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: Connect2id
CVE-2025-53852
REJECTED
CVE-2025-53851
@@ -63,7 +63,7 @@ CVE-2025-53849
CVE-2025-53848
REJECTED
CVE-2025-53637 (Meshtastic is an open source mesh networking solution. The
main_matrix ...)
- TODO: check
+ NOT-FOR-US: Meshtastic
CVE-2025-53519 (A vulnerability exists in Advantech iView versions prior to
5.7.05 bui ...)
NOT-FOR-US: Advantech
CVE-2025-53515 (A vulnerability exists in Advantech iView that allows for SQL
injectio ...)
@@ -121,9 +121,9 @@ CVE-2025-2522 (The Honeywell Experion PKSand OneWireless
WDM contains Sensiti
CVE-2025-2521 (The Honeywell Experion PKS and OneWireless WDM contains a
Memory Buffe ...)
NOT-FOR-US: Honeywell
CVE-2025-24798 (Meshtastic is an open source mesh networking solution. From
1.2.1 unti ...)
- TODO: check
+ NOT-FOR-US: Meshtastic
CVE-2025-1727 (The protocol used for remote linking over RF for End-of-Train
and Hea ...)
- TODO: check
+ NOT-FOR-US: End-of-Train and Head-of-Train remote linking protocol
CVE-2025-53862
NOT-FOR-US: Ansible Automation Platform
CVE-2025-53861
@@ -179,9 +179,9 @@ CVE-2025-53630 (llama.cpp is an inference of several LLM
models in C/C++. Intege
NOTE:
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8
NOTE: Fixed by:
https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579
(b5854)
CVE-2025-53629 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
- TODO: check
+ - cpp-httplib <unfixed>
CVE-2025-53628 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
- TODO: check
+ - cpp-httplib <unfixed>
CVE-2025-53626 (pdfme is a TypeScript-based PDF generator and React-based UI.
The expr ...)
NOT-FOR-US: pdfme
CVE-2025-53625 (The DynamicPageList3 extension is a reporting tool for
MediaWiki, list ...)
@@ -189,7 +189,7 @@ CVE-2025-53625 (The DynamicPageList3 extension is a
reporting tool for MediaWiki
CVE-2025-53549 (The Matrix Rust SDK is a collection of libraries that make it
easier t ...)
NOT-FOR-US: matrix-sdk Rust crate
CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Headlamp
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache
Tomcat if an ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
@@ -266,19 +266,19 @@ CVE-2025-34102 (A remote code execution vulnerability
exists in CryptoLog (PHP v
CVE-2025-34101 (An unauthenticated command injection vulnerability exists in
Serviio M ...)
NOT-FOR-US: Serviio Media Server
CVE-2025-34100 (An unrestricted file upload vulnerability exists in
BuilderEngine 3.5. ...)
- TODO: check
+ NOT-FOR-US: BuilderEngine
CVE-2025-34099 (An unauthenticated command injection vulnerability exists in
VICIdial ...)
- TODO: check
+ NOT-FOR-US: VICIdial
CVE-2025-34098 (A path traversal vulnerability exists in Riverbed SteelHead
VCXapplian ...)
- TODO: check
+ NOT-FOR-US: Riverbed SteelHead VCX appliances
CVE-2025-34097 (An unrestricted file upload vulnerability exists in
ProcessMaker versi ...)
- TODO: check
+ NOT-FOR-US: ProcessMaker
CVE-2025-34096 (A stack-based buffer overflow vulnerability exists in Easy
File Sharin ...)
- TODO: check
+ NOT-FOR-US: Easy File Sharing HTTP Server
CVE-2025-34095 (An OS command injection vulnerability exists in Mako Server
versions 2 ...)
- TODO: check
+ NOT-FOR-US: Mako server (different from src:mako)
CVE-2025-34093 (An authenticated command injection vulnerability exists in the
Polycom ...)
- TODO: check
+ NOT-FOR-US: Polycom HDX
CVE-2025-2520 (The Honeywell Experion PKS contains an Uninitialized Variable
in the c ...)
NOT-FOR-US: Honeywell
CVE-2025-28245 (Cross-site scripting (XSS) vulnerability in Alteryx Server
2023.1.1.46 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d6345a1d54765864225d99e7552b3f3ecc6a6f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d6345a1d54765864225d99e7552b3f3ecc6a6f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
