Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a2c2ed55 by Salvatore Bonaccorso at 2025-08-20T22:38:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,9 +57,9 @@ CVE-2025-6181 (The StrongDM Windows service incorrectly
handled input validation
CVE-2025-6180 (The StrongDM Client insufficiently protected a
pre-authentication toke ...)
NOT-FOR-US: StrongDM Client
CVE-2025-5261 (Authorization Bypass Through User-Controlled Key vulnerability
in Pik ...)
- TODO: check
+ NOT-FOR-US: Pik Online Yazilim Cozumleri
CVE-2025-5260 (Server-Side Request Forgery (SSRF) vulnerability in Pik Online
Yaz\u01 ...)
- TODO: check
+ NOT-FOR-US: Pik Online Yazilim Cozumleri
CVE-2025-5115 (In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25,
<=12.0.21, ...)
TODO: check
CVE-2025-57734 (In JetBrains TeamCity before 2025.07.1 aWS credentials were
exposed in ...)
@@ -79,13 +79,13 @@ CVE-2025-57728 (In JetBrains IntelliJ IDEA before 2025.2
improper access control
CVE-2025-57727 (In JetBrains IntelliJ IDEA before 2025.2 credentials
disclosure was po ...)
- intellij-idea <itp> (bug #747616)
CVE-2025-55751 (OnboardLite is the result of the Influx Initiative, our vision
for an ...)
- TODO: check
+ NOT-FOR-US: OnboardLite
CVE-2025-55746 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
NOT-FOR-US: Directus
CVE-2025-55732 (Frappe is a full-stack web application framework. Prior to
15.74.2 and ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2025-55731 (Frappe is a full-stack web application framework. A carefully
crafted ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2025-55503 (Tenda AC6 V15.03.06.23_multi has a stack overflow
vulnerability via th ...)
NOT-FOR-US: Tenda
CVE-2025-55499 (Tenda AC6 V15.03.06.23_multi was discovered to contain a
buffer overfl ...)
@@ -97,7 +97,7 @@ CVE-2025-55483 (Tenda AC6 V15.03.06.23_multi is vulnerable to
Buffer Overflow in
CVE-2025-55482 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow
in the f ...)
NOT-FOR-US: Tenda
CVE-2025-55444 (A SQL injection vulnerability exists in the id2 parameter of
the cance ...)
- TODO: check
+ NOT-FOR-US: Online Artwork and Fine Arts MCA Project
CVE-2025-54927 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
NOT-FOR-US: Schneider Electric
CVE-2025-54926 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
@@ -111,23 +111,23 @@ CVE-2025-54923 (CWE-502: Deserialization of Untrusted
Data vulnerability exists
CVE-2025-54175 (QuickCMS.EXT is vulnerable to Reflected XSS in
sFileNameparameter in t ...)
TODO: check
CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in
article creati ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54172 (QuickCMS is vulnerable to Stored XSS in sTitleparameter in
page editor ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-51991 (XWiki through version 17.3.0 is vulnerable to Server-Side
Template Inj ...)
NOT-FOR-US: XWiki
CVE-2025-51990 (XWiki through version 17.3.0 is affected by multiple stored
Cross-Site ...)
NOT-FOR-US: XWiki
CVE-2025-50904 (There is an authentication bypass vulnerability in WinterChenS
my-site ...)
- TODO: check
+ NOT-FOR-US: WinterChenS my-site
CVE-2025-50902 (Cross Site Request Forgery (CSRF) vulnerability in old-peanut
Open-Sho ...)
- TODO: check
+ NOT-FOR-US: old-peanut Open-Shop
CVE-2025-50901 (JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19)
contains ...)
TODO: check
CVE-2025-50864 (An Origin Validation Error in the elysia-cors library thru
1.3.0 allow ...)
TODO: check
CVE-2025-50503 (A vulnerability in the password reset workflow of the Touch
Lebanon Mo ...)
- TODO: check
+ NOT-FOR-US: Touch Lebanon Mobile App
CVE-2025-47054 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
NOT-FOR-US: Adobe
CVE-2025-46998 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
@@ -167,7 +167,7 @@ CVE-2025-31355 (A firmware update vulnerability exists in
the Firmware Signature
CVE-2025-30256 (A denial of service vulnerability exists in the HTTP Header
Parsing fu ...)
NOT-FOR-US: Tenda
CVE-2025-28041 (Incorrect access control in the doFilter function of
itranswarp up to ...)
- TODO: check
+ NOT-FOR-US: itranswarp
CVE-2025-27129 (An authentication bypass vulnerability exists in the HTTP
authenticati ...)
NOT-FOR-US: Tenda
CVE-2025-24496 (An information disclosure vulnerability exists in the
/goform/getprodu ...)
@@ -175,9 +175,9 @@ CVE-2025-24496 (An information disclosure vulnerability
exists in the /goform/ge
CVE-2025-24322 (An unsafe default authentication vulnerability exists in the
Initial S ...)
NOT-FOR-US: Tenda
CVE-2025-20345 (A vulnerability in the debug logging function of Cisco Duo
Authenticat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20269 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20131 (A vulnerability in the GUI of Cisco Identity Services Engine
(ISE) cou ...)
NOT-FOR-US: Cisco
CVE-2025-1142 (IBM Edge Application Manager 4.5 is vulnerable to server-side
request ...)
@@ -185,57 +185,57 @@ CVE-2025-1142 (IBM Edge Application Manager 4.5 is
vulnerable to server-side req
CVE-2025-1139 (IBM Edge Application Manager 4.5 could allow a local user to
read or m ...)
NOT-FOR-US: IBM
CVE-2024-57491 (Authentication Bypass vulnerability in jobx up to
v1.0.1-RELEASE allow ...)
- TODO: check
+ NOT-FOR-US: jobx
CVE-2024-57157 (Incorrect access control in Jantent v1.1 allows attackers to
bypass au ...)
- TODO: check
+ NOT-FOR-US: Jantent
CVE-2024-57154 (Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows
attackers ...)
- TODO: check
+ NOT-FOR-US: dts-shop
CVE-2024-57152 (Incorrect access control in the preHandle function of my-site
v1.0.2 a ...)
- TODO: check
+ NOT-FOR-US: my-site
CVE-2024-53495 (Incorrect access control in the preHandle function of my-site
v1.0.2.R ...)
- TODO: check
+ NOT-FOR-US: my-site
CVE-2024-50640 (jeewx-boot 1.3 has an authentication bypass vulnerability in
the preHa ...)
TODO: check
CVE-2012-10061 (Sockso Music Host Server versions <= 1.5 are vulnerable to a
path trav ...)
- TODO: check
+ NOT-FOR-US: Sockso Music Host Server
CVE-2011-10030 (Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API
function, creat ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2011-10029 (Solar FTP Server fails to properly handle format strings
passed to the ...)
- TODO: check
+ NOT-FOR-US: Solar FTP Server
CVE-2011-10028 (The RealNetworks RealArcade platform includes an ActiveX
control (Inst ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealArcade platform
CVE-2011-10027 (AOL Desktop 9.6 contains a buffer overflow vulnerability in
its Tool\r ...)
- TODO: check
+ NOT-FOR-US: AOL Desktop
CVE-2011-10026 (Spreecommerce versions prior to 0.50.x contain a remote
command execut ...)
- TODO: check
+ NOT-FOR-US: Spreecommerce
CVE-2011-10025 (Subtitle Processor 7.7.1 contains a buffer overflow
vulnerability in i ...)
- TODO: check
+ NOT-FOR-US: Subtitle Processor
CVE-2011-10024 (MJM Core Player (likely now referred to as MJM Player) 2011 is
vulnera ...)
- TODO: check
+ NOT-FOR-US: MJM Core Player
CVE-2011-10023 (MJM QuickPlayer (likely now referred to as MJM Player) version
2010 co ...)
- TODO: check
+ NOT-FOR-US: MJM QuickPlayer
CVE-2011-10022 (SPlayer version 3.7 and earlier is vulnerable to a stack-based
buffer ...)
TODO: check
CVE-2011-10021 (Magix Musik Maker 16 is vulnerable to a stack-based buffer
overflow du ...)
- TODO: check
+ NOT-FOR-US: Magix Musik Maker
CVE-2011-10020 (Kaillera Server version 0.86 is vulnerable to a
denial-of-service cond ...)
- TODO: check
+ NOT-FOR-US: Kaillera Server
CVE-2010-20103 (A malicious backdoor was embedded in the official ProFTPD
1.3.3c sourc ...)
TODO: check
CVE-2010-20059 (FreeNAS 0.7.2 prior to revision 5543 includes an
unauthenticated comma ...)
- TODO: check
+ NOT-FOR-US: FreeNAS
CVE-2010-20049 (LeapFTP <3.1.x contains a stack-based buffer overflow
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: LeapFTP
CVE-2010-20045 (FileWrangler <= 5.30 suffers from a stack-based buffer
overflow vulner ...)
- TODO: check
+ NOT-FOR-US: FileWrangler
CVE-2010-20042 (Xion Audio Player versions prior to 1.0.126 are vulnerable to
a Unicod ...)
- TODO: check
+ NOT-FOR-US: Xion Audio Player
CVE-2010-20010 (Foxit PDF Reader before 4.2.0.0928 does not properly
bound-check the / ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2010-10014 (Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Odin Secure FTP
CVE-2009-10005 (ContentKeeper Web Appliance (now maintained by Impero
Software) versio ...)
- TODO: check
+ NOT-FOR-US: ContentKeeper Web Appliance
CVE-2025-9225 (Stored cross-site scripting (XSS) in the web interface of MiR
software ...)
NOT-FOR-US: MiR software
CVE-2025-9202 (The ColorMag theme for WordPress is vulnerable to unauthorized
modific ...)
@@ -408,29 +408,29 @@ CVE-2025-53299 (Deserialization of Untrusted Data
vulnerability in ThemeMakers T
CVE-2025-53226 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53213 (Unrestricted Upload of File with Dangerous Type vulnerability
in ELEXt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53212 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53210 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53208 (Authorization Bypass Through User-Controlled Key vulnerability
in paym ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53207 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53205 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53204 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53201 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53198 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53196 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53194 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49896 (Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP
Discord ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49894 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -498,55 +498,55 @@ CVE-2025-49381 (Cross-Site Request Forgery (CSRF)
vulnerability in ads.txt Guru
CVE-2025-48302 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48298 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48297 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48296 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48171 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48170 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48169 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48168 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48165 (Incorrect Privilege Assignment vulnerability in DELUCKS
DELUCKS SEO al ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48164 (Incorrect Privilege Assignment vulnerability in Brainstorm
Force SureD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48163 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48162 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48160 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48159 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48158 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48157 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48154 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48152 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48151 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48149 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48148 (Unrestricted Upload of File with Dangerous Type vulnerability
in Store ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48142 (Incorrect Privilege Assignment vulnerability in Saad Iqbal
Bookify all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47650 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30975 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28977 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-12223 (Prism Central versions prior to 2024.3.1 are vulnerable to a
stored cr ...)
- TODO: check
+ NOT-FOR-US: Prism Central
CVE-2025-9162
- keycloak <itp> (bug #1088287)
CVE-2025-55033 (Dragging JavaScript links to the URL bar in Focus for iOS
could be uti ...)
@@ -737,7 +737,7 @@ CVE-2025-50891 (Adform Site Tracking 1.1 allows attackers
to inject HTML or exec
CVE-2025-50579 (A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows
unauthor ...)
NOT-FOR-US: Nginx Proxy Manager
CVE-2025-50567 (Saurus CMS Community Edition 4.7.1 contains a vulnerability in
the cus ...)
- TODO: check
+ NOT-FOR-US: Saurus CMS
CVE-2025-50461 (A deserialization vulnerability exists in Volcengine's verl
3.0.0, spe ...)
NOT-FOR-US: Volcengine verl
CVE-2025-50434 (A security issue has been identified in Appian Enterprise
Business Pro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c2ed556e981936633ff63c347c6a9897f60da7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c2ed556e981936633ff63c347c6a9897f60da7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
