Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db5a1edb by Salvatore Bonaccorso at 2025-08-21T08:11:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46,7 +46,7 @@ CVE-2025-8449 (CWE-400: Uncontrolled Resource Consumption
vulnerability exists t
CVE-2025-8448 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor vu ...)
NOT-FOR-US: Schneider Electric
CVE-2025-8415 (A vulnerability was found in the Cryostat HTTP API. Cryostat's
HTTP AP ...)
- TODO: check
+ NOT-FOR-US: Cryostat
CVE-2025-8309 (There is an improper privilege management vulnerability
identified in ...)
NOT-FOR-US: Zoho
CVE-2025-8102 (The Easy Digital Downloads plugin for WordPress is vulnerable
to Cross ...)
@@ -116,7 +116,7 @@ CVE-2025-54924 (CWE-918: Server-Side Request Forgery (SSRF)
vulnerability exists
CVE-2025-54923 (CWE-502: Deserialization of Untrusted Data vulnerability
exists that c ...)
NOT-FOR-US: Schneider Electric
CVE-2025-54175 (QuickCMS.EXT is vulnerable to Reflected XSS in
sFileNameparameter in t ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in
article creati ...)
NOT-FOR-US: QuickCMS
CVE-2025-54172 (QuickCMS is vulnerable to Stored XSS in sTitleparameter in
page editor ...)
@@ -130,7 +130,7 @@ CVE-2025-50904 (There is an authentication bypass
vulnerability in WinterChenS m
CVE-2025-50902 (Cross Site Request Forgery (CSRF) vulnerability in old-peanut
Open-Sho ...)
NOT-FOR-US: old-peanut Open-Shop
CVE-2025-50901 (JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19)
contains ...)
- TODO: check
+ NOT-FOR-US: JeeWMS
CVE-2025-50864 (An Origin Validation Error in the elysia-cors library thru
1.3.0 allow ...)
TODO: check
CVE-2025-50503 (A vulnerability in the password reset workflow of the Touch
Lebanon Mo ...)
@@ -202,7 +202,7 @@ CVE-2024-57152 (Incorrect access control in the preHandle
function of my-site v1
CVE-2024-53495 (Incorrect access control in the preHandle function of my-site
v1.0.2.R ...)
NOT-FOR-US: my-site
CVE-2024-50640 (jeewx-boot 1.3 has an authentication bypass vulnerability in
the preHa ...)
- TODO: check
+ NOT-FOR-US: jeewx-boot
CVE-2012-10061 (Sockso Music Host Server versions <= 1.5 are vulnerable to a
path trav ...)
NOT-FOR-US: Sockso Music Host Server
CVE-2011-10030 (Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API
function, creat ...)
@@ -323,11 +323,11 @@ CVE-2025-54363 (Microsoft Knack 0.12.0 allows Regular
expression Denial of Servi
- knack <unfixed>
TODO: check upstream details
CVE-2025-54145 (The QR scanner could allow arbitrary websites to be opened if
a user w ...)
- TODO: check
+ NOT-FOR-US: Firefox for iOS
CVE-2025-54144 (The URL scheme used by Firefox to facilitate searching of text
queries ...)
- TODO: check
+ NOT-FOR-US: Firefox for iOS
CVE-2025-54143 (Sandboxed iframes on webpages could potentially allow
downloads to the ...)
- TODO: check
+ NOT-FOR-US: Firefox for iOS
CVE-2025-54056 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-54055 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db5a1edb14fafd7e80dc4c92172ebd66bb6f49aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db5a1edb14fafd7e80dc4c92172ebd66bb6f49aa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
