Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
efeb32d6 by Salvatore Bonaccorso at 2025-08-21T23:12:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -86,7 +86,7 @@ CVE-2025-55521 (An issue in the component
/settings/localisation of Akaunting v3
CVE-2025-55420 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in /ind ...)
NOT-FOR-US: FoxCMS
CVE-2025-55383 (Moss before v0.15 has a file upload vulnerability. The
"upload" functi ...)
- TODO: check
+ NOT-FOR-US: Moss
CVE-2025-55371 (Incorrect access control in the component
/controller/PersonController ...)
NOT-FOR-US: jshERP
CVE-2025-55370 (Incorrect access control in the component
\controller\ResourceControll ...)
@@ -100,47 +100,47 @@ CVE-2025-55366 (Incorrect access control in the component
\controller\UserContro
CVE-2025-55297 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
TODO: check
CVE-2025-55231 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55230 (Untrusted pointer dereference in Windows MBT Transport driver
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55229 (Improper verification of cryptographic signature in Windows
Certificat ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55107 (There is a stored Cross-site Scripting vulnerability in Esri
Portal ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-55106 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-55105 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-55104 (A stored cross-site scripting (XSS) vulnerability exists
ArcGIS HUB an ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-55103 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-54460 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2025-53795 (Improper authorization in Microsoft PC Manager allows an
unauthorized ...)
NOT-FOR-US: Microsoft
CVE-2025-53763 (Improper access control in Azure Databricks allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-53251 (Unrestricted Upload of File with Dangerous Type vulnerability
in An-Th ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52395 (An issue in Roadcute API v.1 allows a remote attacker to
execute arbit ...)
- TODO: check
+ NOT-FOR-US: Roadcute
CVE-2025-52352 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796
provides a conf ...)
- TODO: check
+ NOT-FOR-US: Aikaan IoT management platform
CVE-2025-52351 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a
newly g ...)
- TODO: check
+ NOT-FOR-US: Aikaan IoT management platform
CVE-2025-52194 (A buffer overflow vulnerability exists in libsndfile version
1.2.2 and ...)
TODO: check
CVE-2025-51989 (HTML injection vulnerability in the registration interface in
Evolutio ...)
- TODO: check
+ NOT-FOR-US: HRmaster
CVE-2025-51818 (MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the
Backups.ph ...)
- TODO: check
+ NOT-FOR-US: MCCMS
CVE-2025-50860 (SQL Injection in the listdomains function in Easy Hosting
Control Pane ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2025-48956 (vLLM is an inference and serving engine for large language
models (LLM ...)
TODO: check
CVE-2025-47184 (An XML external entities (XXE) injection vulnerability in the
/init AP ...)
- TODO: check
+ NOT-FOR-US: Exagid EX10
CVE-2025-43756 (<!--td {border: 1px solid #cccccc;}br
{mso-data-placement:same-cell;}- ...)
NOT-FOR-US: Liferay
CVE-2025-43755 (A Stored cross-site scripting vulnerability in the Liferay
Portal 7.4. ...)
@@ -148,25 +148,25 @@ CVE-2025-43755 (A Stored cross-site scripting
vulnerability in the Liferay Porta
CVE-2025-43754 (Username enumeration vulnerability in Liferay Portal 7.4.0
through 7.4 ...)
NOT-FOR-US: Liferay
CVE-2025-41415 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2025-3128 (A remote unauthenticated attacker who has bypassed
authentication coul ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi Electric
CVE-2025-38743 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0,
contains a ...)
NOT-FOR-US: Dell / EMC
CVE-2025-38742 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0,
contains a ...)
NOT-FOR-US: Dell / EMC
CVE-2025-34158 (Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are
affecte ...)
- TODO: check
+ NOT-FOR-US: Plex Media Server (PMS)
CVE-2025-27721 (Unauthorized users can access INFINITT PACS System
Managerwithout prop ...)
- TODO: check
+ NOT-FOR-US: INFINITT Healthcare
CVE-2025-27714 (An attacker could exploit this vulnerability by uploading
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: INFINITT Healthcare
CVE-2025-24489 (An attacker could exploit this vulnerability by uploading
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: INFINITT Healthcare
CVE-2024-50641 (An authentication bypass vulnerability in
PandoraNext-TokensTool v0.6. ...)
- TODO: check
+ NOT-FOR-US: PandoraNext-TokensTool
CVE-2024-45438 (An issue was discovered in TitanHQ SpamTitan Email Security
Gateway 8. ...)
- TODO: check
+ NOT-FOR-US: TitanHQ SpamTitan Email Security Gateway
CVE-2025-XXXX [OSSN-0094]
- nova 2:31.0.0-7 (bug #1111689)
- watcher 14.0.0-3 (bug #1111692)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efeb32d69c050dbcb08ea3617e9b8f8208d0d488
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efeb32d69c050dbcb08ea3617e9b8f8208d0d488
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
