Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ba9ba947 by Salvatore Bonaccorso at 2025-08-22T22:24:14+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,17 +5,17 @@ CVE-2025-9340 (Out-of-bounds Write vulnerability in Legion of
the Bouncy Castle
CVE-2025-9331 (The Spacious theme for WordPress is vulnerable to unauthorized
modific ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9259 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WebITR
CVE-2025-9258 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WebITR
CVE-2025-9257 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WebITR
CVE-2025-9256 (WebITR developed by Uniong has an Arbitrary File Reading
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WebITR
CVE-2025-9255 (WebITR developed by Uniong has a SQL Injection vulnerability,
allowing ...)
- TODO: check
+ NOT-FOR-US: WebITR
CVE-2025-9254 (WebITR developed by Uniong has a Missing Authentication
vulnerability, ...)
- TODO: check
+ NOT-FOR-US: WebITR
CVE-2025-6791 (On the monitoring event logs page, it is possible to alter the
http re ...)
NOT-FOR-US: Centreon
CVE-2025-57896 (Missing Authorization vulnerability in andy_moyle Church Admin
allows ...)
@@ -43,47 +43,47 @@ CVE-2025-57885 (Cross-Site Request Forgery (CSRF)
vulnerability in Shahjahan Jew
CVE-2025-57884 (Missing Authorization vulnerability in wpsoul Greenshift
allows Exploi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-57801 (gnark is a zero-knowledge proof system framework. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: gnark
CVE-2025-57800 (Audiobookshelf is an open-source self-hosted audiobook server.
In vers ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2025-57771 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
- TODO: check
+ NOT-FOR-US: Roo Code
CVE-2025-57770 (The open-source identity infrastructure software Zitadel
allows admini ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2025-57105 (The DI-7400G+ router has a command injection vulnerability,
which allo ...)
- TODO: check
+ NOT-FOR-US: DI-7400G+ router
CVE-2025-55745 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
- TODO: check
+ NOT-FOR-US: UnoPim
CVE-2025-55741 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
- TODO: check
+ NOT-FOR-US: UnoPim
CVE-2025-55637 (Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime -
firmware v ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55634 (Incorrect access control in the RTMP server settings of
Reolink Smart ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55631 (Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime -
firmware v ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55630 (A discrepancy in the error message returned by the login
function of R ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55629 (Insecure permissions in Reolink Smart 2K+ Plug-in Wi-Fi Video
Doorbell ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55627 (Insufficient privilege verification in Reolink Smart 2K+
Plug-in Wi-Fi ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55626 (An Insecure Direct Object Reference (IDOR) vulnerability in
Reolink Sm ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55625 (An open redirect vulnerability in Reolink v4.54.0.4.20250526
allows at ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55624 (An intent redirection vulnerability in Reolink
v4.54.0.4.20250526 allo ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55623 (An issue in the lock screen component of Reolink
v4.54.0.4.20250526 al ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55622 (Reolink v4.54.0.4.20250526 was discovered to contain a task
hijacking ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55621 (An Insecure Direct Object Reference (IDOR) vulnerability in
Reolink v4 ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55620 (A cross-site scripting (XSS) vulnerability in the
valuateJavascript() ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55619 (Reolink v4.54.0.4.20250526 was discovered to contain a
hardcoded encry ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-55613 (Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in
the from ...)
NOT-FOR-US: Tenda
CVE-2025-55611 (D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in
the formLa ...)
@@ -101,11 +101,11 @@ CVE-2025-55599 (D-Link DIR-619L 2.06B01 is vulnerable to
Buffer Overflow in the
CVE-2025-55581 (D-Link DCS-825L firmware version 1.08.01 and possibly prior
versions c ...)
NOT-FOR-US: D-Link
CVE-2025-55573 (QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site
Scripting (X ...)
- TODO: check
+ NOT-FOR-US: QuantumNous new-api
CVE-2025-55454 (An authenticated arbitrary file upload vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: DooTask
CVE-2025-55398 (An issue was discovered in mouse07410 asn1c thru 0.9.29
(2025-03-20) - ...)
- TODO: check
+ NOT-FOR-US: mouse07410 asn1c
CVE-2025-54813 (Improper Output Neutralization for Logs vulnerability in
Apache Log4cx ...)
TODO: check
CVE-2025-54812 (Improper Output Neutralization for Logs vulnerability in
Apache Log4cx ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba9ba9471d293319762c02430b1d4fc5d5726a10
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba9ba9471d293319762c02430b1d4fc5d5726a10
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
