Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38225ff2 by Salvatore Bonaccorso at 2025-08-27T22:37:56+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,43 +69,43 @@ CVE-2025-58192 (Missing Authorization vulnerability in
Xylus Themes WP Bulk Dele
CVE-2025-57821 (Basecamp's Google Sign-In adds Google sign-in to Rails
applications. P ...)
TODO: check
CVE-2025-56694 (Client-side password validation (CWE-602) in lumasoft
fotoShare Cloud ...)
- TODO: check
+ NOT-FOR-US: lumasoft fotoShare Cloud
CVE-2025-55618 (In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an
attacker ca ...)
- TODO: check
+ NOT-FOR-US: Hyundai
CVE-2025-55582 (D-Link DCS-825L firmware v1.08.01 contains a vulnerability in
the watc ...)
NOT-FOR-US: D-Link
CVE-2025-55495 (Tenda AC6 V15.03.06.23_multi was discovered to contain a
buffer overfl ...)
NOT-FOR-US: Tenda
CVE-2025-55422 (In FoxCMS 1.2.6, there is a reflected Cross Site Scripting
(XSS) vulne ...)
- TODO: check
+ NOT-FOR-US: FoxCMS
CVE-2025-54598 (The Bevy Event service through 2025-07-22, as used for eBay
Seller Eve ...)
- TODO: check
+ NOT-FOR-US: Bevy Event service
CVE-2025-53105 (GLPI, which stands for Gestionnaire Libre de Parc
Informatique, is a F ...)
TODO: check
CVE-2025-52122 (Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS,
contains an S ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2025-51667 (An issue was discovered in simple-admin-core v1.2.0 thru
v1.6.7. The / ...)
TODO: check
CVE-2025-50989 (OPNsense 25.1 contains an authenticated command injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2025-50986 (diskover-web v2.3.0 Community Edition suffers from multiple
stored cro ...)
- TODO: check
+ NOT-FOR-US: diskover-web
CVE-2025-50985 (diskover-web v2.3.0 Community Edition is vulnerable to
multiple reflec ...)
- TODO: check
+ NOT-FOR-US: diskover-web
CVE-2025-50984 (diskover-web v2.3.0 Community Edition is vulnerable to
multiple boolea ...)
- TODO: check
+ NOT-FOR-US: diskover-web
CVE-2025-50983 (SQL Injection vulnerability exists in the sortKey parameter of
the GET ...)
- TODO: check
+ NOT-FOR-US: readarr
CVE-2025-50979 (NodeBB v4.3.0 is vulnerable to SQL injection in its
search-categories ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2025-50978 (In Gitblit v1.7.1, a reflected cross-site scripting (XSS)
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Gitblit
CVE-2025-50977 (A template injection vulnerability leading to reflected
cross-site scr ...)
TODO: check
CVE-2025-50972 (SQL Injection vulnerability in AbanteCart 1.4.2, allows
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: AbanteCart
CVE-2025-50428 (In RaspAP raspap-webgui 3.3.2 and earlier, a command injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: RaspAP
CVE-2025-4225 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2025-43882 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an
Unverified ...)
@@ -161,31 +161,31 @@ CVE-2025-2313 (In the Print.pl service, the
"uhcPrintServerPrint" function allow
CVE-2025-2246 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
TODO: check
CVE-2025-20348 (A vulnerability in the REST API endpoints of Cisco Nexus
Dashboard and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20347 (A vulnerability in the REST API endpoints of Cisco Nexus
Dashboard and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20344 (A vulnerability in the backup restore functionality of Cisco
Nexus Das ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20342 (A vulnerability in the Virtual Keyboard Video Monitor (vKVM)
connectio ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20317 (A vulnerability in the Virtual Keyboard Video Monitor (vKVM)
connectio ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20296 (A vulnerability in the web-based management interface of Cisco
UCS Man ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20295 (A vulnerability in the CLI of Cisco UCS Manager Software could
allow a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20294 (Multiple vulnerabilities in the CLI and web-based management
interface ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20292 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20290 (A vulnerability in the logging feature of Cisco NX-OS Software
for Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20262 (A vulnerability in the Protocol Independent Multicast Version
6 (PIM6) ...)
NOT-FOR-US: Cisco
CVE-2025-20241 (A vulnerability in the Intermediate System-to-Intermediate
System (IS- ...)
NOT-FOR-US: Cisco
CVE-2024-37777 (O2OA v9.0.3 was discovered to contain a remote code execution
(RCE) vu ...)
- TODO: check
+ NOT-FOR-US: O2OA
CVE-2025-58050 (The PCRE2 library is a set of C functions that implement
regular expre ...)
- pcre2 <unfixed>
[bookworm] - pcre2 <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38225ff2a979fb83e11dad66be51ff195386af59
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38225ff2a979fb83e11dad66be51ff195386af59
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
