Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d45f7448 by Salvatore Bonaccorso at 2025-08-29T23:12:59+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -72,7 +72,7 @@ CVE-2025-7071 (Padding oracle attack vulnerability in Oberon
microsystem AG\u201
CVE-2025-5808 (Improper Input Validation vulnerability in OpenText Self
Service Passw ...)
NOT-FOR-US: OpenText
CVE-2025-58158 (Harness Open Source is an end-to-end developer platform with
Source Co ...)
- TODO: check
+ NOT-FOR-US: Harness Open Source
CVE-2025-56577 (An issue in Evope Core v.1.1.3.20 allows a local attacker to
obtain se ...)
NOT-FOR-US: Evope Core
CVE-2025-55763 (Buffer Overflow in the URI parser of CivetWeb 1.14 through
1.16 (lates ...)
@@ -80,17 +80,17 @@ CVE-2025-55763 (Buffer Overflow in the URI parser of
CivetWeb 1.14 through 1.16
NOTE: https://github.com/krispybyte/CVE-2025-55763
NOTE: https://github.com/civetweb/civetweb/pull/1347
CVE-2025-55750 (Gitpod is a developer platform for cloud development
environments. In ...)
- TODO: check
+ NOT-FOR-US: Gitpod
CVE-2025-55580 (SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site
Scripting ( ...)
- TODO: check
+ NOT-FOR-US: SolidInvoice
CVE-2025-55579 (SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross
Site Sc ...)
- TODO: check
+ NOT-FOR-US: SolidInvoice
CVE-2025-55304 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
TODO: check
CVE-2025-55202 (Opencast is a free, open-source platform to support the
management of ...)
- TODO: check
+ NOT-FOR-US: Opencast
CVE-2025-55177 (Incomplete authorization of linked device synchronization
messages in ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2025-54877 (Tuleap is an Open Source Suite created to facilitate
management of sof ...)
NOT-FOR-US: Tuleap
CVE-2025-54080 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
@@ -100,33 +100,33 @@ CVE-2025-52861 (A path traversal vulnerability has been
reported to affect VioSt
CVE-2025-52856 (An improper authentication vulnerability has been reported to
affect V ...)
NOT-FOR-US: QNAP
CVE-2025-4644 (A Session Fixation vulnerability existed in Payload's SQLite
adapter d ...)
- TODO: check
+ NOT-FOR-US: Payload
CVE-2025-4643 (Payload uses JSON Web Tokens (JWT) for authentication. After
log out J ...)
- TODO: check
+ NOT-FOR-US: Payload
CVE-2025-47909 (Hosts listed in TrustedOrigins implicitly allow requests from
the corr ...)
TODO: check
CVE-2025-44033 (SQL injection vulnerability in oa_system oasys v.1.1 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: oa_system oasys
CVE-2025-44015 (A command injection vulnerability has been reported to affect
HybridDe ...)
NOT-FOR-US: QNAP
CVE-2025-43773 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q2.0, 20 ...)
NOT-FOR-US: Liferay
CVE-2025-40709 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0
from the ...)
- TODO: check
+ NOT-FOR-US: OpenAtlas
CVE-2025-40708 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0
from the ...)
- TODO: check
+ NOT-FOR-US: OpenAtlas
CVE-2025-40707 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0
from the ...)
- TODO: check
+ NOT-FOR-US: OpenAtlas
CVE-2025-40706 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0
from the ...)
- TODO: check
+ NOT-FOR-US: OpenAtlas
CVE-2025-40705 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0
from the ...)
- TODO: check
+ NOT-FOR-US: OpenAtlas
CVE-2025-40704 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0
from the ...)
- TODO: check
+ NOT-FOR-US: OpenAtlas
CVE-2025-40703 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0
from the ...)
- TODO: check
+ NOT-FOR-US: OpenAtlas
CVE-2025-40702 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0
from the ...)
- TODO: check
+ NOT-FOR-US: OpenAtlas
CVE-2025-33038 (A path traversal vulnerability has been reported to affect
Qsync Centr ...)
NOT-FOR-US: QNAP
CVE-2025-33037 (A path traversal vulnerability has been reported to affect
Qsync Centr ...)
@@ -202,9 +202,9 @@ CVE-2025-29874 (A NULL pointer dereference vulnerability
has been reported to af
CVE-2025-22483 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
NOT-FOR-US: QNAP
CVE-2024-46917 (Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does
not val ...)
- TODO: check
+ NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite
CVE-2024-46916 (Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06
contains fun ...)
- TODO: check
+ NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite
CVE-2024-46484 (TRENDnet TV-IP410 vA1.0R was discovered to contain an OS
command injec ...)
NOT-FOR-US: TRENDnet
CVE-2024-13342 (The Booster for WooCommerce plugin for WordPress is vulnerable
to arbi ...)
@@ -212,7 +212,7 @@ CVE-2024-13342 (The Booster for WooCommerce plugin for
WordPress is vulnerable t
CVE-2024-12923 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
NOT-FOR-US: QNAP
CVE-2023-41471 (Cross Site Scripting vulnerability in copyparty v.1.9.1 allows
a local ...)
- TODO: check
+ NOT-FOR-US: copyparty
CVE-2025-9639 (The QbiCRMGateway developed by Ai3 has an Arbitrary File
Reading vulne ...)
NOT-FOR-US: Ai3 QbiCRMGateway
CVE-2025-9619 (A security flaw has been discovered in E4 Sistemas Mercatus ERP
2.00.0 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d45f7448c9785f4ec65a91ef67b5c3f9a2fb1ff8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d45f7448c9785f4ec65a91ef67b5c3f9a2fb1ff8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
