Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d773863 by Salvatore Bonaccorso at 2025-09-03T09:02:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2025-6685 (ATEN eco DC Missing Authorization Privilege
Escalation Vulnerabil
CVE-2025-6519 (E3 Site Supervisor (firmware version < 2.31F01) has a default
admin us ...)
NOT-FOR-US: E3 Site Supervisor
CVE-2025-5662 (A deserialization vulnerability exists in the H2O-3 REST API
(POST /99 ...)
- TODO: check
+ NOT-FOR-US: h2oai/h2o-3
CVE-2025-57778 (There is an out of bounds write vulnerability due to improper
bounds c ...)
NOT-FOR-US: National Instruments
CVE-2025-57777 (There is an out of bounds write vulnerability due to improper
bounds c ...)
@@ -73,43 +73,43 @@ CVE-2025-57612 (An issue was discovered in rust-ffmpeg
0.3.0 (after comit 5ac052
CVE-2025-57611 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) Nul ...)
TODO: check
CVE-2025-57140 (rsbi-pom 4.7 is vulnerable to SQL Injection in the
/bi/service/model/D ...)
- TODO: check
+ NOT-FOR-US: rsbi-pom
CVE-2025-56254 (PHPGurukul Employee Leave Management System 2.1 contains an
Insecure D ...)
NOT-FOR-US: PHPGurukul
CVE-2025-55824 (ModStartCMS v9.5.0 has an arbitrary file write vulnerability,
which al ...)
- TODO: check
+ NOT-FOR-US: ModStartCMS
CVE-2025-55476 (FireShare FileShare 1.2.25 contains a time-based blind SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: FireShare
CVE-2025-55474 (Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS),
which a ...)
- TODO: check
+ NOT-FOR-US: Many Notes
CVE-2025-55473 (Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker
version ...)
- TODO: check
+ NOT-FOR-US: Asian Arts Talents Foundation (AATF) Website
CVE-2025-55472 (SQL Injection vulnerability exists in Tirreno v0.9.5,
specifically in ...)
- TODO: check
+ NOT-FOR-US: Tirreno
CVE-2025-55373 (Incorrect access control in Beakon Application before v5.4.3
allows au ...)
- TODO: check
+ NOT-FOR-US: Beakon Application
CVE-2025-55372 (An arbitrary file upload vulnerability in Beakon Application
before v5 ...)
- TODO: check
+ NOT-FOR-US: Beakon Application
CVE-2025-54599 (The Bevy Event service through 2025-07-22, as used for eBay
Seller Eve ...)
- TODO: check
+ NOT-FOR-US: Bevy Event service
CVE-2025-52551 (E2 Facility Management Systems use a proprietary protocol that
allows ...)
- TODO: check
+ NOT-FOR-US: E2 Facility Management Systems
CVE-2025-52550 (E3 Site Supervisor Control (firmware version < 2.31F01)
firmware upgra ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52549 (E3 Site Supervisor Control (firmware version < 2.31F01)
generates the ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52548 (E3 Site Supervisor Control (firmware version < 2.31F01)
contains a hid ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52547 (E3 Site Supervisor Control (firmware version < 2.31F01) MGW
contains a ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52546 (E3 Site Supervisor Control (firmware version < 2.31F01) has a
floor pl ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52545 (E3 Site Supervisor Control (firmware version < 2.31F01) RCI
service co ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52544 (E3 Site Supervisor Control (firmware version < 2.31F01) has a
floor pl ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-52543 (E3 Site Supervisor Control (firmware version < 2.31F01)
application se ...)
- TODO: check
+ NOT-FOR-US: E3 Site Supervisor Control
CVE-2025-51966 (A cross-site scripting (XSS) vulnerability exists in the PDF
preview f ...)
TODO: check
CVE-2025-50757 (Wavlink WN535K3 20191010 was found to contain a command
injection vuln ...)
@@ -117,47 +117,47 @@ CVE-2025-50757 (Wavlink WN535K3 20191010 was found to
contain a command injectio
CVE-2025-50755 (Wavlink WN535K3 20191010 was found to contain a command
injection vuln ...)
NOT-FOR-US: Wavlink
CVE-2025-50565 (Doubo ERP 1.0 has an SQL injection vulnerability due to a lack
of filt ...)
- TODO: check
+ NOT-FOR-US: Doubo ERP
CVE-2025-46810 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
packagin ...)
TODO: check
CVE-2025-46047 (A User enumeration vulnerability in the
/CredentialsServlet/ForgotPass ...)
- TODO: check
+ NOT-FOR-US: Silverpeas
CVE-2025-43726 (Dell Alienware Command Center 5.x (AWCC), versions prior to
5.10.2.0, ...)
NOT-FOR-US: Dell / EMC
CVE-2025-41690 (A low-privileged attacker in bluetooth range may be able to
access the ...)
- TODO: check
+ NOT-FOR-US: Promag
CVE-2025-41031 (Lack of authorisation in Deporsite by T-INNOVA. This
vulnerability all ...)
- TODO: check
+ NOT-FOR-US: Deporsite
CVE-2025-41030 (Lack of authorisation in Deporsite by T-INNOVA. This
vulnerability all ...)
- TODO: check
+ NOT-FOR-US: Deporsite
CVE-2025-36162 (IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before
8.1.2.2 coul ...)
NOT-FOR-US: IBM
CVE-2025-32100 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-32098 (An issue was discovered in Samsung Magician 6.3 through 8.3 on
Windows ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-2414 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Akinsoft OctoCloud
CVE-2025-2413 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2025-0670 (Authorization Bypass Through User-Controlled Key vulnerability
in Akin ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2025-0640 (Authorization Bypass Through User-Controlled Key vulnerability
in Akin ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2024-58259 (A vulnerability has been identified within Rancher Manager in
which it ...)
TODO: check
CVE-2024-52284 (Unauthorized disclosure of sensitive data: Any user with `GET`
or `LIS ...)
TODO: check
CVE-2024-51423 (Cross Site Scripting vulnerability in Infor Global HR GHR
v.11.23.03.0 ...)
- TODO: check
+ NOT-FOR-US: Infor Global HR GHR
CVE-2024-48705 (Wavlink AC1200 with firmware versions M32A3_V1410_230602 and
M32A3_V14 ...)
NOT-FOR-US: Wavlink
CVE-2024-12974 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2024-12973 (Origin Validation Error vulnerability in Akinsoft OctoCloud
allows HTT ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2024-12972 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Akinsoft
CVE-2025-9815 (A weakness has been identified in alaneuler batteryKid up to
2.1 on ma ...)
NOT-FOR-US: alaneuler batteryKid
CVE-2025-9814 (A security flaw has been discovered in PHPGurukul Beauty
Parlour Manag ...)
@@ -215,7 +215,7 @@ CVE-2025-58161 (MobSF is a mobile application security
testing tool used. In ver
CVE-2025-57808 (ESPHome is a system to control microcontrollers remotely
through Home ...)
NOT-FOR-US: ESPHome
CVE-2025-44017 ("Gunosy" App contains a vulnerability where sensitive
information may ...)
- TODO: check
+ NOT-FOR-US: Gunosy App
CVE-2024-28988 (SolarWinds Web Help Desk was found to be susceptible to a Java
Deseria ...)
NOT-FOR-US: SolarWinds
CVE-2025-9810 (TOCTOU in linenoiseHistorySavein linenoiseallows local
attackers to ov ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d773863dd1acbe3ef21f6cafb6b9d38867edecf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d773863dd1acbe3ef21f6cafb6b9d38867edecf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
