Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d79bdfb7 by Salvatore Bonaccorso at 2025-09-06T09:23:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -254,9 +254,9 @@ CVE-2025-48103 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-48102 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-35452 (PTZOptics and possibly other ValueHD-based pan-tilt-zoom
cameras use d ...)
- TODO: check
+ NOT-FOR-US: Various pan-tilt-zoom cameras
CVE-2025-35451 (PTZOptics and possibly other ValueHD-based pan-tilt-zoom
cameras use h ...)
- TODO: check
+ NOT-FOR-US: Various pan-tilt-zoom cameras
CVE-2025-32320 (In System UI, there is a possible way to view other users'
images due ...)
NOT-FOR-US: Android
CVE-2025-32318 (In Skia, there is a possible out of bounds write due to a heap
buffer ...)
@@ -266,11 +266,11 @@ CVE-2025-32317 (In App Widget, there is a possible
Information Disclosure due to
CVE-2025-32316 (In gralloc4, there is a possible out of bounds write due to a
missing ...)
NOT-FOR-US: Android
CVE-2025-30200 (ECOVACS robot vacuums and base stations communicate via an
insecure Wi ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot vacuums and base stations
CVE-2025-30199 (ECOVACS vacuum robot base stations do not validate firmware
updates, s ...)
- TODO: check
+ NOT-FOR-US: ECOVACS vacuum robot base stations
CVE-2025-30198 (ECOVACS robot vacuums and base stations communicate via an
insecure Wi ...)
- TODO: check
+ NOT-FOR-US: ECOVACS robot vacuums and base stations
CVE-2025-27003 (Cross-Site Request Forgery (CSRF) vulnerability in fullworks
Quick Pay ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26461 (In Permission Manager, there is a possible way for the
microphone priv ...)
@@ -289,7 +289,7 @@ CVE-2025-10026 (A vulnerability was found in itsourcecode
POS Point of Sale Syst
CVE-2025-10025 (A vulnerability has been found in PHPGurukul Online Course
Registratio ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10014 (A flaw has been found in elunez eladmin up to 2.7. This
impacts the fu ...)
- TODO: check
+ NOT-FOR-US: elunez eladmin
CVE-2025-10013 (A vulnerability was detected in Portabilis i-Educar up to
2.10. This a ...)
NOT-FOR-US: Portabilis
CVE-2025-10012 (A security vulnerability has been detected in Portabilis
i-Educar up t ...)
@@ -556,9 +556,9 @@ CVE-2025-58401 (Obsidian GitHub Copilot Plugin versions
prior to 1.1.7 store Git
CVE-2025-58400 (RATOC RAID Monitoring Manager for Windows provided by RATOC
Systems, I ...)
NOT-FOR-US: RATOC RAID Monitoring Manager for Windows
CVE-2025-58362 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2025-58359 (ZF FROST is a Rust implementation of FROST (Flexible
Round-Optimised S ...)
- TODO: check
+ NOT-FOR-US: ZF FROST
CVE-2025-58352 (Weblate is a web based localization tool. Versions lower than
5.13.1 c ...)
TODO: check
CVE-2025-58313 (Race condition vulnerability in the device standby module.
Impact: Suc ...)
@@ -572,33 +572,33 @@ CVE-2025-58280 (Vulnerability of exposing object heap
addresses in the Ark eTS m
CVE-2025-58276 (Permission verification vulnerability in the home screen
module Impact ...)
NOT-FOR-US: Huawei
CVE-2025-58179 (Astro is a web framework for content-driven websites. Versions
11.0.3 ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2025-55739 (api is a module for FreePBX@, which is an open source GUI that
control ...)
- TODO: check
+ NOT-FOR-US: api module for FreePBX
CVE-2025-55671 (Uncontrolled search path element issue exists in TkEasyGUI
versions pr ...)
- TODO: check
+ NOT-FOR-US: TkEasyGUI
CVE-2025-55305 (Electron is a framework for writing cross-platform desktop
application ...)
TODO: check
CVE-2025-55244 (Azure Bot Service Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55242 (Exposure of sensitive information to an unauthorized actor in
Xbox all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55241 (Azure Entra Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55238 (Dynamics 365 FastTrack Implementation Assets Information
Disclosure Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55209 (contactmanager is a module for FreePBX@, which is an open
source GUI t ...)
- TODO: check
+ NOT-FOR-US: contactmanager module for FreePBX
CVE-2025-55190 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2025-55037 (Improper neutralization of special elements used in an OS
command ('OS ...)
- TODO: check
+ NOT-FOR-US: TkEasyGUI
CVE-2025-54914 (Azure Networking Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-48395 (An attacker with authenticated and privileged access could
modify the ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2025-41408 (Improper authorization in handler for custom URL scheme issue
in "Yaho ...)
- TODO: check
+ NOT-FOR-US: "Yahoo! Shopping" App for Android
CVE-2025-9636 (pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy
(COOP) vul ...)
- pgadmin4 <itp> (bug #834129)
CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site
Request For ...)
@@ -1518,7 +1518,7 @@ CVE-2024-13064 (Improper Neutralization of Input During
Web Page Generation (XSS
CVE-2024-13063 (Authorization Bypass Through User-Controlled Key vulnerability
in Akin ...)
NOT-FOR-US: Akinsoft
CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: mikecao/flight
CVE-2025-57833 (An issue was discovered in Django 4.2 before 4.2.24, 5.1
before 5.1.12 ...)
- python-django 3:4.2.24-1 (bug #1113865)
NOTE:
https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
@@ -1793,17 +1793,17 @@ CVE-2025-57775 (There is a heap-based Buffer Overflow
vulnerability due to impro
CVE-2025-57774 (There is an out of bounds write vulnerability due to improper
bounds c ...)
NOT-FOR-US: National Instruments
CVE-2025-57616 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) A u ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57615 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) An ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57614 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) Int ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57613 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) A n ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57612 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) Nul ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57611 (An issue was discovered in rust-ffmpeg 0.3.0 (after comit
5ac0527) Nul ...)
- TODO: check
+ NOT-FOR-US: rust-ffmpeg
CVE-2025-57140 (rsbi-pom 4.7 is vulnerable to SQL Injection in the
/bi/service/model/D ...)
NOT-FOR-US: rsbi-pom
CVE-2025-56254 (PHPGurukul Employee Leave Management System 2.1 contains an
Insecure D ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d79bdfb7e1f65870b73cea66195ce31a05993683
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d79bdfb7e1f65870b73cea66195ce31a05993683
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
