Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e27df84b by Salvatore Bonaccorso at 2025-09-10T22:24:59+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,9 +17,9 @@ CVE-2025-9367 (The Welcart e-Commerce plugin for WordPress is
vulnerable to Stor
CVE-2025-8778 (The NitroPack plugin for WordPress is vulnerable to
unauthorized modif ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8696 (If an unauthenticated user sends a large amount of data to the
Stork U ...)
- TODO: check
+ NOT-FOR-US: Stork UI
CVE-2025-8681 (Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by
a Stor ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-8388 (The PowerPack Elementor Addons (Free Widgets, Extensions and
Templates ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7843 (The Auto Save Remote Images (Drafts) plugin for WordPress is
vulnerabl ...)
@@ -35,45 +35,45 @@ CVE-2025-7049 (The WPGYM - Wordpress Gym Management System
plugin for WordPress
CVE-2025-6189 (The Duplicate Page and Post plugin for WordPress is vulnerable
to time ...)
NOT-FOR-US: WordPress plugin
CVE-2025-59049 (Mockoon provides way to design and run mock APIs. Prior to
version 9.2 ...)
- TODO: check
+ NOT-FOR-US: Mockoon
CVE-2025-59046 (The npm package `interactive-git-checkout` is an interactive
command-l ...)
TODO: check
CVE-2025-59045 (Stalwart is a mail and collaboration server. Starting in
version 0.12. ...)
TODO: check
CVE-2025-59044 (Himmelblau is an interoperability suite for Microsoft Azure
Entra ID a ...)
- TODO: check
+ NOT-FOR-US: Himmelblau
CVE-2025-59042 (PyInstaller bundles a Python application and all its
dependencies into ...)
TODO: check
CVE-2025-59041 (Claude Code is an agentic coding tool. At startup, Claude Code
execute ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2025-59039 (Prebid Universal Creative (PUC) is a JavaScript API to render
multiple ...)
- TODO: check
+ NOT-FOR-US: Prebid Universal Creative (PUC)
CVE-2025-59038 (Prebid.js is a free and open source library for publishers to
quickly ...)
- TODO: check
+ NOT-FOR-US: Prebid.js
CVE-2025-59037 (DuckDB is an analytical in-process SQL database management
system. On ...)
TODO: check
CVE-2025-59036 (Infrahub offers a central hub to manage data, templates, and
playbooks ...)
- TODO: check
+ NOT-FOR-US: Infrahub
CVE-2025-59035 (Indico is an event management system that uses
Flask-Multipass, a mult ...)
- TODO: check
+ NOT-FOR-US: Indico
CVE-2025-59034 (Indico is an event management system that uses
Flask-Multipass, a mult ...)
- TODO: check
+ NOT-FOR-US: Indico
CVE-2025-58768 (DeepChat is a smart assistant uses artificial intelligence.
Prior to v ...)
- TODO: check
+ NOT-FOR-US: DeepChat
CVE-2025-58765 (wabac.js provides a full web archive replay system, or
'wayback machin ...)
TODO: check
CVE-2025-58764 (Claude Code is an agentic coding tool. Due to an error in
command pars ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2025-58763 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
- TODO: check
+ NOT-FOR-US: Tautulli
CVE-2025-58750 (rAthena is an open-source cross-platform massively multiplayer
online ...)
- TODO: check
+ NOT-FOR-US: rAthena
CVE-2025-58462 (OPEXUS FOIAXpress Public Access Link (PAL) before version
11.13.1.0 al ...)
- TODO: check
+ NOT-FOR-US: OPEXUS FOIAXpress
CVE-2025-58448 (rAthena is an open-source cross-platform massively multiplayer
online ...)
- TODO: check
+ NOT-FOR-US: rAthena
CVE-2025-58447 (rAthena is an open-source cross-platform massively multiplayer
online ...)
- TODO: check
+ NOT-FOR-US: rAthena
CVE-2025-58135 (Improper action enforcement in certain Zoom Workplace Clients
for Wind ...)
NOT-FOR-US: Zoom
CVE-2025-58134 (Incorrect authorization in certain Zoom Workplace Clients for
Windows ...)
@@ -81,7 +81,7 @@ CVE-2025-58134 (Incorrect authorization in certain Zoom
Workplace Clients for Wi
CVE-2025-58131 (Race condition in the Zoom Workplace VDI Plugin macOS
Universal instal ...)
NOT-FOR-US: Zoom
CVE-2025-57642 (A Shell Upload vulnerability in Tourism Management System 2.0
allows a ...)
- TODO: check
+ NOT-FOR-US: Tourism Management System
CVE-2025-57633 (A command injection vulnerability in FTP-Flask-python through
5173b68 ...)
TODO: check
CVE-2025-57573 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer
Overflow ...)
@@ -95,9 +95,9 @@ CVE-2025-57570 (Tenda F3 V12.01.01.48_multi and after is
vulnerable to Buffer Ov
CVE-2025-57569 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer
Overflow ...)
NOT-FOR-US: Tenda
CVE-2025-57520 (A Cross Site Scripting (XSS) vulnerability exists in Decap CMS
thru 3. ...)
- TODO: check
+ NOT-FOR-US: Decap CMS
CVE-2025-57392 (BenimPOS Masaustu 3.0.x is affected by insecure file
permissions. The ...)
- TODO: check
+ NOT-FOR-US: BenimPOS Masaustu
CVE-2025-56578 (An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to
obtain sensi ...)
TODO: check
CVE-2025-56466 (Hardcoded credentials in Dietly v1.25.0 for android allows
attackers t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27df84b29b11cc10b10e3fc0b1fd28c101f6367
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27df84b29b11cc10b10e3fc0b1fd28c101f6367
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
