Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0d8b39f2 by Salvatore Bonaccorso at 2025-09-11T22:29:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,9 +13,9 @@ CVE-2025-8557 (An internal product security audit of Lenovo
XClarity Orchestrato
CVE-2025-8061 (A potential insufficient access control vulnerability was
reported in ...)
NOT-FOR-US: Lenovo
CVE-2025-59055 (InstantCMS is a free and open source content management
system. A blin ...)
- TODO: check
+ NOT-FOR-US: InstantCMS
CVE-2025-59053 (AIRI is a self-hosted, artificial intelligence based Grok
Companion. I ...)
- TODO: check
+ NOT-FOR-US: AIRI
CVE-2025-59047 (matrix-sdk-base is the base component to build a Matrix client
library ...)
TODO: check
CVE-2025-58321 (Delta Electronics DIALink has an Directory Traversal
Authentication By ...)
@@ -25,7 +25,7 @@ CVE-2025-58320 (Delta Electronics DIALink has an Directory
Traversal Authenticat
CVE-2025-58065 (Flask-AppBuilder is an application development framework.
Prior to ver ...)
TODO: check
CVE-2025-56556 (An issue was discovered in Subrion CMS 4.2.1, allowing
authenticated a ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2025-48041 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
TODO: check
CVE-2025-48040 (Uncontrolled Resource Consumption vulnerability in Erlang OTP
ssh (ssh ...)
@@ -57,23 +57,23 @@ CVE-2025-40689 (SQL Injection in Online Fire Reporting
System v1.2 by PHPGurukul
CVE-2025-40687 (SQL Injection in Online Fire Reporting System v1.2 by
PHPGurukul. This ...)
NOT-FOR-US: PHPGurukul
CVE-2025-26499 (Under heavy system utilization a random race condition can
occur durin ...)
- TODO: check
+ NOT-FOR-US: Wind River Studio Developer
CVE-2025-10255 (A vulnerability was determined in Ascensio System SIA
OnlyOffice up to ...)
- TODO: check
+ NOT-FOR-US: Ascensio System SIA OnlyOffice
CVE-2025-10254 (A vulnerability was found in Ascensio System SIA OnlyOffice up
to 12.7 ...)
- TODO: check
+ NOT-FOR-US: Ascensio System SIA OnlyOffice
CVE-2025-10253 (A vulnerability has been found in openDCIM 23.04. This
vulnerability a ...)
- TODO: check
+ NOT-FOR-US: openDCIM
CVE-2025-10252 (A flaw has been found in SEAT Queue Ticket Kiosk up to
20250827. This ...)
- TODO: check
+ NOT-FOR-US: SEAT Queue Ticket Kiosk
CVE-2025-10251 (A vulnerability was detected in FoxCMS up to 1.24. Affected by
this is ...)
- TODO: check
+ NOT-FOR-US: FoxCMS
CVE-2025-10250 (A weakness has been identified in DJI Mavic Spark, Mavic Air
and Mavic ...)
- TODO: check
+ NOT-FOR-US: Mavic
CVE-2025-10193 (DNS rebinding vulnerability in Neo4j Cypher MCP server allows
maliciou ...)
TODO: check
CVE-2025-10127 (Daikin Security Gateway is vulnerable to an authorization
bypass throu ...)
- TODO: check
+ NOT-FOR-US: Daikin Security Gateway
CVE-2025-39791 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.16.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -474,7 +474,7 @@ CVE-2025-59045 (Stalwart is a mail and collaboration
server. Starting in version
CVE-2025-59044 (Himmelblau is an interoperability suite for Microsoft Azure
Entra ID a ...)
NOT-FOR-US: Himmelblau
CVE-2025-59042 (PyInstaller bundles a Python application and all its
dependencies into ...)
- TODO: check
+ NOT-FOR-US: PyInstaller
CVE-2025-59041 (Claude Code is an agentic coding tool. At startup, Claude Code
execute ...)
NOT-FOR-US: Claude Code
CVE-2025-59039 (Prebid Universal Creative (PUC) is a JavaScript API to render
multiple ...)
@@ -514,7 +514,7 @@ CVE-2025-58131 (Race condition in the Zoom Workplace VDI
Plugin macOS Universal
CVE-2025-57642 (A Shell Upload vulnerability in Tourism Management System 2.0
allows a ...)
NOT-FOR-US: Tourism Management System
CVE-2025-57633 (A command injection vulnerability in FTP-Flask-python through
5173b68 ...)
- TODO: check
+ NOT-FOR-US: FTP-Flask-python
CVE-2025-57573 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer
Overflow ...)
NOT-FOR-US: Tenda
CVE-2025-57572 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer
Overflow ...)
@@ -532,9 +532,9 @@ CVE-2025-57392 (BenimPOS Masaustu 3.0.x is affected by
insecure file permissions
CVE-2025-56578 (An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to
obtain sensi ...)
NOT-FOR-US: RTSPtoWeb (not the python client library for RTSPtoWeb and
RTSPtoWebRTC)
CVE-2025-56466 (Hardcoded credentials in Dietly v1.25.0 for android allows
attackers t ...)
- TODO: check
+ NOT-FOR-US: Dietly Android app
CVE-2025-56413 (OS Command injection vulnerability in function OperateSSH in
1panel 2. ...)
- TODO: check
+ NOT-FOR-US: 1panel
CVE-2025-56407 (A vulnerability has been found in HuangDou UTCMS V9 and
classified as ...)
NOT-FOR-US: HuangDou UTCMS
CVE-2025-56406 (An issue was discovered in mcp-neo4j 0.3.0 allowing attackers
to gain ...)
@@ -610,7 +610,7 @@ CVE-2025-43491 (A vulnerability in the Poly Lens Desktop
application running on
CVE-2025-41714 (The upload endpoint insufficiently validates the 'Upload-Key'
request ...)
NOT-FOR-US: SmartEMS Web Application
CVE-2025-40979 (DLL search order hijacking vulnerability in the wave.exe
executable fo ...)
- TODO: check
+ NOT-FOR-US: Wave
CVE-2025-40725 (Reflected Cross-Site Scripting (XSS) vulnerability in Azon
Dominator. ...)
NOT-FOR-US: Azon Dominator
CVE-2025-36759 (Through the provision of user names, SolaX Cloud will suggest
(similar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d8b39f26ba699ee1d8885ed47b9f613d69d5446
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d8b39f26ba699ee1d8885ed47b9f613d69d5446
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
