Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a66b2286 by security tracker role at 2025-09-15T20:14:03+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-9826 (Stored cross-site scripting vulnerability in M-Files Hubshare
before v ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2025-9084 (Mattermost versions 10.5.x <= 10.5.9 fail to properly validate
redirec ...)
TODO: check
CVE-2025-9078 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x
<= 9.11 ...)
@@ -31,27 +31,27 @@ CVE-2025-59359 (The cleanTcs mutation in Chaos Controller
Manager is vulnerable
CVE-2025-59358 (The Chaos Controller Manager in Chaos Mesh exposes a GraphQL
debugging ...)
TODO: check
CVE-2025-59331 (is-arrayish checks if an object can be used like an Array. On
8 Septem ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-59330 (error-ex allows error subclassing and stack customization. On
8 Septem ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-59328 (A vulnerability in Apache Fory allows a remote attacker to
cause a Den ...)
TODO: check
CVE-2025-59162 (color-convert provides plain color conversion functions in
JavaScript. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-59155 (hackmd-mcp is a Model Context Protocol server for integrating
HackMD's ...)
TODO: check
CVE-2025-59154 (Openfire is an XMPP server licensed under the Open Source
Apache Licen ...)
TODO: check
CVE-2025-59144 (debug is a JavaScript debugging utility. On 8 September 2025,
the npm ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-59143 (color is a Javascript color conversion and manipulation
library. On 8 ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-59142 (color-string is a parser and generator for CSS color strings.
On 8 Sep ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-59141 (simple-swizzle swizzles function arguments. On 8 September
2025, the n ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-59140 (backlash parses collected strings with escapes. On 8 September
2025, t ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-58748 (Dataease is an open source data analytics and visualization
platform. ...)
TODO: check
CVE-2025-58177 (n8n is an open source workflow automation platform. From
1.24.0 to bef ...)
@@ -71,7 +71,7 @@ CVE-2025-57174 (An issue was discovered in Siklu
Communications Etherhaul 8010TX
CVE-2025-57104 (Teampel 5.1.6 is vulnerable to SQL Injection in
/Common/login.aspx.)
TODO: check
CVE-2025-56710 (A Cross-Site Request Forgery (CSRF) vulnerability was
identified in th ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-56252 (Cross Site Scripting (xss) vulnerability in ServitiumCRM 2.10
allowing ...)
TODO: check
CVE-2025-55777
@@ -79,7 +79,7 @@ CVE-2025-55777
CVE-2025-52344 (Multiple Cross Site Scripting (XSS) vulnerabilities in input
fields in ...)
TODO: check
CVE-2025-52053 (TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a
command ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-52048 (In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in
the fun ...)
TODO: check
CVE-2025-50944 (An issue was discovered in the method
push.lite.avtech.com.MySSLSocket ...)
@@ -93,19 +93,19 @@ CVE-2025-46408 (An issue was discovered in the methods
push.lite.avtech.com.Avte
CVE-2025-45091 (Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are
vulnerable ...)
TODO: check
CVE-2025-43800 (Cross-site scripting (XSS) vulnerability in Objects in Liferay
Portal ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43794 (Stored cross-site scripting (XSS) vulnerability in Liferay
Portal 7.4. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43793 (Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported
versions ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43792 (Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and
older un ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43791 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay
Portal ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-3025 (Elevation of Privileges in the cleaning feature of Gen Digital
CCleane ...)
TODO: check
CVE-2025-36082 (IBM OpenPages 9.0 and 9.1 allows web page cache to be stored
locally w ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-10491 (The MongoDB Windows installation MSI may leave ACLs unset on
custom in ...)
TODO: check
CVE-2025-10475 (A weakness has been identified in SpyShelter up to
15.4.0.1015. Affect ...)
@@ -117,33 +117,33 @@ CVE-2025-10472 (A vulnerability has been found in
harry0703 MoneyPrinterTurbo up
CVE-2025-10471 (A vulnerability was detected in ZKEACMS 4.3. Impacted is the
function ...)
TODO: check
CVE-2025-10459 (A security flaw has been discovered in PHPGurukul Beauty
Parlour Manag ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-10448 (A flaw has been found in Campcodes Online Job Finder System
1.0. This ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-10447 (A vulnerability was detected in Campcodes Online Job Finder
System 1.0 ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-10446 (A security vulnerability has been detected in Campcodes
Computer Sales ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-10445 (A weakness has been identified in Campcodes Computer Sales and
Invento ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-10444 (A security flaw has been discovered in Campcodes Online Job
Finder Sys ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-10443 (A vulnerability was identified in Tenda AC9 and AC15
15.03.05.14/15.03 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-10442 (A vulnerability was determined in Tenda AC9 and AC15
15.03.05.14. This ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-10441 (A vulnerability was found in D-Link DI-8100G, DI-8200G and
DI-8003G 17 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-10440 (A vulnerability has been found in D-Link DI-8100, DI-8100G,
DI-8200, D ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-10436 (A weakness has been identified in Campcodes Computer Sales and
Invento ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-10435 (A security flaw has been discovered in Campcodes Computer
Sales and In ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-10434 (A vulnerability was identified in IbuyuCMS up to 2.6.3.
Impacted is an ...)
TODO: check
CVE-2025-10203 (Relative path traversal vulnerability due to improper input
validation ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2022-50338 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 5.5.13-1
NOTE:
https://git.kernel.org/linus/27a594bc7a7c8238d239e3cdbcf2edfa3bbe9a1b (5.4.224)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a66b22861bbf7dc099a9b8c3ece4343e2ac72781
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a66b22861bbf7dc099a9b8c3ece4343e2ac72781
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
