Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
77b5c4f2 by Salvatore Bonaccorso at 2025-09-18T22:29:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,29 +3,29 @@ CVE-2025-9992 (The Ghost Kit \u2013 Page Builder Blocks,
Motion Effects & Extens
CVE-2025-8565 (The Privacy Policy Generator, Terms & Conditions Generator
WordPress P ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6237 (A vulnerability in invokeai version v6.0.0a1 and below allows
attacker ...)
- TODO: check
+ NOT-FOR-US: invokeai
CVE-2025-59424 (LinkAce is a self-hosted archive to collect website links.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: LinkAce
CVE-2025-59421 (Press, a Frappe custom app that runs Frappe Cloud, manages
infrastruct ...)
- TODO: check
+ NOT-FOR-US: Frappe Press
CVE-2025-59417 (Lobe Chat is an open-source artificial intelligence chat
framework. Pr ...)
- TODO: check
+ NOT-FOR-US: Lobe Chat
CVE-2025-59040 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-57452 (In realme BackupRestore app v15.1.12_2810c08_250314, improper
URI sche ...)
- TODO: check
+ NOT-FOR-US: realme BackupRestore app
CVE-2025-55912 (An issue in ClipBucket 5.5.0 and prior versions allows an
unauthentica ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-55911 (An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-50255 (Cross Site Request Forgery (CSRF) vulnerability in Smartvista
BackOffi ...)
- TODO: check
+ NOT-FOR-US: Smartvista BackOffice SmartVista Suite
CVE-2025-4444 (A security flaw has been discovered in Tor up to
0.4.7.16/0.4.8.17. Im ...)
TODO: check
CVE-2025-40678 (Unrestricted upload vulnerability for dangerous file types on
Summar S ...)
- TODO: check
+ NOT-FOR-US: Summar Software Employee Portal
CVE-2025-40677 (SQL injection vulnerability in Summar Software\xb4s Portal del
Emplead ...)
- TODO: check
+ NOT-FOR-US: Summar Software Employee Portal
CVE-2025-36146 (IBM Lakehouse (watsonx.data 2.2) could allow an authenticated
user to ...)
NOT-FOR-US: IBM
CVE-2025-36143 (IBM Lakehouse (watsonx.data 2.2) could allow an authenticated
privileg ...)
@@ -39,49 +39,49 @@ CVE-2025-10688 (A vulnerability was determined in
SourceCodester Pet Grooming Ma
CVE-2025-10687 (A vulnerability was found in SourceCodester Responsive
E-Learning Syst ...)
NOT-FOR-US: SourceCodester
CVE-2025-10676 (A weakness has been identified in fuyang_lipengjun platform
1.0. Affec ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10675 (A security flaw has been discovered in fuyang_lipengjun
platform 1.0. ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10674 (A vulnerability was identified in fuyang_lipengjun platform
1.0. This ...)
- TODO: check
+ NOT-FOR-US: fuyang_lipengjun platform
CVE-2025-10673 (A vulnerability was determined in itsourcecode Student
Information Man ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10672 (A vulnerability was found in whuan132 AIBattery up to 1.0.9.
The affec ...)
- TODO: check
+ NOT-FOR-US: whuan132 AIBattery
CVE-2025-10671 (A vulnerability has been found in youth-is-as-pale-as-poetry
e-learnin ...)
- TODO: check
+ NOT-FOR-US: youth-is-as-pale-as-poetry e-learning
CVE-2025-10670 (A flaw has been found in itsourcecode E-Logbook with Health
Monitoring ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10669 (A vulnerability was detected in Airsonic-Advanced up to
10.6.0. This v ...)
- TODO: check
+ NOT-FOR-US: Airsonic-Advanced
CVE-2025-10668 (A security vulnerability has been detected in itsourcecode
Online Disc ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Discussion Forum
CVE-2025-10667 (A weakness has been identified in itsourcecode Online
Discussion Forum ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Discussion Forum
CVE-2025-10666 (A security flaw has been discovered in D-Link DIR-825 up to
2.10. Affe ...)
NOT-FOR-US: D-Link
CVE-2025-10665 (A vulnerability was identified in kidaze CourseSelectionSystem
up to 4 ...)
- TODO: check
+ NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2025-10664 (A vulnerability was determined in PHPGurukul Small CRM 4.0.
This impac ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10663 (A vulnerability was found in PHPGurukul Online Course
Registration 3.1 ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10662 (A vulnerability has been found in SeaCMS up to 13.3. The
impacted elem ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-10650 (SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add
user SSH k ...)
- TODO: check
+ NOT-FOR-US: SoftIron HyperCloud
CVE-2025-10207 (Improper Validation of Specified Type of Input vulnerability
in ABB FL ...)
NOT-FOR-US: ABB group
CVE-2025-0547 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Parasut Software
CVE-2024-48851 (Improper Validation of Specified Type of Input vulnerability
in ABB FL ...)
NOT-FOR-US: ABB group
CVE-2024-25011 (Ericsson Catalog Manager and Ericsson Order Care APIs do not
have auth ...)
NOT-FOR-US: Ericsson
CVE-2024-13151 (Authorization Bypass Through User-Controlled SQL Primary Key,
CWE - 89 ...)
- TODO: check
+ NOT-FOR-US: Diva
CVE-2023-49367 (An issue in user interface in Kyocera Command Center RX EXOSYS
M5521cd ...)
- TODO: check
+ NOT-FOR-US: Kyocera Command Center RX EXOSYS M5521cdn
CVE-2023-53447 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.4.11-1
NOTE:
https://git.kernel.org/linus/458c15dfbce62c35fefd9ca637b20a051309c9f1 (6.5-rc1)
@@ -660,7 +660,7 @@ CVE-2025-7977 (Ashlar-Vellum Cobalt LI File Parsing
Out-Of-Bounds Read Remote Co
CVE-2025-5305 (The Password Reset with Code for WordPress REST API WordPress
plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2025-59415 (Frappe Learning is a learning system that helps users
structure their ...)
- TODO: check
+ NOT-FOR-US: Frappe Learning
CVE-2025-23337 (NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability
in the HG ...)
TODO: check
CVE-2025-23336 (NVIDIA Triton Inference Server for Windows and Linux contains
a vulner ...)
@@ -674,11 +674,11 @@ CVE-2025-23316 (NVIDIA Triton Inference Server for
Windows and Linux contains a
CVE-2025-23268 (NVIDIA Triton Inference Server contains a vulnerability in the
DALI ba ...)
NOT-FOR-US: NVIDIA
CVE-2025-10644 (Wondershare Repairit SAS Token Incorrect Permission Assignment
Authent ...)
- TODO: check
+ NOT-FOR-US: Wondershare Repairit SAS Token Incorrect Permission
Assignment
CVE-2025-10643 (Wondershare Repairit Incorrect Permission Assignment
Authentication By ...)
- TODO: check
+ NOT-FOR-US: Wondershare Repairit Incorrect Permission Assignment
CVE-2025-10642 (A vulnerability has been found in wangchenyi1996 chat_forum up
to 80bd ...)
- TODO: check
+ NOT-FOR-US: wangchenyi1996 chat_forum
CVE-2025-10634 (A weakness has been identified in D-Link DIR-823X
240126/240802/250416 ...)
NOT-FOR-US: D-Link
CVE-2025-10632 (A security flaw has been discovered in itsourcecode Online
Petshop Man ...)
@@ -704,13 +704,13 @@ CVE-2025-10621 (A vulnerability was determined in
SourceCodester Hotel Reservati
CVE-2025-10620 (A flaw has been found in itsourcecode Online Clinic Management
System ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10619 (A vulnerability was detected in sequa-ai sequa-mcp up to
1.0.13. This ...)
- TODO: check
+ NOT-FOR-US: sequa-ai sequa-mcp
CVE-2025-10618 (A security vulnerability has been detected in itsourcecode
Online Clin ...)
NOT-FOR-US: itsourcecode System
CVE-2025-10617 (A weakness has been identified in SourceCodester Online
Polling System ...)
NOT-FOR-US: SourceCodester
CVE-2025-10616 (A security flaw has been discovered in itsourcecode E-Commerce
Website ...)
- TODO: check
+ NOT-FOR-US: itsourcecode E-Commerce Website
CVE-2025-10493 (The Chained Quiz plugin for WordPress is vulnerable to
Insecure Direct ...)
NOT-FOR-US: WordPress plugin
CVE-2023-49565 (The cbis_manager Podman container is vulnerable to remote
command exec ...)
@@ -772,7 +772,7 @@ CVE-2025-59342 (esm.sh is a nobuild content delivery
network(CDN) for modern web
CVE-2025-59341 (esm.sh is a nobuild content delivery network(CDN) for modern
web devel ...)
NOT-FOR-US: esm.sh
CVE-2025-59340 (jinjava is a Java-based template engine based on django
template synta ...)
- TODO: check
+ NOT-FOR-US: Jinjava
CVE-2025-59339 (The Bastion provides authentication, authorization,
traceability and a ...)
NOT-FOR-US: Bastion
CVE-2025-59304 (A directory traversal issue in Swetrix Web Analytics API 3.1.1
before ...)
@@ -872,7 +872,7 @@ CVE-2025-10205 (Use of a One-Way Hash with a Predictable
Salt vulnerability in A
CVE-2025-10157 (A Protection Mechanism Failure vulnerability in mmaitre314
picklescan ...)
NOT-FOR-US: mmaitre314 picklescan
CVE-2025-10156 (An Improper Handling of Exceptional Conditions vulnerability
in the ZI ...)
- TODO: check
+ NOT-FOR-US: mmaitre314 picklescan
CVE-2025-10155 (An Improper Input Validation vulnerability in the scanning
logic of mm ...)
NOT-FOR-US: mmaitre314 picklescan
CVE-2025-0879 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -1715,7 +1715,7 @@ CVE-2009-20007 (Talkative IRC v0.4.4.16 is vulnerable to
a stack-based buffer ov
CVE-2009-20006 (osCommerce versions up to and including 2.2 RC2a contain a
vulnerabili ...)
NOT-FOR-US: osCommerce
CVE-2009-20005 (A stack-based buffer overflow exists in the UtilConfigHome.csp
endpoin ...)
- TODO: check
+ NOT-FOR-US: InterSystems Cache
CVE-2023-53334 (In the Linux kernel, the following vulnerability has been
resolved: U ...)
- linux 6.1.20-1
NOTE:
https://git.kernel.org/linus/ff35f3ea3baba5b81416ac02d005cfbf6dd182fa (6.3-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77b5c4f249717bfaac90cb1059c21a8887d7f7f9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77b5c4f249717bfaac90cb1059c21a8887d7f7f9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
