Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
839615d8 by Salvatore Bonaccorso at 2025-09-29T22:31:55+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2025-57871 (There is a reflected cross site scripting
vulnerability in Esri
CVE-2025-57516 (OS Command injection vulnerability in PublicCMS
PublicCMS-V5.202506.a, ...)
TODO: check
CVE-2025-57483 (A reflected cross-site scripting (XSS) vulnerability in
tawk.to chatbo ...)
- TODO: check
+ NOT-FOR-US: tawk.to chatbox widget
CVE-2025-57428 (Default credentials in Italy Wireless Mini Router WIRELESS-N
300M v28K ...)
NOT-FOR-US: Italy Wireless Mini Router WIRELESS-N 300M
CVE-2025-57424 (A stored cross-site scripting (XSS) vulnerability exists in
the MyCour ...)
@@ -43,11 +43,11 @@ CVE-2025-56807 (A cross-site scripting (XSS) vulnerability
in FairSketch RISE Ul
CVE-2025-56795 (Mealie 3.0.1 and earlier is vulnerable to Cross-Site Scripting
(XSS) i ...)
TODO: check
CVE-2025-56764 (Trivision NC-227WF firmware 5.80 (build 20141010) login
mechanism reve ...)
- TODO: check
+ NOT-FOR-US: Trivision NC-227WF firmware
CVE-2025-56449 (A security vulnerability was identified in Obsidian
Scheduler's REST A ...)
- TODO: check
+ NOT-FOR-US: Obsidian
CVE-2025-56234 (AT_NA2000 from Nanda Automation Technology vendor has a
denial-of-serv ...)
- TODO: check
+ NOT-FOR-US: AT_NA2000
CVE-2025-56233 (Openindiana, kernel SunOS 5.11 has a denial of service
vulnerability. ...)
TODO: check
CVE-2025-55795 (The openml/openml.org web application version v2.0.20241110
uses incre ...)
@@ -57,11 +57,11 @@ CVE-2025-51495 (An integer overflow vulnerability exists in
the WebSocket compon
CVE-2025-43400 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2025-41252 (Description: VMware NSX contains a username enumeration
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-41251 (VMware NSX contains a weak password recovery mechanism
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-41250 (VMware vCenter contains an SMTP header injection
vulnerability.A malic ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2025-36352 (IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to
stored c ...)
NOT-FOR-US: IBM
CVE-2025-36351 (IBM License Metric Tool 9.2.0 through 9.2.40 could allow an
authenti ...)
@@ -69,17 +69,17 @@ CVE-2025-36351 (IBM License Metric Tool 9.2.0 through
9.2.40 could allow an au
CVE-2025-36099 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
a denial ...)
NOT-FOR-US: IBM
CVE-2025-35034 (Medical Informatics Engineering Enterprise Health has a
reflected cros ...)
- TODO: check
+ NOT-FOR-US: Medical Informatics Engineering Enterprise Health
CVE-2025-35033 (Medical Informatics Engineering Enterprise Health has a CSV
injection ...)
- TODO: check
+ NOT-FOR-US: Medical Informatics Engineering Enterprise Health
CVE-2025-35032 (Medical Informatics Engineering Enterprise Health allows
authenticated ...)
- TODO: check
+ NOT-FOR-US: Medical Informatics Engineering Enterprise Health
CVE-2025-35031 (Medical Informatics Engineering Enterprise Health includes the
user's ...)
- TODO: check
+ NOT-FOR-US: Medical Informatics Engineering Enterprise Health
CVE-2025-35030 (Medical Informatics Engineering Enterprise Health has a cross
site req ...)
- TODO: check
+ NOT-FOR-US: Medical Informatics Engineering Enterprise Health
CVE-2025-34196 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host
versions p ...)
- TODO: check
+ NOT-FOR-US: Vasion Print (formerly PrinterLogic)
CVE-2025-11155 (The credentials required to access the device's web server are
sent in ...)
TODO: check
CVE-2025-11150
@@ -89,21 +89,21 @@ CVE-2025-11147 (Reflected cross-site scripting (XSS) in
Apt-Cacher-NG v3.2.1. Th
CVE-2025-11146 (Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1.
The vuln ...)
TODO: check
CVE-2025-10346 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting
of a sto ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2025-10345 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting
of a sto ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2025-10344 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting
of a sto ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2025-10343 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting
of a sto ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2025-10342 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting
of a sto ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2025-10341 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting
of a sto ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2024-57412 (An issue in SunOS Omnios v5.11 allows attackers to cause a
Denial of S ...)
TODO: check
CVE-2024-13150 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: fayton.Pro ERP
CVE-2025-41246 (VMware Tools for Windows contains an improper
authorisationvulnerabili ...)
NOT-FOR-US: VMware Tools for Windows
CVE-2025-41245 (VMware Aria Operations contains an information disclosure
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/839615d8dfc8e6df00e7d84cce2f59afaa57fb35
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/839615d8dfc8e6df00e7d84cce2f59afaa57fb35
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
