Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4499e86 by Salvatore Bonaccorso at 2025-09-30T19:20:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2025-61626
CVE-2025-61586 (FreshRSS is a free, self-hostable RSS aggregator. Versions
1.26.3 and ...)
- freshrss <itp> (bug #1032767)
CVE-2025-61584 (serverless-dns is a RethinkDNS resolver that deploys to
Cloudflare Wor ...)
- TODO: check
+ NOT-FOR-US: RethinkDNS resolver
CVE-2025-59956 (AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini,
Amp, an ...)
NOT-FOR-US: AgentAPI
CVE-2025-59954 (Knowage is an open source analytics and business intelligence
suite. V ...)
@@ -81,23 +81,23 @@ CVE-2025-59950 (FreshRSS is a free, self-hostable RSS
aggregator. In versions 1.
CVE-2025-59948 (FreshRSS is a free, self-hostable RSS aggregator. Versions
1.26.3 and ...)
- freshrss <itp> (bug #1032767)
CVE-2025-59942 (go-f3 is a Golang implementation of Fast Finality for Filecoin
(F3). I ...)
- TODO: check
+ NOT-FOR-US: go-f3
CVE-2025-59941 (go-f3 is a Golang implementation of Fast Finality for Filecoin
(F3). I ...)
- TODO: check
+ NOT-FOR-US: go-f3
CVE-2025-59940 (mkdocs-include-markdown-plugin is an Mkdocs Markdown includer
plugin. ...)
- TODO: check
+ NOT-FOR-US: Mkdocs Markdown includer plugin
CVE-2025-59937 (go-mail is a comprehensive library for sending mails with Go.
In versi ...)
- TODO: check
+ NOT-FOR-US: go-mail
CVE-2025-59933 (libvips is a demand-driven, horizontally threaded image
processing lib ...)
TODO: check
CVE-2025-59668 (Multiple versions of Central Monitor CNS-6201 contain a NULL
pointer d ...)
- TODO: check
+ NOT-FOR-US: Central Monitor CNS-6201
CVE-2025-59163 (vet is an open source software supply chain security tool.
Versions 1. ...)
- TODO: check
+ NOT-FOR-US: vet
CVE-2025-57769 (FreshRSS is a free, self-hostable RSS aggregator. Versions
1.26.3 and ...)
- freshrss <itp> (bug #1032767)
CVE-2025-57266 (An issue was discovered in file AssistantController.java in
ThriveX Bl ...)
- TODO: check
+ NOT-FOR-US: ThriveX Blogging Framework
CVE-2025-54875 (FreshRSS is a free, self-hostable RSS aggregator. In versions
1.16.0 a ...)
- freshrss <itp> (bug #1032767)
CVE-2025-54592 (FreshRSS is a free, self-hostable RSS aggregator. Versions
1.26.3 and ...)
@@ -228,7 +228,7 @@ CVE-2025-57872 (There is an unvalidated redirect
vulnerability in Esri Portal fo
CVE-2025-57871 (There is a reflected cross site scripting vulnerability in
Esri Portal ...)
NOT-FOR-US: Esri
CVE-2025-57516 (OS Command injection vulnerability in PublicCMS
PublicCMS-V5.202506.a, ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2025-57483 (A reflected cross-site scripting (XSS) vulnerability in
tawk.to chatbo ...)
NOT-FOR-US: tawk.to chatbox widget
CVE-2025-57428 (Default credentials in Italy Wireless Mini Router WIRELESS-N
300M v28K ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4499e8614af8f1d97648b196580be811797250a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4499e8614af8f1d97648b196580be811797250a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
