Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dbab771f by Salvatore Bonaccorso at 2025-10-10T11:57:53+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,31 +45,31 @@ CVE-2025-55321 (Improper neutralization of input during web
page generation ('cr
CVE-2025-43296 (A logic issue was addressed with improved validation. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2025-35062 (Newforma Info Exchange (NIX) before version 2023.1 by default
allows a ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35061 (Newforma Info Exchange (NIX)
'/NPCSRemoteWeb/LegacyIntegrationServices ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35060 (Newforma Info Exchange (NIX) provides a 'Send a File Transfer'
feature ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35059 (Newforma Info Exchange (NIX)
'/DownloadWeb/hyperlinkredirect.aspx' pro ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35058 (Newforma Info Exchange (NIX)
'/UserWeb/Common/MarkupServices.ashx' all ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35057 (Newforma Info Exchange (NIX)
'/RemoteWeb/IntegrationServices.ashx' all ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35056 (Newforma Info Exchange (NIX)
'/UserWeb/Common/MarkupServices.ashx' 'St ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35055 (Newforma Info Exchange (NIX)
'/UserWeb/Common/UploadBlueimp.ashx' allo ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35054 (Newforma Info Exchange (NIX) stores credentials used to
configure NPC ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35053 (Newforma Info Exchange (NIX) accepts requests to
'/UserWeb/Common/Mark ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35052 (Newforma Info Exchange (NIX) uses a hard-coded key to encrypt
certain ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-35051 (Newforma Project Center Server (NPCS) accepts serialized .NET
data via ...)
- TODO: check
+ NOT-FOR-US: Newforma Project Center Server (NPCS)
CVE-2025-35050 (Newforma Info Exchange (NIX) accepts serialized .NET data via
the '/re ...)
- TODO: check
+ NOT-FOR-US: Newforma Info Exchange (NIX)
CVE-2025-34248 (D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a
directory ...)
NOT-FOR-US: D-Link
CVE-2025-21070 (Out-of-bounds write in the SPI decoder in Samsung Notes prior
to versi ...)
@@ -125,15 +125,15 @@ CVE-2025-21045 (Insecure storage of sensitive information
in Galaxy Watch prior
CVE-2025-21044 (Out-of-bounds write in fingerprint trustlet prior to SMR
Oct-2025 Rele ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-11570 (Versions of the package
drupal-pattern-lab/unified-twig-extensions fro ...)
- TODO: check
+ NOT-FOR-US: drupal-pattern-lab/unified-twig-extensions
CVE-2025-11569 (All versions of the package cross-zip are vulnerable to
Directory Trav ...)
TODO: check
CVE-2025-11558 (A vulnerability was found in code-projects E-Commerce Website
1.0. Imp ...)
- TODO: check
+ NOT-FOR-US: code-projects E-Commerce Website
CVE-2025-11557 (A vulnerability has been found in projectworlds Gate Pass
Management S ...)
NOT-FOR-US: Project Worlds
CVE-2025-11556 (A flaw has been found in code-projects Simple Leave Manager
1.0. This ...)
- TODO: check
+ NOT-FOR-US: code-projects Simple Leave Manager
CVE-2025-11555 (A vulnerability was detected in Campcodes Online Learning
Management S ...)
NOT-FOR-US: Campcodes
CVE-2025-11450 (ServiceNow has addressed a reflected cross-site scripting
vulnerabilit ...)
@@ -143,7 +143,7 @@ CVE-2025-11449 (ServiceNow has addressed a reflected
cross-site scripting vulner
CVE-2025-10124 (The Booking Manager WordPress plugin before 2.1.15 registers
a shortc ...)
NOT-FOR-US: WordPress plugin
CVE-2016-15047 (AVTECH devices that include the CloudSetup.cgi management
endpoint are ...)
- TODO: check
+ NOT-FOR-US: AVTECH
CVE-2025-61724 [net/textproto: excessive CPU consumption in
Reader.ReadResponse]
- golang-1.25 1.25.2-1
- golang-1.24 1.24.8-1
@@ -383,7 +383,7 @@ CVE-2025-11550 (A vulnerability was found in Tenda W12
3.0.0.6(3948). The impact
CVE-2025-11549 (A vulnerability has been found in Tenda W12 3.0.0.6(3948). The
affecte ...)
NOT-FOR-US: Tenda
CVE-2025-11371 (In the default installation and configuration of Gladinet
CentreStack ...)
- TODO: check
+ NOT-FOR-US: Gladinet CentreStack and TrioFox
CVE-2025-11198 (A Missing Authentication for Critical Function vulnerability
in Junipe ...)
NOT-FOR-US: Juniper
CVE-2025-10862 (The Popup builder with Gamification, Multi-Step Popups,
Page-Level Tar ...)
@@ -405,7 +405,7 @@ CVE-2025-10239 (In Flowmon versions prior to 12.5.5, a
vulnerability has been id
CVE-2023-37401 (IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain
policy fi ...)
NOT-FOR-US: IBM
CVE-2017-20203 (NetSarang Xmanager Enterprise 5.0 Build 1232,Xmanager 5.0
Build 1045,X ...)
- TODO: check
+ NOT-FOR-US: NetSarang
CVE-2025-39963 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.16.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbab771f6d6936ffd3718e7b06a72fed466f4ece
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbab771f6d6936ffd3718e7b06a72fed466f4ece
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
