Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ede12aff by Moritz Muehlenhoff at 2025-10-10T23:18:20+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2025-62238 (Stored cross-site scripting (XSS)
vulnerability on the Membershi
CVE-2025-62237 (Stored cross-site scripting (XSS) vulnerability in
Commerce\u2019s vie ...)
NOT-FOR-US: Liferay
CVE-2025-61929 (Cherry Studio is a desktop client that supports for multiple
LLM provi ...)
- TODO: check
+ NOT-FOR-US: Cherry Studio
CVE-2025-61927 (Happy DOM is a JavaScript implementation of a web browser
without its ...)
TODO: check
CVE-2025-61925 (Astro is a web framework. Prior to version 5.14.2, Astro
reflects the ...)
- TODO: check
+ NOT-FOR-US: Astro web framework
CVE-2025-61921 (Sinatra is a domain-specific language for creating web
applications in ...)
TODO: check
CVE-2025-61920 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
@@ -29,41 +29,41 @@ CVE-2025-61919 (Rack is a modular Ruby web server
interface. Prior to versions 2
CVE-2025-61864 (A use after free vulnerability exists in
VS6ComFile!load_link_inf of V ...)
TODO: check
CVE-2025-61863 (An out-of-bounds read vulnerability exists in
VS6ComFile!CSaveData::de ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2025-61862 (An out-of-bounds read vulnerability exists in
VS6ComFile!get_ovlp_elem ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2025-61861 (An out-of-bounds read vulnerability exists in
VS6ComFile!load_link_inf ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2025-61860 (An out-of-bounds read vulnerability exists in
VS6MemInIF!set_temp_type ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2025-61859 (An out-of-bounds write vulnerability exists in
VS6ComFile!CItemDraw::i ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2025-61858 (An out-of-bounds write vulnerability exists in
VS6ComFile!set_Animatio ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2025-61857 (An out-of-bounds write vulnerability exists in
VS6ComFile!CItemExChang ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2025-61856 (A stack-based buffer overflow vulnerability exists in
VS6ComFile!CV7Ba ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2025-61780 (Rack is a modular Ruby web server interface. Prior to versions
2.2.20, ...)
TODO: check
CVE-2025-61689 (HTTP.jl is an HTTP client and server functionality for the
Julia progr ...)
TODO: check
CVE-2025-61505 (e107 CMS thru 2.3.3 are vulnerable to insecure deserialization
in the ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2025-61319 (ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site
Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: ReNgine
CVE-2025-61152 (python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be
decoded ...)
TODO: check
CVE-2025-60880 (An authenticated stored XSS vulnerability exists in the
Bagisto 2.3.6 ...)
TODO: check
CVE-2025-60869 (Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site
Scriptin ...)
- TODO: check
+ NOT-FOR-US: Publii CMS
CVE-2025-60868 (The Alt Redirect 1.6.3 addon for Statamic fails to
consistently strip ...)
- TODO: check
+ NOT-FOR-US: Statamic addon
CVE-2025-60838 (An arbitrary file upload vulnerability in MCMS v6.0.1 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: MCMS
CVE-2025-60378 (Stored HTML injection in RISE Ultimate Project Manager & CRM
allows au ...)
- TODO: check
+ NOT-FOR-US: RISE Ultimate Project Manager & CRM
CVE-2025-60308 (code-projects Simple Online Hotel Reservation System 1.0 has a
Cross S ...)
NOT-FOR-US: code-projects
CVE-2025-60307 (code-projects Computer Laboratory System 1.0 has a SQL
injection vulne ...)
@@ -73,13 +73,13 @@ CVE-2025-60306 (code-projects Simple Car Rental System 1.0
has a permission bypa
CVE-2025-60305 (SourceCodester Online Student Clearance System 1.0 is
vulnerable to In ...)
NOT-FOR-US: SourceCodester
CVE-2025-60269 (JEEWMS 20250820 is vulnerable to SQL Injection in the
exportXls functi ...)
- TODO: check
+ NOT-FOR-US: JeeWMS
CVE-2025-60268 (An arbitrary file upload vulnerability exists in JeeWMS
20250820, whic ...)
- TODO: check
+ NOT-FOR-US: JeeWMS
CVE-2025-59530 (quic-go is an implementation of the QUIC protocol in Go. In
versions p ...)
TODO: check
CVE-2025-55903 (A HTML injection vulnerability exists in Perfex CRM v3.3.1.
The applic ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2025-52655 (Inclusion of Functionality from Untrusted Control Sphere
vulnerability ...)
NOT-FOR-US: HCL
CVE-2025-52650 (Inline script execution allowed in CSP vulnerability has been
identifi ...)
@@ -99,19 +99,19 @@ CVE-2025-52624 (A vulnerabilityBypass of the script
allowlist configuration in H
CVE-2025-48043 (Incorrect Authorization vulnerability in ash-project ash
allows Authen ...)
TODO: check
CVE-2025-41089 (Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from
Xibo Sign ...)
- TODO: check
+ NOT-FOR-US: Xibo CMS
CVE-2025-41088 (Stored Cross-Site Scripting (XSS) in Xibo Signage's Xibo CMS
v4.1.2, d ...)
- TODO: check
+ NOT-FOR-US: Xibo CMS
CVE-2025-40640 (Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM
v2025 by ...)
- TODO: check
+ NOT-FOR-US: Energy CRM
CVE-2025-37727 (Insertion of sensitive information in log file in
Elasticsearch can le ...)
- TODO: check
+ - elasticsearch <removed>
CVE-2025-30001 (Incorrect Execution-Assigned Permissions vulnerability in
Apache Strea ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-25018 (Improper Neutralization of Input During Web Page Generation in
Kibana ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2025-25017 (Improper Neutralization of Input During Web Page Generation in
Kibana ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2025-23309 (NVIDIA Display Driver contains a vulnerability where an
uncontrolled D ...)
TODO: check
CVE-2025-23282 (NVIDIA Display Driver for Linux contains a vulnerability where
an atta ...)
@@ -125,17 +125,17 @@ CVE-2025-11617 (A missing validation check in
FreeRTOS-Plus-TCP's IPv6 packet pr
CVE-2025-11616 (A missing validation check in FreeRTOS-Plus-TCP's ICMPv6
packet proces ...)
NOT-FOR-US: Amazon
CVE-2025-11581 (A security vulnerability has been detected in PowerJob up to
5.1.2. Th ...)
- TODO: check
+ NOT-FOR-US: PowerJob
CVE-2025-11580 (A weakness has been identified in PowerJob up to 5.1.2. This
affects t ...)
- TODO: check
+ NOT-FOR-US: PowerJob
CVE-2025-11579 (github.com/nwaples/rardecode versions <=2.1.1 fail to restrict
the dic ...)
TODO: check
CVE-2025-11190 (The Kiwire Captive Portal contains an open redirection issue
via the l ...)
- TODO: check
+ NOT-FOR-US: Kiwire Captive Portal
CVE-2025-11189 (The Kiwire Captive Portal contains a reflected cross-site
scripting (X ...)
- TODO: check
+ NOT-FOR-US: Kiwire Captive Portal
CVE-2025-11188 (The Kiwire Captive Portal contains a blind SQL injection in
the nas-id ...)
- TODO: check
+ NOT-FOR-US: Kiwire Captive Portal
CVE-2025-11002
- 7zip 25.00+dfsg-1
[trixie] - 7zip <no-dsa> (Minor issue)
@@ -552,13 +552,13 @@ CVE-2025-11198 (A Missing Authentication for Critical
Function vulnerability in
CVE-2025-10862 (The Popup builder with Gamification, Multi-Step Popups,
Page-Level Tar ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10284 (BBOT's unarchive module could be abused by supplying malicious
archive ...)
- TODO: check
+ NOT-FOR-US: bbot
CVE-2025-10283 (BBOT's gitdumper module could be abused to execute commands
through a ...)
- TODO: check
+ NOT-FOR-US: bbot
CVE-2025-10282 (BBOT's gitlab module could be abused to disclose a GitLab API
key to a ...)
- TODO: check
+ NOT-FOR-US: bbot
CVE-2025-10281 (BBOT's git_clone module could be abused to disclose a GitHub
API key t ...)
- TODO: check
+ NOT-FOR-US: bbot
CVE-2025-10249 (The Slider Revolution plugin for WordPress is vulnerable to
unauthoriz ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10240 (A vulnerability exists in the Progress Flowmon web application
prior t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ede12afffb3fda918ec0b765c997dd312c82e13f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ede12afffb3fda918ec0b765c997dd312c82e13f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
