Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7f629765 by Salvatore Bonaccorso at 2025-10-28T21:24:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-9313 (An unauthenticated user can connect to a publicly accessible
database ...)
- TODO: check
+ NOT-FOR-US: Asseco mMedica
CVE-2025-62367 (Taiga is an open source project management platform. In
versions 6.8.3 ...)
- TODO: check
+ NOT-FOR-US: Taiga
CVE-2025-61235 (An issue was discovered in Dataphone A920 v2025.07.161103. A
custom pa ...)
- TODO: check
+ NOT-FOR-US: Dataphone A920
CVE-2025-61155 (Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode
anti-che ...)
- TODO: check
+ NOT-FOR-US: Hotta Studio
CVE-2025-61128 (Stack-based buffer overflow vulnerability in WAVLINK QUANTUM
D3G/WL-WN ...)
NOT-FOR-US: Wavlink
CVE-2025-61107 (FRRouting/frr from v4.0 through v10.4.1 was discovered to
contain a NU ...)
@@ -25,25 +25,25 @@ CVE-2025-61103 (FRRouting/frr from v4.0 through v10.4.1 was
discovered to contai
NOTE: https://github.com/FRRouting/frr/issues/19471
NOTE: https://github.com/FRRouting/frr/pull/19480
CVE-2025-61080 (A reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
- TODO: check
+ NOT-FOR-US: Clear2Pay Bank Visibility Application Payment Execution
CVE-2025-61043 (An out-of-bounds read vulnerability has been discovered in
Monkey's Au ...)
- TODO: check
+ NOT-FOR-US: Monkey's Audio
CVE-2025-60858 (Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and
transmits DDNS ...)
- TODO: check
+ NOT-FOR-US: Reolink
CVE-2025-60805 (An issue was discovered in BESSystem BES Application Server
thru 9.5.x ...)
- TODO: check
+ NOT-FOR-US: BESSystem BES Application Server
CVE-2025-60800 (Incorrect access control in the /jshERP-boot/user/info
interface of js ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2025-60355 (zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI
(Server-Side Tem ...)
- TODO: check
+ NOT-FOR-US: zhangyd-c OneBlog
CVE-2025-60354 (Unauthorized modification of arbitrary articles vulnerability
exists i ...)
- TODO: check
+ NOT-FOR-US: blog-vue-springboot
CVE-2025-60349 (An issue was discovered in Prevx v3.0.5.220 allowing attackers
to caus ...)
- TODO: check
+ NOT-FOR-US: Prevx
CVE-2025-59837 (Astro is a web framework that includes an image proxy. In
versions 5.1 ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2025-56399 (alexusmai laravel-file-manager 3.3.1 and before allows an
authenticate ...)
- TODO: check
+ NOT-FOR-US: alexusmai laravel-file-manager
CVE-2025-55758 (Multiple CSRF attack vectors in JDownloads component
1.0.0-4.0.47 for ...)
NOT-FOR-US: Joomla
CVE-2025-54605 (Bitcoin Core through 29.0 allows Uncontrolled Resource
Consumption (is ...)
@@ -55,7 +55,7 @@ CVE-2025-53855 (An out-of-bounds write vulnerability exists
in the XML parser fu
CVE-2025-53814 (A use-after-free vulnerability exists in the XML parser
functionality ...)
TODO: check
CVE-2025-41090 (microCLAUDIA in v3.2.0 and prior has an improper access
control vulner ...)
- TODO: check
+ NOT-FOR-US: microCLAUDIA
CVE-2025-40843 (CodeChecker is an analyzer tooling, defect database and viewer
extensi ...)
NOT-FOR-US: Ericsson
CVE-2025-36386 (IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0
through 9. ...)
@@ -67,45 +67,45 @@ CVE-2025-36083 (IBM Concert Software 1.0.0 through
2.0.0could allow a local us
CVE-2025-36081 (IBM ConcertSoftware 1.0.0 through 2.0.0 could allow a user to
modify ...)
NOT-FOR-US: IBM
CVE-2025-34318 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34317 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34316 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34315 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34314 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34313 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34312 (IPFire versions prior to 2.29 (Core Update 198) containa
command injec ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34311 (IPFire versions prior to 2.29 (Core Update 198) containa
command injec ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34310 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34309 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34308 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34307 (IPFire versions prior to 2.29 (Core Update 198) containa
stored cross- ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34306 (IPFire versions prior to 2.29 (Core Update 198) contain a
stored cross ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34305 (IPFire versions prior to 2.29 (Core Update 198) contain
multiple store ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34304 (IPFire versions prior to 2.29 (Core Update 198) contain a SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34303 (IPFire versions prior to 2.29 (Core Update 198) contain a
stored cross ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34302 (IPFire versions prior to 2.29 (Core Update 198) contain a
stored cross ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34301 (IPFire versions prior to 2.29 (Core Update 198) contain a
stored cross ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2025-34294 (Wazuh's File Integrity Monitoring (FIM), when configured with
automati ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2025-27093 (Sliver is a command and control framework that uses a custom
Wireguard ...)
- TODO: check
+ NOT-FOR-US: Sliver
CVE-2025-1038 (The \u201cDiagnostics Tools\u201d page of the web-based
configuration ...)
NOT-FOR-US: Hitachi Energy
CVE-2025-1037 (By making minor configuration changes to the TropOS 4th Gen
device, an ...)
@@ -125,7 +125,7 @@ CVE-2025-12390 (A flaw was found in Keycloak. In Keycloak
where a user can accid
CVE-2025-12380 (Starting with Firefox 142, it was possible for a compromised
child pro ...)
TODO: check
CVE-2025-12103 (A flaw was found in Red Hat Openshift AI Service. The TrustyAI
compone ...)
- TODO: check
+ NOT-FOR-US: Red Hat Openshift AI Service
CVE-2025-40082 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/bea3e1d4467bcf292c8e54f080353d556d355e26 (6.18-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f62976594058a18152a46cf103265d5beec7029
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f62976594058a18152a46cf103265d5beec7029
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
