Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56ced1cb by Salvatore Bonaccorso at 2025-10-31T21:45:39+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -106,7 +106,7 @@ CVE-2025-62267 (Multiple cross-site scripting (XSS)
vulnerabilities in web conte
CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in
Languauge Overri ...)
NOT-FOR-US: Liferay
CVE-2025-62232 (Sensitive data exposure via logging in basic-auth leads to
plaintext u ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-61427 (A reflected cross-site scripting (XSS) vulnerability in BEO
GmbH BEO A ...)
NOT-FOR-US: BEO GmbH BEO Atlas Einfuhr Ausfuhr
CVE-2025-61141 (sqls-server/sqls 0.2.28 is vulnerable to command injection in
the conf ...)
@@ -134,19 +134,19 @@ CVE-2025-57106 (Kitware VTK (Visualization Toolkit) up to
9.5.0 is vulnerable to
CVE-2025-54763 (FutureNet MA and IP-K series provided by Century Systems Co.,
Ltd. con ...)
NOT-FOR-US: Century Systems
CVE-2025-52665 (A malicious actor with access to the management network could
exploit ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-52664 (SQL injection in Revive Adserver 6.0.0 causes potential
disruption or ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2025-52663 (A vulnerability was identified in certain UniFi Talk devices
where int ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2025-4952 (Tampering of the registry entries might have led to preventing
the ESE ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2025-48984 (A vulnerability allowing remote code execution (RCE) on the
Backup Ser ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2025-48983 (A vulnerability in the Mount service of Veeam Backup &
Replication, wh ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2025-48982 (This vulnerability in Veeam Agent for Microsoft Windows allows
for Loc ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2025-48980 (In Brave Browser Desktop versions prior to 1.83.10 that have
the split ...)
- brave-browser <itp> (bug #864795)
CVE-2025-40603 (A potential exposure of sensitive information in log files in
SonicWal ...)
@@ -154,39 +154,39 @@ CVE-2025-40603 (A potential exposure of sensitive
information in log files in So
CVE-2025-36249 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does
not set ...)
NOT-FOR-US: IBM
CVE-2025-34298 (Nagios Log Server versions prior to 2024R1.3.2 contain a
privilege esc ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34287 (Nagios XI versions prior to 2024R2 contain an improperly owned
script, ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34286 (Nagios XI versions prior to 2026R1 contain a remote code
execution vu ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34284 (Nagios XI versions prior to2024R2contain a command injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34283 (Nagios XI versions prior to2024R1.4.2revealed API keys to
users who we ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34280 (NagiosNetwork Analyzer versions prior to2024R2.0.1 contain a
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyzer
CVE-2025-34278 (Nagios Network Analyzer versions prior to2024R1 contain a
stored cross ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyser
CVE-2025-34277 (Nagios Log Server versions prior to2024R1.3.1 contain a code
injection ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34274 (Nagios Log Server versions prior to 2024R2.0.3 contain an
execution wi ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34273 (Nagios Log Server versions prior to 2024R2.0.3 contain an
incorrect au ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34272 (In Nagios Log Server versions prior to 2024R2.0.3, when a
user's confi ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34271 (Nagios Log Server versions prior to2024R2.0.2 contain a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34270 (Nagios Log Server versions prior to 2024R2.0.2 contain a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2025-34269 (Nagios Fusion versions prior to R2.1 contain a vulnerability
due to th ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2025-34249 (Nagios Fusion versions prior to 2024R2.1contain a brute-force
bypass i ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2025-34135 (Nagios XI versions prior to2024R1.4.2configure some systemd
unit files ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-34134 (Nagios XI versions prior to 2024R1.4.2 contain a remote code
execution ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-33003 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
could allo ...)
NOT-FOR-US: IBM
CVE-2025-30191 (Malicious content from E-Mail can be used to perform a
redressing atta ...)
@@ -204,9 +204,9 @@ CVE-2025-12553 (Email Server Certificate Verification
Disabled.This issue affect
CVE-2025-12552 (Insufficient Password Policy.This issue affects BLU-IC2:
through 1.19. ...)
NOT-FOR-US: Azure Access Technology
CVE-2025-12547 (A vulnerability was identified in LogicalDOC Community Edition
up to 9 ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2025-12546 (A vulnerability was determined in LogicalDOC Community Edition
up to 9 ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2025-12521 (The Analytify Pro plugin for WordPress is vulnerable to
Sensitive Info ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12509 (On a client with an admin user, a Global_Shipping script can
be implem ...)
@@ -216,9 +216,9 @@ CVE-2025-12508 (When using domain users as BRAIN2 users,
communication with Acti
CVE-2025-12507 (The service Bizerba Communication Server (BCS) has an unquoted
service ...)
NOT-FOR-US: Bizerba
CVE-2025-12501 (Integer overflow in GameMaker IDE below 2024.14.0 version can
lead to ...)
- TODO: check
+ NOT-FOR-US: GameMaker IDE
CVE-2025-12460 (An XSS issue was discovered in Afterlogic Aurora webmail
version 9.8.3 ...)
- TODO: check
+ NOT-FOR-US: Afterlogic Aurora webmail
CVE-2025-12357 (By manipulating the Signal Level Attenuation Characterization
(SLAC) ...)
TODO: check
CVE-2025-12175 (The The Events Calendar plugin for WordPress is vulnerable to
unauthor ...)
@@ -244,173 +244,173 @@ CVE-2025-10897 (The WooCommerce Designer Pro theme for
WordPress is vulnerable t
CVE-2025-10693 (When SmartStart Inclusion fails during the onboarding of a
Z-Wave PIR ...)
NOT-FOR-US: Silicon Labs
CVE-2024-58273 (Nagios Log Server versions prior to 2024R1.0.2 contain a local
privile ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2024-58272 (Nagios Log Server versions prior to 2024R1 contain a stored
cross-site ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2024-14009 (Nagios XI versions prior to2024R1.0.1contain a privilege
escalation vu ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14008 (Nagios XI versions prior to 2024R1.3.2contain a remote command
executi ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14006 (Nagios XI versions prior to 2024R1.2.2contain a host header
injection ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14005 (Nagios XI versions prior to 2024R1.2 contain a command
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14004 (Nagios XI versions prior to 2024R1.2 containa privilege
escalation vul ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14003 (Nagios XI versions prior to 2024R1.2 arevulnerable to remote
code exec ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14002 (Nagios XI versions prior to 2024R1.1.4 contain a local file
inclusion ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14001 (Nagios XI versions prior to 2024R1.1.3are vulnerable to
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-14000 (Nagios XI versions prior to 2024R1.1.3are vulnerable to
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13999 (Nagios XI versions prior to 2024R1.1.3, under certain
circumstances,di ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13996 (Nagios XI versions prior to2024R1.1.3did not invalidate all
other acti ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13995 (Nagios XI versions prior to2024R1.1.2 may (confirmed
in2024R1.1 and 20 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13994 (Nagios XI versions prior to2024R1.1.2 contain a missing
authorization ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13993 (Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a
reflected ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-13992 (Nagios XI versions prior to < 2024R1.1 is vulnerable to a
cross-site s ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7325 (Anheng Mingyu Operation and Maintenance Audit and Risk Control
System ...)
- TODO: check
+ NOT-FOR-US: Anheng Mingyu Operation and Maintenance Audit and Risk
Control System
CVE-2023-7323 (Nagios Log Server versions prior to 2024R1are vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2023-7322 (Nagios Log Server versions prior to 2024R1 contain an incorrect
author ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2023-7321 (Nagios Log Server versions prior to 2.1.14 are vulnerable to
cross-sit ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2023-7319 (Nagios Network Analyzer versions prior to 2024R1 are vulnerable
to cro ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyzer
CVE-2023-7318 (Nagios XI versions prior to < 2024R1.0.2 are vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7317 (Nagios XI versions prior to 2024R1contain a missing access
control vul ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7316 (Nagios XI versions prior to 2024R1 are vulnerable to cross-site
script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7315 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site
script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7314 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site
script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7313 (Nagios XI versions prior to 5.11.3 are vulnerable to cross-site
script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-7312 (Nagios Fusion versions prior to4.2.0 contain a stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2023-53690 (Nagios Fusion versions prior to 4.2.0 contain a stored
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2023-53689 (Nagios Fusion versions prior to4.2.0 contain a reflected
cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2023-53688 (Nagios XI versions prior to 5.11.3 are vulnerable to
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50588 (Nagios XI versions prior to5.8.9are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50587 (Nagios XI versions prior to5.8.9are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50586 (Nagios XI versions prior to5.8.9are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50585 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.7 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-50584 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.6 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-4461 (Seeyon Zhiyuan OA Web Application System versions up to and
including ...)
- TODO: check
+ NOT-FOR-US: Seeyon Zhiyuan OA Web Application System
CVE-2021-47700 (Nagios XI versions prior to5.8.7used a temporary directory for
Highcha ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47699 (Nagios XI versions prior to5.8.7are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47697 (Nagios XI versions prior to5.8.0are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47696 (Nagios XI versions prior to5.8.0are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47695 (Nagios XI versions prior to5.8.0are vulnerable to stored
cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47694 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.4 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47693 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.3 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47692
REJECTED
CVE-2021-47691 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47690 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2021-47689 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.1.0 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36869 (Nagios XI versions prior to5.7.5contain a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36868 (Nagios XI versions prior to5.7.3contain a privilege escalation
vulnera ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36867 (Nagios XI versions prior to5.7.3contain a command injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36866 (Nagios XI versions prior to5.7.2are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36865 (Nagios XI versions prior to5.7.2are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36864 (Nagios XI versions prior to5.7.2are vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36863 (Nagios XI versions prior to5.7.2allow PHP files to be uploaded
to the ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36862 (Nagios XI versions prior to5.6.11contain unauthenticated
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36861 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.0.8 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36860 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.0.7 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36859 (The Core Config Manager (CCM) in Nagios XI versions prior to
CCM 3.0.7 ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36858 (Nagios Log Server versions prior to 2.1.6contain cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2020-36857 (Nagios XI versions prior to 5.6.14 containa
post-authentication SQL in ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-36856 (Nagios XI versions prior to 5.6.14 contain an authenticated
remote com ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-25123 (Nagios XI versions prior to5.5.7contain a privilege escalation
vulnera ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-25122 (Nagios XI versions prior to5.4.13contain a remote code
execution vulne ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-25121 (Nagios XI versions prior to5.4.13 are vulnerable to cross-site
scripti ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-25119 (Nagios Fusion versions prior to 4.1.5 arevulnerable to
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2017-20209 (Nagios Fusion versions prior to 4.0.1arevulnerable to
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2016-15053 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site
scriptin ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2016-15052 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site
scriptin ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2016-15051 (Nagios XI versions prior to5.2.4 are vulnerable to cross-site
scriptin ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2016-15050 (Nagios XI versions prior to5.2.4 containa SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2016-15049 (Nagios Log Server versions prior to 1.4.2 are vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2013-10074 (Nagios XI versions prior to2012R2.6are vulnerable to
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2013-10073 (Nagios XI versions prior to2012R1.6 contain ashell command
injection v ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2013-10072 (Nagios XI versions prior to2012R1.6 contain an authorization
flaw in t ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2013-10071 (Nagios XI versions prior to2012R1.6contain a reflected
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2012-10063 (Nagios XI versions prior to2012R1.3 containa SQL injection
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10040 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10039 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10038 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10037 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10036 (Nagios XI versions prior to2011R1.9are vulnerable to
cross-site script ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2011-10035 (Nagios XI versions prior to2011R1.9contain privilege
escalation vulner ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2025-40106 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.17.6-1
NOTE:
https://git.kernel.org/linus/87b318ba81dda2ee7b603f4f6c55e78ec3e95974 (6.18-rc3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56ced1cbe47d78b956123626295973e031a65594
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56ced1cbe47d78b956123626295973e031a65594
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
