Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a8e82cf by Salvatore Bonaccorso at 2025-11-11T10:12:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,11 +53,11 @@ CVE-2025-63678 (An authenticated arbitrary file upload
vulnerability in the /upl
CVE-2025-63617 (ktg-mes before commit a484f96 (2025-07-03) has a fastjson
deserializat ...)
NOT-FOR-US: ktg-mes
CVE-2025-63397 (Improper input validation in OneFlow v0.9.0 allows attackers
to cause ...)
- TODO: check
+ NOT-FOR-US: OneFlow
CVE-2025-63384 (A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and
before i ...)
- TODO: check
+ NOT-FOR-US: RISC-V Rocket-Chip
CVE-2025-63296 (KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware
v33.53.87 c ...)
- TODO: check
+ NOT-FOR-US: KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware
CVE-2025-62780 (changedetection.io is a free open source web page change
detection too ...)
TODO: check
CVE-2025-5718 (The ACAP Application framework could allow privilege escalation
throug ...)
@@ -69,13 +69,13 @@ CVE-2025-5452 (A malicious ACAP application can gain access
to admin-level servi
CVE-2025-4645 (An ACAP configuration file lacked sufficient input validation,
which c ...)
NOT-FOR-US: Axis Communication
CVE-2025-49145 (Combodo iTop is a web based IT service management tool. In
versions pr ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2025-48878 (Combodo iTop is a web based IT service management tool. In
versions on ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2025-48065 (Combodo iTop is a web based IT service management tool.
Versions prior ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2025-48055 (Combodo iTop is a web based IT service management tool. In
versions pr ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2025-42940 (SAP CommonCryptoLib does not perform necessary boundary checks
during ...)
NOT-FOR-US: SAP
CVE-2025-42924 (SAP S/4HANA landscape SAP E-Recruiting BSP allows an
unauthenticated a ...)
@@ -245,9 +245,9 @@ CVE-2025-11129 (The Include Fussball.de Widgets plugin for
WordPress is vulnerab
CVE-2025-10714 (AXIS Optimizer was vulnerable to an unquoted search path
vulnerability ...)
NOT-FOR-US: Axis Communication
CVE-2021-4462 (Employee Records System version 1.0 contains an unrestricted
file uplo ...)
- TODO: check
+ NOT-FOR-US: Employee Records System
CVE-2018-25124 (PacsOne Server version 6.6.2 (prior versions are likely
affected) cont ...)
- TODO: check
+ NOT-FOR-US: PacsOne Server
CVE-2025-8768
REJECTED
CVE-2025-64690 (In JetBrains YouTrack before 2025.3.104432 insecure Junie
configuratio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a8e82cf58c2446362338f860c56c0482b74e641
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a8e82cf58c2446362338f860c56c0482b74e641
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
