Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ddaa895d by Salvatore Bonaccorso at 2025-11-12T22:16:07+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40,29 +40,29 @@ CVE-2025-63811 (An issue was discovered in dvsekhvalnov
jose2go 1.5.0 thru 1.7.0
- golang-github-dvsekhvalnov-jose2go <unfixed>
NOTE: https://github.com/dvsekhvalnov/jose2go/issues/33
CVE-2025-63679 (free5gc v4.1.0 and before is vulnerable to Buffer Overflow.
When AMF r ...)
- TODO: check
+ NOT-FOR-US: Free5gc
CVE-2025-63667 (Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW
v1.14.92 ...)
- TODO: check
+ NOT-FOR-US: SIMICAM
CVE-2025-63666 (Tenda AC15 v15.03.05.18_multi) issues an authentication cookie
that ex ...)
NOT-FOR-US: Tenda
CVE-2025-63419 (Cross Site Scripting (XSS) vulnerability in CrushFTP
11.3.6_48. The We ...)
- TODO: check
+ NOT-FOR-US: CrushFTP
CVE-2025-63353 (A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows
the devic ...)
- TODO: check
+ NOT-FOR-US: FiberHome GPON ONU HG6145F1 RP4423
CVE-2025-63289 (Sogexia Android App Compile Affected SDK v35, Max SDK 32 and
fixed in ...)
- TODO: check
+ NOT-FOR-US: Sogexia Android App Compile Affected SDK
CVE-2025-62876 (A Execution with Unnecessary Privileges vulnerability in
lightdm-kde-g ...)
TODO: check
CVE-2025-61667 (The Datadog Agent collects events and metrics from hosts and
sends the ...)
- TODO: check
+ NOT-FOR-US: Datadog Agent
CVE-2025-61623 (Reflected cross-site scripting vulnerability in Apache OFBiz.
This is ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-60646 (A stored cross-site scripting (XSS) in the Business Line
Management mo ...)
- TODO: check
+ NOT-FOR-US: xxl-api
CVE-2025-60645 (A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: xxl-api
CVE-2025-59491 (Cross Site Scripting vulnerability in CentralSquare Community
Developm ...)
- TODO: check
+ NOT-FOR-US: CentralSquare Community Development
CVE-2025-59118 (Unrestricted Upload of File with Dangerous Type vulnerability
in Apach ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-59089 (If an attacker causes kdcproxy to connect to an
attacker-controlled KD ...)
@@ -74,7 +74,7 @@ CVE-2025-57812 (CUPS is a standards-based, open-source
printing system, and `lib
CVE-2025-57310 (A Cross-Site Request Forgery (CSRF) vulnerability in
Salmen2/Simple-Fa ...)
TODO: check
CVE-2025-56385 (A SQL injection vulnerability exists in the login
functionality of Wel ...)
- TODO: check
+ NOT-FOR-US: WellSky Harmony
CVE-2025-52331 (Cross-site scripting (XSS) vulnerability in the generate
report functi ...)
TODO: check
CVE-2025-46428 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,
contain a ...)
@@ -84,7 +84,7 @@ CVE-2025-37734 (Origin Validation Error in Kibana can lead to
Server-Side Reques
CVE-2025-27368 (IBM OpenPages 9.0 and 9.1 is vulnerable to information
disclosure of s ...)
NOT-FOR-US: IBM
CVE-2025-25236 (Omnissa Workspace ONE UEM contains an observable response
discrepancy ...)
- TODO: check
+ NOT-FOR-US: Omnissa
CVE-2025-20379 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and
9.2.9 an ...)
NOT-FOR-US: Cisco
CVE-2025-20378 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7,
9.2.9, and S ...)
@@ -112,13 +112,13 @@ CVE-2025-12047 (A vulnerability was reported in the
Lenovo Scanner pro applicati
CVE-2025-11994 (The Easy Email Subscription plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11962 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Digital Corporate Warehouse
CVE-2025-11797 (A maliciously crafted DWG file, when parsed through Autodesk
3ds Max, ...)
NOT-FOR-US: Autodesk
CVE-2025-11795 (A maliciously crafted JPG file, when parsed through Autodesk
3ds Max, ...)
NOT-FOR-US: Autodesk
CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to an XML External
Entities ...)
- TODO: check
+ NOT-FOR-US: N-central
CVE-2025-11567 (CWE-276: Incorrect Default Permissions vulnerability exists
that could ...)
NOT-FOR-US: Schneider Electric
CVE-2025-11566 (CWE-307: Improper Restriction of Excessive Authentication
Attempts vul ...)
@@ -128,9 +128,9 @@ CVE-2025-11565 (CWE-22: Improper Limitation of a Pathname
to a Restricted Direct
CVE-2025-11454 (The Specific Content For Mobile \u2013 Customize the mobile
version wi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11367 (The N-central Software Probe < 2025.4 is vulnerable to Remote
Code Exe ...)
- TODO: check
+ NOT-FOR-US: N-central
CVE-2025-11366 (N-central < 2025.4 is vulnerable to authentication bypass via
path tra ...)
- TODO: check
+ NOT-FOR-US: N-central
CVE-2025-10495 (A potential vulnerability was reported in the Lenovo PC
Manager, Lenov ...)
NOT-FOR-US: Lenovo
CVE-2024-48829 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,
contain an ...)
@@ -138,7 +138,7 @@ CVE-2024-48829 (Dell SmartFabric OS10 Software, versions
prior to 10.6.1.0, cont
CVE-2024-47866 (Ceph is a distributed object, block, and file storage
platform. In ver ...)
TODO: check
CVE-2024-45301 (Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In
versions 2 ...)
- TODO: check
+ NOT-FOR-US: Mintty
CVE-2025-40177 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddaa895dd767c7e809f72c558961d4bd2912b1d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddaa895dd767c7e809f72c558961d4bd2912b1d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
