Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44b000b6 by Salvatore Bonaccorso at 2025-11-14T21:29:36+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,45 +1,45 @@
CVE-2025-9982 (A vulnerability exists in QuickCMS version 6.8 where sensitive
admin c ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-8870 (On affected platforms running Arista EOS, certain serial
console input ...)
NOT-FOR-US: Arista Networks
CVE-2025-8855 (Authorization Bypass Through User-Controlled Key, Weak Password
Recove ...)
- TODO: check
+ NOT-FOR-US: Brokerage Automation
CVE-2025-64446 (A relative path traversal vulnerability in Fortinet FortiWeb
8.0.0 thr ...)
NOT-FOR-US: Fortinet
CVE-2025-63830 (CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in
the File ...)
- TODO: check
+ NOT-FOR-US: CKFinder
CVE-2025-63725 (Reflected Cross-Site Scripting (XSS) vulnerability in SVX
Portal 2.7A ...)
- TODO: check
+ NOT-FOR-US: SVX Portal
CVE-2025-63724 (SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via
crafted POS ...)
- TODO: check
+ NOT-FOR-US: SVX Portal
CVE-2025-63701 (A heap corruption vulnerability exists in the Advantech
TP-3250 printe ...)
NOT-FOR-US: Advantech
CVE-2025-63680 (Nero BackItUp in the Nero Productline is vulnerable to a path
parsing/ ...)
- TODO: check
+ NOT-FOR-US: Nero BackItUp
CVE-2025-63291 (When processing API requests, the Alteryx server
2022.1.1.42654 and 20 ...)
- TODO: check
+ NOT-FOR-US: Alteryx server
CVE-2025-54562 (A vulnerability was found in the Application Server of Desktop
Alert P ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54561 (An Incorrect Access Control vulnerability was found in the
Application ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54560 (A Server-side Request Forgery vulnerability was found in the
Applicati ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54559 (An issue was found in the Application Server of Desktop Alert
PingAler ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54348 (A Stored Cross Site Scripting (XSS) vulnerability was found in
the App ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54346 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in the ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54345 (An issue was found in the Application Server of Desktop Alert
PingAler ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54343 (An Incorrect Access Control vulnerability was found in the
Application ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54342 (A vulnerability was found in the Application Server of Desktop
Alert P ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54340 (A vulnerability was found in the Application Server of Desktop
Alert P ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-54339 (An Incorrect Access Control vulnerability was found in the
Application ...)
- TODO: check
+ NOT-FOR-US: Desktop Alert
CVE-2025-4618 (A sensitive information disclosure vulnerability in Palo Alto
Networks ...)
NOT-FOR-US: Palo Alto Networks
CVE-2025-4617 (An insufficient policy enforcement vulnerability in Palo Alto
Networks ...)
@@ -47,27 +47,27 @@ CVE-2025-4617 (An insufficient policy enforcement
vulnerability in Palo Alto Net
CVE-2025-4616 (An insufficient validation of an untrusted input vulnerability
in Palo ...)
NOT-FOR-US: Palo Alto Networks
CVE-2025-13204 (npm package `expr-eval` is vulnerable to Prototype Pollution.
An attac ...)
- TODO: check
+ NOT-FOR-US: Node expr-eval
CVE-2025-13180 (A vulnerability was found in Bdtask/CodeCanyon Wholesale
Inventory Con ...)
- TODO: check
+ NOT-FOR-US: Bdtask/CodeCanyon Wholesale Inventory Control and Inventory
Management System
CVE-2025-13179 (A vulnerability has been found in Bdtask/CodeCanyon Wholesale
Inventor ...)
- TODO: check
+ NOT-FOR-US: Bdtask/CodeCanyon Wholesale Inventory Control and Inventory
Management System
CVE-2025-13178 (A flaw has been found in Bdtask/CodeCanyon SalesERP up to
20250728. Th ...)
- TODO: check
+ NOT-FOR-US: Bdtask/CodeCanyon SalesERP
CVE-2025-13177 (A vulnerability was detected in Bdtask/CodeCanyon SalesERP up
to 20250 ...)
- TODO: check
+ NOT-FOR-US: Bdtask/CodeCanyon SalesERP
CVE-2025-13174 (A weakness has been identified in rachelos WeRSS we-mp-rss up
to 1.4.7 ...)
- TODO: check
+ NOT-FOR-US: rachelos WeRSS we-mp-rss
CVE-2025-13172 (A security flaw has been discovered in CodeAstro Gym
Management System ...)
NOT-FOR-US: CodeAstro
CVE-2025-13171 (A vulnerability was identified in ZZCMS 2023. This impacts an
unknown ...)
- TODO: check
+ NOT-FOR-US: ZZCMS
CVE-2025-13170 (A vulnerability was detected in code-projects Simple Online
Hotel Rese ...)
NOT-FOR-US: code-projects
CVE-2025-13169 (A security vulnerability has been detected in code-projects
Simple Onl ...)
NOT-FOR-US: code-projects
CVE-2025-13168 (A weakness has been identified in ury-erp ury up to 0.2.0.
This affect ...)
- TODO: check
+ NOT-FOR-US: ury-erp ury
CVE-2025-13033 (A vulnerability was identified in the email parsing library
due to imp ...)
TODO: check
CVE-2025-12897
@@ -75,7 +75,7 @@ CVE-2025-12897
CVE-2025-12187
REJECTED
CVE-2025-12149 (In Search Guard FLX versions 3.1.2 and earlier, while
Document-Level S ...)
- TODO: check
+ NOT-FOR-US: Search Guard
CVE-2025-11981 (The School Management System \u2013 WPSchoolPress plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11918 (Rockwell Automation Arena\xae suffers from a stack-based
buffer overfl ...)
@@ -83,7 +83,7 @@ CVE-2025-11918 (Rockwell Automation Arena\xae suffers from a
stack-based buffer
CVE-2025-11794 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11,
10.12.x <= ...)
TODO: check
CVE-2025-10018 (QuickCMS is vulnerable to multiple Stored XSS in language
editor funct ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2024-55016 (PHPGurukul Student Record Management System 3.20 is vulnerable
to SQL ...)
NOT-FOR-US: PHPGurukul
CVE-2024-44640 (PHPGurukul Student Record System 3.20 is vulnerable to SQL
Injection v ...)
@@ -101,9 +101,9 @@ CVE-2024-44632 (PHPGurukul Student Record System 3.20 is
vulnerable to SQL Injec
CVE-2024-44630 (Multiple parameters in register.php in PHPGurukul Student
Record Syste ...)
NOT-FOR-US: PHPGurukul
CVE-2024-42749 (Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows
a local ...)
- TODO: check
+ NOT-FOR-US: Alto CMS
CVE-2024-21635 (Memos is a privacy-first, lightweight note-taking service that
uses Ac ...)
- TODO: check
+ NOT-FOR-US: Memos
CVE-2025-9479 (Out of bounds read in V8 in Google Chrome prior to
133.0.6943.141 allo ...)
{DSA-5875-1}
- chromium 133.0.6943.141-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44b000b613215f7e5b6649e698515d8568d7e79f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44b000b613215f7e5b6649e698515d8568d7e79f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
