Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
342b54b9 by Salvatore Bonaccorso at 2025-12-01T21:42:42+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in
Avast ...)
NOT-FOR-US: Avast Antivirus on MacOS
CVE-2025-8045 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel
Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: ARM
CVE-2025-7007 (NULL Pointer Dereference vulnerability in Avast Antivirus on
MacOS, Av ...)
NOT-FOR-US: Avast Antivirus on MacOS
CVE-2025-6349 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel
Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: ARM
CVE-2025-65838 (PublicCMS V5.202506.b is vulnerable to path traversal via the
doUpload ...)
NOT-FOR-US: PublicCMS
CVE-2025-65836 (PublicCMS V5.202506.b is vulnerable to SSRF. in the chat
interface of ...)
@@ -57,21 +57,21 @@ CVE-2025-63522 (Reverse Tabnabbing vulnerability in
FeehiCMS 2.1.1 in the Commen
CVE-2025-63520 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via
the id ...)
NOT-FOR-US: FeehiCMS
CVE-2025-63365 (SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory
Traversal. ...)
- TODO: check
+ NOT-FOR-US: SoftSea EPUB File Reader
CVE-2025-63317 (Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in
/api/v1/u ...)
- TODO: check
+ NOT-FOR-US: Todoist
CVE-2025-63095 (Improper input validation in the BitstreamWriter::write_bits()
functio ...)
- TODO: check
+ NOT-FOR-US: Tempus Ex hello-video-codec
CVE-2025-61229 (An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow
a local ...)
- TODO: check
+ NOT-FOR-US: Shirt Pocket's SuperDuper!
CVE-2025-61228 (An issue in Shirt Pocket SuperDuper! V.3.10 and before allows
a local ...)
- TODO: check
+ NOT-FOR-US: Shirt Pocket's SuperDuper!
CVE-2025-59789 (Uncontrolled recursion in the json2pb component in Apache bRPC
(versio ...)
TODO: check
CVE-2025-58408 (Software installed and run as a non-privileged user may
conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2025-57489 (Incorrect access control in the SDAgent component of Shirt
Pocket Supe ...)
- TODO: check
+ NOT-FOR-US: Shirt Pocket's SuperDuper!
CVE-2025-55222 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
TODO: check
CVE-2025-55221 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
@@ -85,9 +85,9 @@ CVE-2025-54849 (A denial of service vulnerability exists in
the Modbus TCP and M
CVE-2025-54848 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
TODO: check
CVE-2025-51683 (A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2
allows ...)
- TODO: check
+ NOT-FOR-US: mJobtime
CVE-2025-51682 (mJobtime 15.7.2 handles authorization on the client side,
which allows ...)
- TODO: check
+ NOT-FOR-US: mJobtime
CVE-2025-49643 (An authenticated Zabbix user (including Guest) is able to
cause dispro ...)
TODO: check
CVE-2025-49642 (Library loading on AIX Zabbix Agent builds can be hijacked by
local us ...)
@@ -99,13 +99,13 @@ CVE-2025-41738 (An unauthenticated remote attacker may
cause the visualisation s
CVE-2025-41700 (An unauthenticated attacker can trick a local user into
executing arbi ...)
NOT-FOR-US: CODESYS
CVE-2025-41070 (Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's
Clicked ...)
- TODO: check
+ NOT-FOR-US: Sanoma Clickedu
CVE-2025-3500 (Integer Overflow or Wraparound vulnerability in Avast Antivirus
(25.1. ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2025-34297 (KissFFT versions prior to the fix commit 1b083165 contain an
integer o ...)
- TODO: check
+ NOT-FOR-US: KissFFT
CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: ARM
CVE-2025-27232 (An authenticated Zabbix Super Admin can exploit the
oauth.authorize ac ...)
TODO: check
CVE-2025-26858 (A buffer overflow vulnerability exists in the Modbus TCP
functionality ...)
@@ -121,39 +121,39 @@ CVE-2025-13836 (When reading an HTTP response from a
server, if no read amount i
CVE-2025-13835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-13829 (Incorrect Authorization vulnerability in Data Illusion
Zumbrunn NGSurv ...)
- TODO: check
+ NOT-FOR-US: Data Illusion Zumbrunn NGSurvey
CVE-2025-13819 (Open redirect in the web server component of MiR Robot and
Fleet softw ...)
- TODO: check
+ NOT-FOR-US: MiR Robot and Fleet software
CVE-2025-13816 (A security vulnerability has been detected in moxi159753 Mogu
Blog v2 ...)
- TODO: check
+ NOT-FOR-US: moxi159753 Mogu Blog
CVE-2025-13815 (A weakness has been identified in moxi159753 Mogu Blog v2 up
to 5.2. T ...)
- TODO: check
+ NOT-FOR-US: moxi159753 Mogu Blog
CVE-2025-13653 (In Search Guard FLX versions from 3.1.0 up to 4.0.0 with
enterprise mo ...)
- TODO: check
+ NOT-FOR-US: Search Guard FLX
CVE-2025-13296 (Cross-Site Request Forgery (CSRF) vulnerability in Tekrom
Technology I ...)
- TODO: check
+ NOT-FOR-US: T-Soft E-Commerce
CVE-2025-13129 (Improper Enforcement of Behavioral Workflow vulnerability in
Seneka So ...)
- TODO: check
+ NOT-FOR-US: Onaylarim
CVE-2025-12756 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1,
10.11.x <= 1 ...)
TODO: check
CVE-2025-11772 (A carefully crafted DLL, copied to C:\ProgramData\Synaptics
folder ...)
NOT-FOR-US: Synaptics
CVE-2025-11699 (nopCommerce v4.70 and prior, and version 4.80.3, does not
invalidate s ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-10101 (Heap-based Buffer Overflow, Out-of-bounds Write vulnerability
in Avast ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2024-56089 (An issue in Technitium through v13.2.2 enables attackers to
conduct a ...)
- TODO: check
+ NOT-FOR-US: Technitium
CVE-2024-53684 (A cross-site request forgery (csrf) vulnerability exists in
the WEBVIE ...)
- TODO: check
+ NOT-FOR-US: Socomec DIRIS Digiware M-70
CVE-2024-49572 (A denial of service vulnerability exists in the Modbus TCP
functionali ...)
TODO: check
CVE-2024-48894 (A cleartext transmission vulnerability exists in the WEBVIEW-M
functio ...)
- TODO: check
+ NOT-FOR-US: Socomec DIRIS Digiware M-70
CVE-2024-48882 (A denial of service vulnerability exists in the Modbus TCP
functionali ...)
- TODO: check
+ NOT-FOR-US: Socomec DIRIS Digiware M-70
CVE-2024-45370 (An authentication bypass vulnerability exists in the User
profile mana ...)
- TODO: check
+ NOT-FOR-US: Socomec Easy Config System
CVE-2024-39148 (The service wmp-agent of KerOS prior 5.12 does not properly
validate s ...)
TODO: check
CVE-2024-32388 (Due to a firewall misconfiguration, Kerlink devices running
KerOS prio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/342b54b910df5a27ce6cb9a3b954e2f26bb6844e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/342b54b910df5a27ce6cb9a3b954e2f26bb6844e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
