Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c2a2230 by Salvatore Bonaccorso at 2025-12-02T22:30:49+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -77,75 +77,75 @@ CVE-2025-60854 (A vulnerability has been found in D-Link
R15 (AX1500) 1.20.01 an
CVE-2025-60736 (code-projects Online Medicine Guide 1.0 is vulnerable to SQL
Injection ...)
NOT-FOR-US: code-projects Online Medicine Guide
CVE-2025-59705 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59704 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59703 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59702 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59701 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59700 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59699 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59698 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59697 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59696 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59695 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59694 (The Chassis Management Board in Entrust nShield Connect XC,
nShield 5c ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-59693 (The Chassis Management Board in Entrust nShield Connect XC,
nShield 5c ...)
- TODO: check
+ NOT-FOR-US: Entrust
CVE-2025-58386 (In Terminalfour 8 through 8.4.1.1, the userLevel parameter in
the user ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2025-58113 (An out-of-bounds read vulnerability exists in the EMF
functionality of ...)
NOT-FOR-US: PDF-XChange
CVE-2025-57850 (A container privilege escalation flaw was found in certain
CodeReady W ...)
- TODO: check
+ NOT-FOR-US: CodeReady Workspaces images
CVE-2025-52622 (The BigFix SaaS's HTTP responses were missing some security
headers. T ...)
NOT-FOR-US: HCL
CVE-2025-41744 (Sprecher Automations SPRECON-E seriesuses default
cryptographic keys t ...)
- TODO: check
+ NOT-FOR-US: Sprecher Automation
CVE-2025-41743 (Insufficient encryption strength in Sprecher Automation
SPRECON-E-C, S ...)
- TODO: check
+ NOT-FOR-US: Sprecher Automation
CVE-2025-41742 (Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Sprecher Automation
CVE-2025-41086 (Vulnerability in the access control system of the GAMS
licensing syste ...)
- TODO: check
+ NOT-FOR-US: GAMS licensing system
CVE-2025-41066 (Horde Groupware v5.2.22 has a user enumeration vulnerability
that allo ...)
TODO: check
CVE-2025-41015 (User Enumeration Vulnerability in TCMAN GIM v11 version
20250304. This ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2025-41014 (User Enumeration Vulnerability in TCMAN GIM v11 version
20250304. This ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2025-41013 (SQL injection vulnerability in TCMAN GIM v11 in version
20250304. This ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2025-41012 (Unauthorized access vulnerability in TCMAN GIM v11 version
20250304. T ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2025-40700 (Reflected Cross-Site Scripting (XSS) in IDI Eikon's
Governalia. The vu ...)
- TODO: check
+ NOT-FOR-US: IDI Eikon's Governalia
CVE-2025-34352 (JumpCloud Remote Assist for Windows versions prior to 0.317.0
include ...)
- TODO: check
+ NOT-FOR-US: JumpCloud Remote Assist for Windows
CVE-2025-13879 (Directory traversal vulnerability in SOLIDserver IPAM v8.2.3.
This vul ...)
- TODO: check
+ NOT-FOR-US: SOLIDserver IPAM
CVE-2025-13877 (A vulnerability was detected in nocobase up to
1.9.4/2.0.0-alpha.37. T ...)
- TODO: check
+ NOT-FOR-US: nocobase
CVE-2025-13876 (A security vulnerability has been detected in Rareprob HD
Video Player ...)
- TODO: check
+ NOT-FOR-US: Rareprob HD Video Player All Formats App
CVE-2025-13875 (A weakness has been identified in Yohann0617 oci-helper up to
3.2.4. T ...)
- TODO: check
+ NOT-FOR-US: Yohann0617 oci-helper
CVE-2025-13873 (Stored Cross-Site Scripting (XSS) in the survey-import feature
of Obje ...)
- TODO: check
+ NOT-FOR-US: ObjectPlanet Opinio
CVE-2025-13872 (Blind Server-Side Request Forgery (SSRF) in the survey-import
feature ...)
- TODO: check
+ NOT-FOR-US: ObjectPlanet Opinio
CVE-2025-13871 (Cross-Site Request Forgery (CSRF) in the resource-management
feature o ...)
- TODO: check
+ NOT-FOR-US: ObjectPlanet Opinio
CVE-2025-13870 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail
to vali ...)
TODO: check
CVE-2025-13828 (SummaryA non privileged user can install and remove arbitrary
packages ...)
@@ -241,7 +241,7 @@ CVE-2025-13372 (An issue was discovered in 5.2 before
5.2.9, 5.1 before 5.1.15,
CVE-2025-66448 (vLLM is an inference and serving engine for large language
models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current
HTTP req ...)
- TODO: check
+ NOT-FOR-US: fastify-reply-from Fastify plugin
CVE-2025-66412 (Angular is a development platform for building mobile and
desktop web ...)
TODO: check
CVE-2025-66410 (Gin-vue-admin is a backstage management system based on vue
and gin. I ...)
@@ -295,9 +295,9 @@ CVE-2025-66295 (Grav is a file-based Web platform. Prior to
1.8.0-beta.27, when
CVE-2025-66294 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a
Server-Si ...)
NOT-FOR-US: Grav CMS
CVE-2025-66206 (Frappe is a full-stack web application framework. Prior to
15.86.0 and ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2025-66205 (Frappe is a full-stack web application framework. Prior to
15.86.0 and ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2025-65840 (PublicCMS V5.202506.b is vulnerable to Cross Site Request
Forgery (CSR ...)
NOT-FOR-US: PublicCMS
CVE-2025-65622 (Snipe-IT before 8.3.4 allows stored XSS via the Locations
"Country" fi ...)
@@ -333,7 +333,7 @@ CVE-2025-58476 (Out-of-bounds read vulnerability in
bootloader prior to SMR Dec-
CVE-2025-58475 (Improper input validation in libsec-ril.so prior to SMR
Dec-2025 Relea ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-58044 (JumpServer is an open source bastion host and an operation and
mainten ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2025-55749 (XWiki is an open-source wiki software platform. From 16.7.0 to
16.10.1 ...)
NOT-FOR-US: XWiki
CVE-2025-55129 (HackerOne community member Kassem S.(kassem_s94) has reported
that use ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2a2230fa318afde0d489633aa94f060bc93590
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2a2230fa318afde0d489633aa94f060bc93590
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
