Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
133c616e by Salvatore Bonaccorso at 2025-12-02T22:48:17+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -149,9 +149,9 @@ CVE-2025-13871 (Cross-Site Request Forgery (CSRF) in the
resource-management fea
CVE-2025-13870 (Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail
to vali ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-13828 (SummaryA non privileged user can install and remove arbitrary
packages ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2025-13827 (Summary Arbitrary files can be uploaded via the GrapesJS
Builder, as t ...)
- TODO: check
+ NOT-FOR-US: GrapesJS Builder
CVE-2025-13731 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin
for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13724 (The VikRentCar Car Rental Management System plugin for
WordPress is vu ...)
@@ -161,7 +161,7 @@ CVE-2025-13721 (Race in v8 in Google Chrome prior to
143.0.7499.41 allowed a rem
CVE-2025-13720 (Bad cast in Loader in Google Chrome prior to 143.0.7499.41
allowed a r ...)
TODO: check
CVE-2025-13658 (A vulnerability in Longwatch devices allows unauthenticated
HTTP GET r ...)
- TODO: check
+ NOT-FOR-US: Industrial Video & Control
CVE-2025-13640 (Inappropriate implementation in Passwords in Google Chrome
prior to 14 ...)
TODO: check
CVE-2025-13639 (Inappropriate implementation in WebRTC in Google Chrome prior
to 143.0 ...)
@@ -191,45 +191,45 @@ CVE-2025-13534 (The ELEX WordPress HelpDesk & Customer
Ticketing System plugin f
CVE-2025-13516 (The SureMail \u2013 SMTP and Email Logs Plugin for WordPress
is vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13510 (The Iskra iHUB and iHUB Lite smart metering gateway exposes
its web ma ...)
- TODO: check
+ NOT-FOR-US: Iskra iHUB and iHUB Lite smart metering gateway
CVE-2025-13505 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Datactive
CVE-2025-13353 (In gokey versions <0.2.0, a flaw in the seed decryption logic
resulte ...)
TODO: check
CVE-2025-13295 (Insertion of Sensitive Information Into Sent Data
vulnerability in Arg ...)
- TODO: check
+ NOT-FOR-US: BILGER
CVE-2025-13090 (The WP Directory Kit plugin for WordPress is vulnerable to SQL
Injecti ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12630 (The Upload.am WordPress plugin before 1.0.1 is vulnerable to
arbitrar ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12465 (A Blind SQL injection vulnerability has been identified in
QuickCMS. I ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-11789 (Out-of-bounds read vulnerability in Circutor
SGE-PLC1000/SGE-PLC50 v9. ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11788 (Heap-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE-P ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11787 (Command injection vulnerability in the operating system in
Circutor SG ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11786 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11785 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11784 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11783 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11782 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11781 (Use of hardcoded cryptographic keys in Circutor
SGE-PLC1000/SGE-PLC50 ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11780 (Stack-based buffer overflow vulnerability in Circutor
SGE-PLC1000/SGE- ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11779 (Stack-based buffer overflow vulnerability in
CircutorSGE-PLC1000/SGE-P ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-11778 (Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50
v0.9.2. ...)
- TODO: check
+ NOT-FOR-US: Circutor
CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang)
versions <=1.5 ...)
- TODO: check
+ NOT-FOR-US: Eclipse Paho Go MQTT
CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
- python-django <unfixed> (bug #1121788)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
@@ -337,7 +337,7 @@ CVE-2025-58044 (JumpServer is an open source bastion host
and an operation and m
CVE-2025-55749 (XWiki is an open-source wiki software platform. From 16.7.0 to
16.10.1 ...)
NOT-FOR-US: XWiki
CVE-2025-55129 (HackerOne community member Kassem S.(kassem_s94) has reported
that use ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2025-21080 (Improper export of android application components in Dynamic
Lockscree ...)
NOT-FOR-US: Samsung Mobile
CVE-2025-21072 (Out-of-bounds write in decoding metadata in fingerprint
trustlet prior ...)
@@ -427,7 +427,7 @@ CVE-2025-12483 (The Visualizer: Tables and Charts Manager
for WordPress plugin f
CVE-2025-11726 (The Beaver Builder \u2013 WordPress Page Builder plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10971 (Insecure Storage of Sensitive Information vulnerability in
MeetMe on i ...)
- TODO: check
+ NOT-FOR-US: MeetMe
CVE-2024-51999
REJECTED
TODO: check
@@ -509,17 +509,17 @@ CVE-2025-58408 (Software installed and run as a
non-privileged user may conduct
CVE-2025-57489 (Incorrect access control in the SDAgent component of Shirt
Pocket Supe ...)
NOT-FOR-US: Shirt Pocket's SuperDuper!
CVE-2025-55222 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-55221 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-54851 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-54850 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-54849 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-54848 (A denial of service vulnerability exists in the Modbus TCP and
Modbus ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-51683 (A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2
allows ...)
NOT-FOR-US: mJobtime
CVE-2025-51682 (mJobtime 15.7.2 handles authorization on the client side,
which allows ...)
@@ -545,11 +545,11 @@ CVE-2025-2879 (Exposure of Sensitive Information to an
Unauthorized Actor vulner
CVE-2025-27232 (An authenticated Zabbix Super Admin can exploit the
oauth.authorize ac ...)
TODO: check
CVE-2025-26858 (A buffer overflow vulnerability exists in the Modbus TCP
functionality ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-23417 (A denial of service vulnerability exists in the Modbus RTU
over TCP fu ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-20085 (A denial of service vulnerability exists in the Modbus RTU
over TCP fu ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2025-13837 (When loading a plist file, the plistlib module reads data in
size spec ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
@@ -598,7 +598,7 @@ CVE-2024-56089 (An issue in Technitium through v13.2.2
enables attackers to cond
CVE-2024-53684 (A cross-site request forgery (csrf) vulnerability exists in
the WEBVIE ...)
NOT-FOR-US: Socomec DIRIS Digiware M-70
CVE-2024-49572 (A denial of service vulnerability exists in the Modbus TCP
functionali ...)
- TODO: check
+ NOT-FOR-US: Socomec
CVE-2024-48894 (A cleartext transmission vulnerability exists in the WEBVIEW-M
functio ...)
NOT-FOR-US: Socomec DIRIS Digiware M-70
CVE-2024-48882 (A denial of service vulnerability exists in the Modbus TCP
functionali ...)
@@ -606,11 +606,11 @@ CVE-2024-48882 (A denial of service vulnerability exists
in the Modbus TCP funct
CVE-2024-45370 (An authentication bypass vulnerability exists in the User
profile mana ...)
NOT-FOR-US: Socomec Easy Config System
CVE-2024-39148 (The service wmp-agent of KerOS prior 5.12 does not properly
validate s ...)
- TODO: check
+ NOT-FOR-US: service wmp-agent of KerOS
CVE-2024-32388 (Due to a firewall misconfiguration, Kerlink devices running
KerOS prio ...)
- TODO: check
+ NOT-FOR-US: KerOS
CVE-2024-32384 (Kerlink gateways running KerOS prior to version 5.10 expose
their web ...)
- TODO: check
+ NOT-FOR-US: KerOS
CVE-2025-64772 (The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an
issue wit ...)
NOT-FOR-US: INZONE Hub
CVE-2025-61619 (In nr modem, there is a possible system crash due to improper
input va ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133c616e9462b823c9e07428eff8e0ec7c5ee797
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133c616e9462b823c9e07428eff8e0ec7c5ee797
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
