Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
080841a2 by security tracker role at 2025-12-04T20:13:47+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-9127 (A vulnerability exists in PX Enterprise whereby sensitive
information ...)
- TODO: check
+ NOT-FOR-US: Pure Storage
CVE-2025-8074 (Origin validation error vulnerability in BeeDrive in Synology
BeeDrive ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-66516 (Critical XXE in Apache Tika tika-core (1.13-3.2.1),
tika-pdf-module (2 ...)
TODO: check
CVE-2025-66373 (Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has
a chunke ...)
@@ -55,11 +55,11 @@ CVE-2025-54304 (An issue was discovered on Thermo Fisher
Ion Torrent OneTouch 2
CVE-2025-54303 (The Thermo Fisher Torrent Suite Django application 5.18.1 has
weak def ...)
TODO: check
CVE-2025-54160 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-54159 (Missing authorization vulnerability in BeeDrive in Synology
BeeDrive f ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-54158 (Missing authentication for critical function vulnerability in
BeeDrive ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-53963 (An issue was discovered on Thermo Fisher Ion Torrent OneTouch
2 INS100 ...)
TODO: check
CVE-2025-41080 (A stored Cross-Site Scripting (XSS) vulnerability has been
found in Se ...)
@@ -67,15 +67,15 @@ CVE-2025-41080 (A stored Cross-Site Scripting (XSS)
vulnerability has been found
CVE-2025-41079 (A stored Cross-Site Scripting (XSS) vulnerability has been
found in Se ...)
TODO: check
CVE-2025-2848 (A vulnerability in Synology Mail Server allows remote
authenticated at ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-29846 (A vulnerability in portenable cgi allows remote authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-29845 (A vulnerability in VideoPlayer2 subtitle cgi allows remote
authenticat ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-29844 (A vulnerability in FileStation file cgi allows remote
authenticated us ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-29843 (A vulnerability in FileStation thumb cgi allows remote
authenticated u ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-29269 (ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS
command inje ...)
TODO: check
CVE-2025-29268 (ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded
credential ...)
@@ -105,17 +105,17 @@ CVE-2025-14005 (A weakness has been identified in dayrui
XunRuiCMS up to 4.7.1.
CVE-2025-14004 (A security flaw has been discovered in dayrui XunRuiCMS up to
4.7.1. A ...)
TODO: check
CVE-2025-13488 (Due to a regression introduced in version 3.83.0, a security
header is ...)
- TODO: check
+ NOT-FOR-US: Sonatype
CVE-2025-12097 (There is a relative path traversal vulnerability in the NI
System Web ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2025-11222 (Central Dogma versions before 0.78.0 contain an Open Redirect
vulnerab ...)
TODO: check
CVE-2024-5401 (Improper control of dynamically-managed code resources
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-45539 (Out-of-bounds write vulnerability in cgi components in
Synology DiskSt ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-45538 (Cross-Site Request Forgery (CSRF) vulnerability in WebAPI
Framework in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-40266 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 6.17.10-1
NOTE:
https://git.kernel.org/linus/103e17aac09cdd358133f9e00998b75d6c1f1518 (6.18-rc6)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080841a2698c7e34577d1d856746fdcbbe22b655
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080841a2698c7e34577d1d856746fdcbbe22b655
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
