Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1a75b1a by Salvatore Bonaccorso at 2025-12-04T21:44:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6,35 +6,35 @@ CVE-2025-66516 (Critical XXE in Apache Tika tika-core
(1.13-3.2.1), tika-pdf-mod
- tika <unfixed>
NOTE: https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
CVE-2025-66373 (Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has
a chunke ...)
- TODO: check
+ NOT-FOR-US: Akamai
CVE-2025-65958 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2025-65945 (auth0/node-jws is a JSON Web Signature implementation for
Node.js. In ...)
- TODO: check
+ NOT-FOR-US: auth0 node-jws
CVE-2025-65883 (A vulnerability has been identified in Genexis Platinum P4410
router ( ...)
- TODO: check
+ NOT-FOR-US: Genexis router
CVE-2025-65806 (The E-POINT CMS eagle.gsam-1169.1 file upload feature
improperly handl ...)
- TODO: check
+ NOT-FOR-US: E-POINT CMS
CVE-2025-65637 (A denial-of-service vulnerability exists in
github.com/sirupsen/logrus ...)
TODO: check
CVE-2025-65516 (A stored cross-site scripting (XSS) vulnerability was
discovered in Se ...)
TODO: check
CVE-2025-65346 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable
to Direct ...)
- TODO: check
+ NOT-FOR-US: alexusmai laravel-file-manager
CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control.
The API ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS)
via the ...)
TODO: check
CVE-2025-63364 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi
Gateway F ...)
- TODO: check
+ NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to
Ethernet/Wi-Fi Gateway Firmware
CVE-2025-63363 (A lack of Management Frame Protection in Waveshare RS232/485
TO WIFI E ...)
- TODO: check
+ NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to
Ethernet/Wi-Fi Gateway Firmware
CVE-2025-63362 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi
Gateway F ...)
- TODO: check
+ NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to
Ethernet/Wi-Fi Gateway Firmware
CVE-2025-63361 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi
Gateway F ...)
- TODO: check
+ NOT-FOR-US: Waveshare RS232/485 TO WIFI ETH (B) Serial to
Ethernet/Wi-Fi Gateway Firmware
CVE-2025-61148 (An Insecure Direct Object Reference (IDOR) vulnerability in
the Eduplu ...)
- TODO: check
+ NOT-FOR-US: EduplusCampus
CVE-2025-59788 (Cross-site scripting (XSS) vulnerability in a reachable
files_pdfviewe ...)
TODO: check
CVE-2025-57213 (Incorrect access control in the component
orderService.queryObject of ...)
@@ -44,7 +44,7 @@ CVE-2025-57212 (Incorrect access control in the component
ApiOrderService.java o
CVE-2025-57210 (Incorrect access control in the component
ApiPayController.java of pla ...)
TODO: check
CVE-2025-56427 (Directory Traversal vulnerability in ComposioHQ v.0.7.20
allows a remo ...)
- TODO: check
+ NOT-FOR-US: ComposioHQ
CVE-2025-54307 (An issue was discovered in the Thermo Fisher Torrent Suite
Django appl ...)
TODO: check
CVE-2025-54306 (An issue was discovered in the Thermo Fisher Torrent Suite
Django appl ...)
@@ -78,33 +78,33 @@ CVE-2025-29844 (A vulnerability in FileStation file cgi
allows remote authentica
CVE-2025-29843 (A vulnerability in FileStation thumb cgi allows remote
authenticated u ...)
NOT-FOR-US: Synology
CVE-2025-29269 (ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS
command inje ...)
- TODO: check
+ NOT-FOR-US: ALLNET ALL-RUT22GW
CVE-2025-29268 (ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded
credential ...)
- TODO: check
+ NOT-FOR-US: ALLNET ALL-RUT22GW
CVE-2025-14024
REJECTED
CVE-2025-14016 (A security vulnerability has been detected in macrozheng
mall-swarm up ...)
- TODO: check
+ NOT-FOR-US: macrozheng mall-swarm
CVE-2025-14015 (A weakness has been identified in H3C Magic B0 up to 100R002.
This imp ...)
- TODO: check
+ NOT-FOR-US: H3C Magic B0
CVE-2025-14013 (A vulnerability was identified in JIZHICMS up to 2.5.5. The
impacted e ...)
- TODO: check
+ NOT-FOR-US: JIZHICMS
CVE-2025-14012 (A vulnerability was determined in JIZHICMS up to 2.5.5. The
affected e ...)
- TODO: check
+ NOT-FOR-US: JIZHICMS
CVE-2025-14011 (A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is
the fun ...)
- TODO: check
+ NOT-FOR-US: JIZHICMS
CVE-2025-14010 (A flaw was found in ansible-collection-community-general. This
vulnera ...)
TODO: check
CVE-2025-14008 (A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2025-14007 (A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1.
This aff ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2025-14006 (A security vulnerability has been detected in dayrui XunRuiCMS
up to 4 ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2025-14005 (A weakness has been identified in dayrui XunRuiCMS up to
4.7.1. Affect ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2025-14004 (A security flaw has been discovered in dayrui XunRuiCMS up to
4.7.1. A ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2025-13488 (Due to a regression introduced in version 3.83.0, a security
header is ...)
NOT-FOR-US: Sonatype
CVE-2025-12097 (There is a relative path traversal vulnerability in the NI
System Web ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1a75b1a8747e6dba152079b44faa5d6ccbd8f00
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1a75b1a8747e6dba152079b44faa5d6ccbd8f00
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
