Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9282c947 by Salvatore Bonaccorso at 2025-12-05T09:17:57+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
CVE-2025-6946 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WatchGuard
CVE-2025-66576 (Remote Keyboard Desktop 1.0.1 enables remote attackers to
execute syst ...)
- TODO: check
+ NOT-FOR-US: Remote Keyboard Desktop
CVE-2025-66575 (VeeVPN 1.6.1 contains an unquoted service path vulnerability
in the Ve ...)
- TODO: check
+ NOT-FOR-US: VeeVPN
CVE-2025-66574 (TranzAxis 3.2.41.10.26 allows authenticated users to inject
cross-site ...)
- TODO: check
+ NOT-FOR-US: TranzAxis
CVE-2025-66573 (Solstice Pod API (version 5.5, 6.2) contains an
unauthenticated API en ...)
- TODO: check
+ NOT-FOR-US: Solstice Pod API
CVE-2025-66572 (Loaded Commerce 6.6 contains a client-side template injection
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Loaded Commerce
CVE-2025-66571 (UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object
injection ...)
- TODO: check
+ NOT-FOR-US: UNA CMS
CVE-2025-66564 (Sigstore Timestamp Authority is a service for issuing RFC 3161
timesta ...)
TODO: check
CVE-2025-66563 (Monkeytype is a minimalistic and customizable typing test. In
25.49.0 ...)
- TODO: check
+ NOT-FOR-US: Monkeytype
CVE-2025-66561 (SysReptor is a fully customizable pentest reporting platform.
Prior to ...)
- TODO: check
+ NOT-FOR-US: SysReptor
CVE-2025-66559 (Taiko Alethia is an Ethereum-equivalent, permissionless, based
rollup ...)
- TODO: check
+ NOT-FOR-US: Taiko Alethia
CVE-2025-66555 (AirKeyboard iOS App 1.0.5 contains a missing authentication
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: AirKeyboard iOS App
CVE-2025-66544
REJECTED
CVE-2025-66543
@@ -41,21 +41,21 @@ CVE-2025-66537
CVE-2025-66536
REJECTED
CVE-2025-66509 (LaraDashboard is an all-In-one solution to start a Laravel
Application ...)
- TODO: check
+ NOT-FOR-US: LaraDashboard
CVE-2025-66506 (Fulcio is a free-to-use certificate authority for issuing code
signing ...)
TODO: check
CVE-2025-66479 (Anthropic Sandbox Runtime is a lightweight sandboxing tool for
enforci ...)
- TODO: check
+ NOT-FOR-US: Anthropic Sandbox Runtime
CVE-2025-66238 (DCIM dcTrack allows an attacker to misuse certain remote
access featur ...)
TODO: check
CVE-2025-66237 (DCIM dcTrack platforms utilize default and hard-coded
credentials for ...)
TODO: check
CVE-2025-65959 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2025-65900 (Kalmia CMS version 0.2.0 contains an Incorrect Access Control
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Kalmia CMS
CVE-2025-65899 (Kalmia CMS version 0.2.0 contains a user enumeration
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Kalmia CMS
CVE-2025-63896 (An issue in the Bluetooth Human Interface Device (HID) of JXL
9 Inch C ...)
TODO: check
CVE-2025-62223 (User interface (ui) misrepresentation of critical information
in Micro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9282c947cc05877f985f89eeb1ae462dd6ce1f75
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9282c947cc05877f985f89eeb1ae462dd6ce1f75
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
