Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad6d30b3 by Salvatore Bonaccorso at 2025-12-05T22:14:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -75,25 +75,25 @@ CVE-2025-66418 (urllib3 is a user-friendly HTTP client
library for Python. Start
NOTE: https://www.openwall.com/lists/oss-security/2025/12/05/4
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53
CVE-2025-65897 (zdh_web is a data collection, processing, monitoring,
scheduling, and ...)
- TODO: check
+ NOT-FOR-US: zdh_web
CVE-2025-65879 (Warehouse Management System 1.2 contains an authenticated
arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: Warehouse Management System
CVE-2025-65878 (The warehouse management system version 1.2 contains an
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Warehouse Management System
CVE-2025-65730 (Authentication Bypass via Hardcoded Credentials GoAway up to
v0.62.18, ...)
- TODO: check
+ NOT-FOR-US: GoAway
CVE-2025-65036 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
NOT-FOR-US: XWiki
CVE-2025-64057 (Directory traversal vulnerability in Fanvil x210 V2 2.12.20
allows una ...)
- TODO: check
+ NOT-FOR-US: Fanvil x210
CVE-2025-64056 (File upload vulnerability in Fanvil x210 V2 2.12.20 allows
unauthentic ...)
- TODO: check
+ NOT-FOR-US: Fanvil x210
CVE-2025-64054 (A reflected Cross Site Scripting (XSS) vulnerability on Fanvil
x210 2. ...)
- TODO: check
+ NOT-FOR-US: Fanvil x210
CVE-2025-64053 (A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices
allows ...)
- TODO: check
+ NOT-FOR-US: Fanvil x210
CVE-2025-64052 (An issue was discovered in Fanvil x210 V2 2.12.20 allowing
unauthentic ...)
- TODO: check
+ NOT-FOR-US: Fanvil x210
CVE-2025-46603 (Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and
prior, conta ...)
NOT-FOR-US: Dell / EMC
CVE-2025-34266 (Advantech WISE-DeviceOn Server versions prior to 5.4contain a
stored c ...)
@@ -121,23 +121,23 @@ CVE-2025-34256 (Advantech WISE-DeviceOn Server versions
prior to 5.4contain a ha
CVE-2025-14104 (A flaw was found in util-linux. This vulnerability allows a
heap buffe ...)
TODO: check
CVE-2025-14094 (A flaw has been found in Edimax BR-6478AC V3 1.0.15. The
affected elem ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-14093 (A vulnerability was detected in Edimax BR-6478AC V3 1.0.15.
Impacted i ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-14092 (A security vulnerability has been detected in Edimax BR-6478AC
V3 1.0. ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-14091 (A weakness has been identified in TrippWasTaken
PHP-Guitar-Shop up to ...)
- TODO: check
+ NOT-FOR-US: TrippWasTaken PHP-Guitar-Shop
CVE-2025-14090 (A security flaw has been discovered in AMTT Hotel Broadband
Operation ...)
- TODO: check
+ NOT-FOR-US: AMTT Hotel Broadband Operation System
CVE-2025-14089 (A vulnerability was identified in Himool ERP up to 2.2.
Affected by th ...)
- TODO: check
+ NOT-FOR-US: Himool ERP
CVE-2025-14088 (A vulnerability was determined in ketr JEPaaS up to 7.2.8.
Affected by ...)
- TODO: check
+ NOT-FOR-US: ketr JEPaaS
CVE-2025-14086 (A vulnerability was found in youlaitech youlai-mall
1.0.0/2.0.0. Affec ...)
- TODO: check
+ NOT-FOR-US: youlaitech youlai-mall
CVE-2025-14085 (A vulnerability has been found in youlaitech youlai-mall
1.0.0/2.0.0. ...)
- TODO: check
+ NOT-FOR-US: youlaitech youlai-mall
CVE-2025-13739 (The CryptX plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13682 (The Trail Manager plugin for WordPress is vulnerable to Stored
Cross-S ...)
@@ -157,19 +157,19 @@ CVE-2025-12876 (The Projectopia \u2013 WordPress Project
Management plugin for W
CVE-2025-12851 (The My auctions allegro plugin for WordPress is vulnerable to
Local Fi ...)
NOT-FOR-US: WordPress plugin
CVE-2020-36882 (Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to
upload a ...)
- TODO: check
+ NOT-FOR-US: Flexsense DiskBoss
CVE-2020-36881 (Flexsense DiskBoss 7.7.14 contains a local buffer overflow
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Flexsense DiskBoss
CVE-2020-36880 (Flexsense DiskBoss 7.7.14 contains a local buffer overflow
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Flexsense DiskBoss
CVE-2020-36879 (Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to
elevate ...)
- TODO: check
+ NOT-FOR-US: Flexsense DiskBoss
CVE-2020-36878 (ReQuest Serious Play Media Player 3.0 contains an
unauthenticated file ...)
- TODO: check
+ NOT-FOR-US: ReQuest Serious Play Media Player
CVE-2020-36877 (ReQuest Serious Play F3 Media Server 7.0.3 contains an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: ReQuest Serious Play F3 Media Server
CVE-2020-36876 (ReQuest Serious Play F3 Media Server versions 7.0.3.4968
(Pro), 7.0.2. ...)
- TODO: check
+ NOT-FOR-US: ReQuest Serious Play F3 Media Server
CVE-2025-6946 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WatchGuard
CVE-2025-66576 (Remote Keyboard Desktop 1.0.1 enables remote attackers to
execute syst ...)
@@ -221,9 +221,9 @@ CVE-2025-66506 (Fulcio is a free-to-use certificate
authority for issuing code s
CVE-2025-66479 (Anthropic Sandbox Runtime is a lightweight sandboxing tool for
enforci ...)
NOT-FOR-US: Anthropic Sandbox Runtime
CVE-2025-66238 (DCIM dcTrack allows an attacker to misuse certain remote
access featur ...)
- TODO: check
+ NOT-FOR-US: Sunbird DCIM dcTrack
CVE-2025-66237 (DCIM dcTrack platforms utilize default and hard-coded
credentials for ...)
- TODO: check
+ NOT-FOR-US: Sunbird DCIM dcTrack
CVE-2025-65959 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
NOT-FOR-US: open-webui
CVE-2025-65900 (Kalmia CMS version 0.2.0 contains an Incorrect Access Control
vulnerab ...)
@@ -231,13 +231,13 @@ CVE-2025-65900 (Kalmia CMS version 0.2.0 contains an
Incorrect Access Control vu
CVE-2025-65899 (Kalmia CMS version 0.2.0 contains a user enumeration
vulnerability in ...)
NOT-FOR-US: Kalmia CMS
CVE-2025-63896 (An issue in the Bluetooth Human Interface Device (HID) of JXL
9 Inch C ...)
- TODO: check
+ NOT-FOR-US: JXL 9 Inch Car Android Double Din Player Android
CVE-2025-62223 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
CVE-2025-55948 (This vulnerability fundamentally arises from yzcheng90
X-SpringBoot 6. ...)
NOT-FOR-US: yzcheng90 X-SpringBoot
CVE-2025-53704 (The password reset mechanism for the Pivot client application
is weak, ...)
- TODO: check
+ NOT-FOR-US: MAXHUB
CVE-2025-32901 (In KDE Connect before 1.33.0 on Android, malicious device IDs
(sent vi ...)
TODO: check
CVE-2025-32900 (In the KDE Connect information-exchange protocol before
2025-04-18, a ...)
@@ -247,7 +247,7 @@ CVE-2025-32899 (In KDE Connect before 1.33.0 on Android, a
packet can be crafted
CVE-2025-27935 (The OTP Integration Kit for PingFederate fails to enforce HTTP
method ...)
NOT-FOR-US: PingFederate
CVE-2025-27389 (A flaw exists in the verification of application installation
sources ...)
- TODO: check
+ NOT-FOR-US: ColorOS
CVE-2025-1910 (The WatchGuard Mobile VPN with SSL Client on Windows allows a
locally ...)
NOT-FOR-US: WatchGuard
CVE-2025-1547 (A stack-based buffer overflow vulnerability [CWE-121] in
WatchGuard Fi ...)
@@ -379,7 +379,7 @@ CVE-2025-10285 (The web interface of the Silicon Labs
Simplicity Device Manager
CVE-2025-10055 (The Time Sheets plugin for WordPress is vulnerable to
Cross-Site Reque ...)
NOT-FOR-US: WordPress plugin
CVE-2024-58278 (perl2exe <= V30.10C contains an arbitrary code execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: perl2exe
CVE-2024-58277 (R Radio Network FM Transmitter 1.07 allows unauthenticated
attackers t ...)
NOT-FOR-US: R Radio Network FM Transmitter
CVE-2024-58276 (Obi08/Enrollment System 1.0 contains a SQL injection
vulnerability in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad6d30b3962b57cbec84dd41d02f0a508f76389a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad6d30b3962b57cbec84dd41d02f0a508f76389a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
