Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36f2aa63 by Salvatore Bonaccorso at 2025-12-11T09:46:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2025-8405 (GitLab has remediated a security issue in
GitLab CE/EE affecting
CVE-2025-67738 (squid/cachemgr.cgi in Webmin before 2.600 does not properly
quote argu ...)
- webmin <removed>
CVE-2025-67720 (Pyrofork is a modern, asynchronous MTProto API framework.
Versions 2.3 ...)
- TODO: check
+ NOT-FOR-US: Pyrofork
CVE-2025-67719 (Ibexa is a composable end-to-end DXP (Digital Experience
Platform). Ve ...)
- TODO: check
+ NOT-FOR-US: Ibexa
CVE-2025-67718 (Form.io is a combined Form and API platform for Serverless
application ...)
- TODO: check
+ NOT-FOR-US: Form.io
CVE-2025-67717 (ZITADEL is an open-source identity infrastructure tool.
Versions 2.44. ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2025-67716 (The Auth0 Next.js SDK is a library for implementing user
authenticatio ...)
NOT-FOR-US: Next.js
CVE-2025-67713 (Miniflux 2 is an open source feed reader. Versions 2.2.14 and
below tr ...)
@@ -37,25 +37,25 @@ CVE-2025-67687
CVE-2025-67686
REJECTED
CVE-2025-67648 (Shopware is an open commerce platform. Versions 6.4.6.0
through 6.6.10 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2025-67646 (TableProgressTracking is a MediaWiki extension to track
progress again ...)
TODO: check
CVE-2025-67644 (LangGraph SQLite Checkpoint is an implementation of LangGraph
Checkpoi ...)
- TODO: check
+ NOT-FOR-US: LangGraph SQLite Checkpoint
CVE-2025-67514
REJECTED
CVE-2025-67513 (FreePBX Endpoint Manager is a module for managing telephony
endpoints ...)
- TODO: check
+ NOT-FOR-US: FreePBX Endpoint Manager
CVE-2025-67512
REJECTED
CVE-2025-67511 (Cybersecurity AI (CAI) is an open-source framework for
building and de ...)
- TODO: check
+ NOT-FOR-US: Cybersecurity AI (CAI)
CVE-2025-67510 (Neuron is a PHP framework for creating and orchestrating AI
Agents. In ...)
- TODO: check
+ NOT-FOR-US: Neuron AI
CVE-2025-67509 (Neuron is a PHP framework for creating and orchestrating AI
Agents. Ve ...)
- TODO: check
+ NOT-FOR-US: Neuron AI
CVE-2025-67505 (Okta Java Management SDK facilitates interactions with the
Okta manage ...)
- TODO: check
+ NOT-FOR-US: Okta Java Management SDK
CVE-2025-67490 (The Auth0 Next.js SDK is a library for implementing user
authenticatio ...)
NOT-FOR-US: Next.js
CVE-2025-67461 (External control of file name or path in Zoom Rooms for macOS
before v ...)
@@ -71,55 +71,55 @@ CVE-2025-66473 (XWiki is an open-source wiki software
platform. Versions 16.10.1
CVE-2025-66472 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2025-66033 (Okta Java Management SDK facilitates interactions with the
Okta manage ...)
- TODO: check
+ NOT-FOR-US: Okta Java Management SDK
CVE-2025-65950 (WBCE CMS is a content management system. In versions 1.6.4 and
below, ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2025-65832 (The mobile application insecurely handles information stored
within me ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65831 (The application uses an insecure hashing algorithm (MD5) to
hash passw ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65830 (Due to a lack of certificate validation, all traffic from the
mobile a ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65829 (The ESP32 system on a chip (SoC) that powers the Meatmeet
basestation ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65828 (An unauthenticated attacker within proximity of the Meatmeet
device ca ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65827 (The mobile application is configured to allow clear text
traffic to al ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65826 (The mobile application was found to contain stored credentials
for the ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65825 (The firmware on the basestation of the Meatmeet is not
encrypted. An a ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65824 (An unauthenticated attacker within proximity of the Meatmeet
device ca ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65823 (The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi
credenti ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65822 (The ESP32 system on a chip (SoC) that powers the Meatmeet Pro
was foun ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65821 (As UART download mode is still enabled on the ESP32 chip on
which the ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65820 (An issue was discovered in Meatmeet Android Mobile Application
1.1.2.0 ...)
- TODO: check
+ NOT-FOR-US: Meatmeet
CVE-2025-65512 (A Server-Side Request Forgery (SSRF) vulnerability was
discovered in t ...)
- TODO: check
+ NOT-FOR-US: markdownify-mcp
CVE-2025-65297 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2
4.3.6_002 ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65296 (NULL-pointer dereference vulnerabilities in Aqara Hub M2
4.3.6_0027, H ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65295 (Multiple vulnerabilities in Aqara Hub firmware update process
in the C ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65294 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2
4.3.6_002 ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65293 (Command injection vulnerabilities in Aqara Camera Hub G3
4.1.9_0027 al ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65292 (Command injection vulnerability in Aqara Hub devices including
Camera ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65291 (Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3
4.3.6_0025, Came ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-65290 (Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2
4.3.6_002 ...)
- TODO: check
+ NOT-FOR-US: Aqara Hub devices
CVE-2025-62181 (Pega Platform versions 7.1.0 through Infinity 25.1.0 are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-4097 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
CVE-2025-24857 (Improper access control for volatile memory containing boot
code in Un ...)
@@ -127,7 +127,7 @@ CVE-2025-24857 (Improper access control for volatile memory
containing boot code
CVE-2025-14512 (A flaw was found in glib. This vulnerability allows a heap
buffer over ...)
TODO: check
CVE-2025-14485 (A weakness has been identified in EFM ipTIME A3004T 14.19.0.
This vuln ...)
- TODO: check
+ NOT-FOR-US: EFM ipTIME A3004T
CVE-2025-14157 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
CVE-2025-13978 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -155,61 +155,61 @@ CVE-2025-11247 (GitLab has remediated an issue in GitLab
EE affecting all versio
CVE-2025-10163 (The List category posts plugin for WordPress is vulnerable to
time-bas ...)
NOT-FOR-US: WordPress plugin
CVE-2024-58285 (Chyrp 2.5.2 contains a stored cross-site scripting
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Chyrp
CVE-2024-58284 (PopojiCMS 2.0.1 contains an authenticated remote command
execution vul ...)
- TODO: check
+ NOT-FOR-US: PopojiCMS
CVE-2024-58283 (WBCE CMS version 1.6.2 contains a remote code execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2024-58282 (Serendipity 2.5.0 contains a remote code execution
vulnerability that ...)
TODO: check
CVE-2024-58281 (Dotclear 2.29 contains a remote code execution vulnerability
that allo ...)
TODO: check
CVE-2024-58280 (CMSimple 5.15 contains a remote command execution
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2024-58279 (appRain CMF 4.0.5 contains an authenticated remote code
execution vuln ...)
- TODO: check
+ NOT-FOR-US: appRain CMF
CVE-2023-53776 (Screen SFT DAB 1.9.3 contains an authentication bypass
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB
CVE-2023-53775 (Screen SFT DAB 1.9.3 contains an authentication bypass
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB
CVE-2023-53741 (Screen SFT DAB 1.9.3 contains a weak session management
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB
CVE-2023-53740 (Screen SFT DAB 1.9.3 contains an authentication bypass
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Screen SFT DAB
CVE-2020-36902 (UBICOD Medivision Digital Signage 1.5.1 contains an
authorization bypa ...)
- TODO: check
+ NOT-FOR-US: UBICOD Medivision Digital Signage
CVE-2020-36901 (UBICOD Medivision Digital Signage 1.5.1 contains a cross-site
request ...)
- TODO: check
+ NOT-FOR-US: UBICOD Medivision Digital Signage
CVE-2020-36900 (All-Dynamics Digital Signage System 2.0.2 contains a
cross-site reques ...)
- TODO: check
+ NOT-FOR-US: All-Dynamics Digital Signage System
CVE-2020-36899 (QiHang Media Web Digital Signage 3.0.9 contains an
unauthenticated fil ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36898 (QiHang Media Web Digital Signage 3.0.9 contains an
unauthenticated fil ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36897 (QiHang Media Web Digital Signage 3.0.9 contains an
unauthenticated rem ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36896 (QiHang Media Web Digital Signage 3.0.9 contains a cleartext
credential ...)
- TODO: check
+ NOT-FOR-US: QiHang Media Web Digital Signage
CVE-2020-36895 (EIBIZ i-Media Server Digital Signage 3.8.0 contains an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: EIBIZ i-Media Server Digital Signage
CVE-2020-36894 (Eibiz i-Media Server Digital Signage 3.8.0 contains an
authentication ...)
- TODO: check
+ NOT-FOR-US: Eibiz i-Media Server Digital Signage
CVE-2020-36893 (Eibiz i-Media Server Digital Signage 3.8.0 contains a
directory traver ...)
- TODO: check
+ NOT-FOR-US: Eibiz i-Media Server Digital Signage
CVE-2020-36892 (Eibiz i-Media Server Digital Signage 3.8.0 contains an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Eibiz i-Media Server Digital Signage
CVE-2020-36888 (SpinetiX Fusion Digital Signage 3.4.8 contains a username
enumeration ...)
- TODO: check
+ NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2020-36887 (SpinetiX Fusion Digital Signage 3.4.8 contains an
unauthenticated info ...)
- TODO: check
+ NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2020-36886 (SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site
request fo ...)
- TODO: check
+ NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2020-36885 (Sony IPELA Network Camera 1.82.01 contains a stack buffer
overflow vul ...)
- TODO: check
+ NOT-FOR-US: Sony IPELA Network Camera
CVE-2020-36884 (BrightSign Digital Signage Diagnostic Web Server 8.2.26 and
less conta ...)
- TODO: check
+ NOT-FOR-US: BrightSign Digital Signage Diagnostic Web Server
CVE-2020-36883 (SpinetiX Fusion Digital Signage 3.4.8 and lower contains an
authentica ...)
- TODO: check
+ NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2025-14083
- keycloak <itp> (bug #1088287)
CVE-2025-13327
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f2aa634f9bec4ae4c83d775a96a04a629cf8a2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f2aa634f9bec4ae4c83d775a96a04a629cf8a2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
