Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 040a7540 by Salvatore Bonaccorso at 2025-12-12T21:38:38+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,25 +1,25 @@ CVE-2025-8083 (The Preset configuration https://v2.vuetifyjs.com/en/features/presets ...) - TODO: check + NOT-FOR-US: Vuetify CVE-2025-8082 (Improper neutralization of the title date in the 'VDatePicker' compone ...) - TODO: check + NOT-FOR-US: Vuetify CVE-2025-67819 (An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack o ...) - TODO: check + NOT-FOR-US: weaviate CVE-2025-67818 (An issue was discovered in Weaviate OSS before 1.33.4. An attacker wit ...) - TODO: check + NOT-FOR-US: weaviate CVE-2025-67734 (Frappe Learning Management System (LMS) is a learning system that help ...) - TODO: check + NOT-FOR-US: Frappe Learning Management System (LMS) CVE-2025-67344 (jshERP v3.5 and earlier is affected by a stored Cross Site Scripting ( ...) - TODO: check + NOT-FOR-US: jshERP CVE-2025-67342 (RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerabi ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2025-67341 (jshERP versions 3.5 and earlier are affected by a stored XSS vulnerabi ...) - TODO: check + NOT-FOR-US: jshERP CVE-2025-66430 (Plesk 18.0 has Incorrect Access Control.) - TODO: check + NOT-FOR-US: Plesk CVE-2025-65854 (Insecure permissions in the scheduled tasks feature of MineAdmin v3.x ...) - TODO: check + NOT-FOR-US: MineAdmin CVE-2025-65530 (An eval injection in the malware de-obfuscation routines of CloudLinux ...) - TODO: check + NOT-FOR-US: CloudLinux ai-bolit CVE-2025-64011 (Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Ref ...) - nextcloud-server <itp> (bug #941708) CVE-2025-58770 (APTIOV contains a vulnerability in BIOS where a user may cause \u201cI ...) @@ -37,15 +37,15 @@ CVE-2025-53960 (When encrypting sensitive data, weak encryption keys that are fi CVE-2025-40829 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2025-36755 (The CleverDisplay BlueOne hardware player is designed with its USB int ...) - TODO: check + NOT-FOR-US: CleverDisplay BlueOne hardware player CVE-2025-36746 (SolarEdge monitoring platform contains a Cross\u2011Site Scripting (XS ...) - TODO: check + NOT-FOR-US: SolarEdge monitoring platform CVE-2025-36745 (SolarEdge SE3680H ships with an outdated Linux kernel containing unpat ...) - TODO: check + NOT-FOR-US: SolarEdge SE3680H CVE-2025-36744 (SolarEdge SE3680H has unauthenticated disclosure of sensitive informat ...) - TODO: check + NOT-FOR-US: SolarEdge SE3680H CVE-2025-36743 (SolarEdge SE3680H has an exposed debug/test interface accessible to un ...) - TODO: check + NOT-FOR-US: SolarEdge SE3680H CVE-2025-26866 (A remote code execution vulnerability exists where a malicious Raft no ...) TODO: check CVE-2025-23408 (Weak Password Requirements vulnerability in Apache Fineract. This iss ...) @@ -53,7 +53,7 @@ CVE-2025-23408 (Weak Password Requirements vulnerability in Apache Fineract. Th CVE-2025-14578 (A weakness has been identified in itsourcecode Student Management Syst ...) NOT-FOR-US: itsourcecode System CVE-2025-14572 (A vulnerability was found in UTT \u8fdb\u53d6 512W up to 1.7.7-171114. ...) - TODO: check + NOT-FOR-US: UTT CVE-2025-14571 (A vulnerability has been found in projectworlds Advanced Library Manag ...) NOT-FOR-US: Project Worlds CVE-2025-14570 (A flaw has been found in projectworlds Advanced Library Management Sys ...) @@ -61,13 +61,13 @@ CVE-2025-14570 (A flaw has been found in projectworlds Advanced Library Manageme CVE-2025-14569 (A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affe ...) TODO: check CVE-2025-14568 (A security vulnerability has been detected in haxxorsid Stock-Manageme ...) - TODO: check + NOT-FOR-US: haxxorsid Stock-Management-System CVE-2025-14567 (A weakness has been identified in haxxorsid Stock-Management-System up ...) - TODO: check + NOT-FOR-US: haxxorsid Stock-Management-System CVE-2025-14566 (A security flaw has been discovered in kidaze CourseSelectionSystem up ...) - TODO: check + NOT-FOR-US: kidaze CourseSelectionSystem CVE-2025-14565 (A vulnerability was identified in kidaze CourseSelectionSystem up to 4 ...) - TODO: check + NOT-FOR-US: kidaze CourseSelectionSystem CVE-2025-14442 (The Secure Copy Content Protection and Content Locking plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2025-14174 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to ...) @@ -83,9 +83,9 @@ CVE-2025-14030 (The AI Feeds plugin for WordPress is vulnerable to Stored Cross- CVE-2025-13993 (The MailerLite \u2013 Signup forms (official) plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2025-13733 (BuhoNTFS contains an insecure XPC service that allows local, unprivile ...) - TODO: check + NOT-FOR-US: BuhoNTFS CVE-2025-13506 (Execution with Unnecessary Privileges vulnerability in Nebim Neyir Com ...) - TODO: check + NOT-FOR-US: Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP CVE-2025-12965 (The Magical Posts Display plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2025-12960 (The Simple CSV Table plugin for WordPress is vulnerable to Directory T ...) @@ -103,15 +103,15 @@ CVE-2025-12407 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! CVE-2025-12348 (The Icegram Express - Email Subscribers, Newsletters and Marketing Aut ...) NOT-FOR-US: WordPress plugin CVE-2024-58314 (Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticate ...) - TODO: check + NOT-FOR-US: Atcom 100M IP Phones firmware CVE-2024-58311 (Dormakaba Saflok System 6000 contains a predictable key generation alg ...) - TODO: check + NOT-FOR-US: Dormakaba Saflok System 6000 CVE-2024-58305 (WonderCMS 4.3.2 contains a cross-site scripting vulnerability that all ...) - TODO: check + NOT-FOR-US: WonderCMS CVE-2024-58299 (PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the ' ...) NOT-FOR-US: PCMan FTP Server CVE-2024-14010 (Typora 1.7.4 contains a command injection vulnerability in the PDF exp ...) - TODO: check + NOT-FOR-US: Typora CVE-2025-40345 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.17.11-1 [bullseye] - linux 5.10.247-1 @@ -417,7 +417,7 @@ CVE-2024-58313 (xbtitFM 4.1.18 contains an insecure file upload vulnerability th CVE-2024-58312 (xbtitFM 4.1.18 contains a path traversal vulnerability that allows una ...) NOT-FOR-US: xbtitFM CVE-2024-58310 (APC Network Management Card 4 contains a path traversal vulnerability ...) - TODO: check + NOT-FOR-US: APC Network Management Card CVE-2024-58309 (xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability ...) NOT-FOR-US: xbtitFM CVE-2024-58308 (Quick.CMS 6.7 contains a SQL injection vulnerability that allows unaut ...) @@ -258265,7 +258265,7 @@ CVE-2023-29146 CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure w ...) NOT-FOR-US: Malwarebytes EDR CVE-2023-29144 (Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in s ...) - TODO: check + NOT-FOR-US: Malwarebytes CVE-2023-29143 RESERVED CVE-2023-29142 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040a75405183df18391d749d7399ebc0af4f3c8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040a75405183df18391d749d7399ebc0af4f3c8c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
