Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e1233c2 by Salvatore Bonaccorso at 2025-12-15T22:33:29+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,20 +61,20 @@ CVE-2025-37731 (Improper Authentication in Elasticsearch
PKI realm can lead to u
CVE-2025-36360 (IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2
through 7.2.3 ...)
NOT-FOR-US: IBM
CVE-2025-34412 (The Convercent Whistleblowing Platform operated by EQS Group
contains ...)
- TODO: check
+ NOT-FOR-US: Convercent Whistleblowing Platform
CVE-2025-34411 (The Convercent Whistleblowing Platform operated by EQS Group
exposes a ...)
- TODO: check
+ NOT-FOR-US: Convercent Whistleblowing Platform
CVE-2025-34181 (NetSupport Manager< 14.12.0001 contains an arbitrary file
write vulner ...)
- TODO: check
+ NOT-FOR-US: NetSupport Manager
CVE-2025-34180 (NetSupport Manager< 14.12.0001 relies on a shared Gateway Key
for aut ...)
- TODO: check
+ NOT-FOR-US: NetSupport Manager
CVE-2025-34179 (NetSupport Manager <14.12.0001contains an unauthenticated SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: NetSupport Manager
CVE-2025-14714 (An Authentication Bypass vulnerability existed where the
application b ...)
- libreoffice <not-affected> (Only affects LibreOffice on MacOS)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714
CVE-2025-14711 (A flaw has been found in FantasticLBP Hotels Server up to
67b44df162fa ...)
- TODO: check
+ NOT-FOR-US: FantasticLBP Hotels Server
CVE-2025-14503 (An overly-permissive IAM trust policy in the Harmonix on AWS
framework ...)
NOT-FOR-US: Amazon
CVE-2025-14387 (The LearnPress \u2013 WordPress LMS Plugin plugin for
WordPress is vul ...)
@@ -86,13 +86,13 @@ CVE-2025-14156 (The Fox LMS \u2013 WordPress LMS Plugin
plugin for WordPress is
CVE-2025-14148 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an
authent ...)
NOT-FOR-US: IBM
CVE-2025-14038 (EDB Hybrid Manager contains a flaw that allows an
unauthenticated atta ...)
- TODO: check
+ NOT-FOR-US: EDB Hybrid Manager
CVE-2025-14003 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13950 (The OneSignal \u2013 Web Push Notifications plugin for
WordPress is vu ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13888 (A flaw was found in OpenShift GitOps. Namespace admins can
create Argo ...)
- TODO: check
+ NOT-FOR-US: OpenShift GitOps
CVE-2025-13824 (A security issue exists due to improper handling of malformed
CIP pack ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-13823 (A security issue was found in the IPv6 stack in the Micro850
and Micro ...)
@@ -116,11 +116,11 @@ CVE-2025-11670 (Zohocorp ManageEngine ADManager Plus
versions before 8025 are vu
CVE-2025-11393 (A flaw was found in runtimes-inventory-rhel8-operator. An
internal pro ...)
TODO: check
CVE-2024-44599 (FNT Command 13.4.0 is vulnerable to Directory Traversal.)
- TODO: check
+ NOT-FOR-US: FNT Command
CVE-2024-44598 (FNT Command 13.4.0 is vulnerable to Code Execution via the C
Base Modu ...)
- TODO: check
+ NOT-FOR-US: FNT Command
CVE-2023-36337 (A reflected cross-site scripting (XSS) vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: PHP Inventory Management System
CVE-2025-67907
REJECTED
CVE-2025-67906 (In MISP before 2.5.28,
app/View/Elements/Workflows/executionPath.ctp a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1233c26867035e35f587906d38ebb5761289ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1233c26867035e35f587906d38ebb5761289ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
