Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d14f3ac7 by Salvatore Bonaccorso at 2025-12-16T23:02:09+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -200,7 +200,7 @@ CVE-2025-68281 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.17.12-1
NOTE:
https://git.kernel.org/linus/eb2d6774cc0d9d6ab8f924825695a85c14b2e0c2 (6.18-rc6)
CVE-2025-68270 (The Open edX Platform is a learning management platform. Prior
to comm ...)
- TODO: check
+ NOT-FOR-US: Open edX Platform
CVE-2025-68269 (In JetBrains IntelliJ IDEA before 2025.3 missing confirmation
allowed ...)
TODO: check
CVE-2025-68268 (In JetBrains TeamCity before 2025.11.1 reflected XSS was
possible on t ...)
@@ -646,11 +646,11 @@ CVE-2025-68162 (In JetBrains TeamCity before 2025.11
maven embedder allowed load
CVE-2025-68156 (Expr is an expression language and expression evaluation for
Go. Prior ...)
TODO: check
CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC)
support for V ...)
- TODO: check
+ NOT-FOR-US: React Server Components (RSC) support plugin for Vite
CVE-2025-68154 (systeminformation is a System and OS information library for
node.js. ...)
TODO: check
CVE-2025-68150 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2025-68146 (filelock is a platform-independent file lock for Python. In
versions p ...)
TODO: check
CVE-2025-68142 (PyMdown Extensions is a set of extensions for the
`Python-Markdown` ma ...)
@@ -658,11 +658,11 @@ CVE-2025-68142 (PyMdown Extensions is a set of extensions
for the `Python-Markdo
CVE-2025-68130 (tRPC allows users to build and consume fully typesafe APIs
without sch ...)
NOT-FOR-US: Next.js
CVE-2025-68116 (FileRise is a self-hosted web file manager / WebDAV server.
Versions p ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2025-68115 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2025-68113 (ALTCHA is privacy-first software for captcha and bot
protection. A cry ...)
- TODO: check
+ NOT-FOR-US: ALTCHA
CVE-2025-68088 (Missing Authorization vulnerability in merkulove Huger for
Elementor h ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-68087 (Missing Authorization vulnerability in merkulove Modalier for
Elemento ...)
@@ -738,37 +738,37 @@ CVE-2025-67929 (Missing Authorization vulnerability in
templateinvaders TI WooCo
CVE-2025-67912 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67874 (ChurchCRM is an open-source church management system. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-67751 (ChurchCRM is an open-source church management system. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-67748 (Fickling is a Python pickling decompiler and static analyzer.
Versions ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2025-67747 (Fickling is a Python pickling decompiler and static analyzer.
Versions ...)
- TODO: check
+ NOT-FOR-US: Fickling
CVE-2025-67744 (DeepChat is an open-source artificial intelligence agent
platform that ...)
- TODO: check
+ NOT-FOR-US: DeepChat
CVE-2025-67736 (The FreePBX module tts (Text to Speech) for FreePBX, an
open-source we ...)
- TODO: check
+ NOT-FOR-US: FreePBX module tts (Text to Speech) for FreePBX
CVE-2025-67735 (Netty is an asynchronous, event-driven network application
framework. ...)
TODO: check
CVE-2025-67722 (FreePBX is an open-source web-based graphical user interface
(GUI) tha ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2025-67715 (Weblate is a web based localization tool. In versions prior to
5.15, i ...)
TODO: check
CVE-2025-67492 (Weblate is a web based localization tool. In versions prior to
5.15, i ...)
TODO: check
CVE-2025-66635 (Stack-based buffer overflow vulnerability exists in SEIKO
EPSON Web Co ...)
- TODO: check
+ NOT-FOR-US: SEIKO EPSON Web Config
CVE-2025-66482 (Misskey is an open source, federated social media platform.
Attackers ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2025-66449 (ConvertXis a self-hosted online file converter. In versions
prior to 0 ...)
- TODO: check
+ NOT-FOR-US: ConvertXis
CVE-2025-66407 (Weblate is a web based localization tool. The Create Component
functio ...)
TODO: check
CVE-2025-66402 (Misskey is an open source, federated social media platform.
Starting i ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2025-66357 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with
improper che ...)
- TODO: check
+ NOT-FOR-US: CHOCO TEI WATCHER mini (IB-MCT001)
CVE-2025-66167 (Missing Authorization vulnerability in merkulove Lottier
lottier-guten ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-66166 (Missing Authorization vulnerability in merkulove Lottier for
Elementor ...)
@@ -814,31 +814,31 @@ CVE-2025-66121 (Missing Authorization vulnerability in
SiteGround SiteGround Sec
CVE-2025-66120 (Missing Authorization vulnerability in CatFolders CatFolders
catfolder ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-65834 (Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A
memory ...)
- TODO: check
+ NOT-FOR-US: Meltytech Shotcut
CVE-2025-65593 (nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery
(CSRF) ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65592 (nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS)
in the ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65591 (nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS)
via the ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65590 (nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS)
via the ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65589 (nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS)
via the ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2025-65581 (An open redirect vulnerability exists in the Account module in
Volosof ...)
- TODO: check
+ NOT-FOR-US: Volosoft ABP Framework
CVE-2025-65427 (An issue was discovered in Dbit N300 T1 Pro Easy Setup
Wireless Wi-Fi ...)
- TODO: check
+ NOT-FOR-US: Dbit
CVE-2025-65319 (When using the attachment interaction functionality, Blue Mail
1.140.1 ...)
- TODO: check
+ NOT-FOR-US: Blue Mail
CVE-2025-65318 (When using the attachment interaction functionality, Canary
Mail 5.1.4 ...)
- TODO: check
+ NOT-FOR-US: Canary Mail
CVE-2025-65076 (WaveView client allows users to execute restricted set of
predefined c ...)
- TODO: check
+ NOT-FOR-US: WaveView client
CVE-2025-65075 (WaveView client allows users to execute restricted set of
predefined c ...)
- TODO: check
+ NOT-FOR-US: WaveView client
CVE-2025-65074 (WaveView client allows users to execute restricted set of
predefined c ...)
- TODO: check
+ NOT-FOR-US: WaveView client
CVE-2025-64725 (Weblate is a web based localization tool. In versions prior to
5.15, i ...)
TODO: check
CVE-2025-64639 (Missing Authorization vulnerability in WP Compress WP Compress
for Mai ...)
@@ -890,9 +890,9 @@ CVE-2025-64238 (Missing Authorization vulnerability in
NicolasKulka WPS Bidouill
CVE-2025-64237 (Cross-Site Request Forgery (CSRF) vulnerability in Graham
Quick Intere ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-64012 (InvoicePlane commit debb446c is vulnerable to Incorrect Access
Control ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2025-63414 (A Path Traversal vulnerability in the Allsky WebUI version
v2024.12.06 ...)
- TODO: check
+ NOT-FOR-US: Allsky WebUI
CVE-2025-62864 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04
devices b ...)
TODO: check
CVE-2025-62863 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04
devices b ...)
@@ -910,7 +910,7 @@ CVE-2025-62330 (HCL DevOps Deploy is susceptible to a
cleartext transmission of
CVE-2025-62329 (HCL DevOps Deploy / HCL Launch is susceptible to a race
condition in h ...)
NOT-FOR-US: HCL
CVE-2025-61976 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with
improper che ...)
- TODO: check
+ NOT-FOR-US: CHOCO TEI WATCHER mini (IB-MCT001)
CVE-2025-59947 (NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions
prior to ...)
TODO: check
CVE-2025-59935 (GLPI is a free asset and IT management software package.
Starting in v ...)
@@ -13680,7 +13680,7 @@ CVE-2025-64343 ((conda) Constructor is a tool that
enables users to create insta
CVE-2025-64339 (ClipBucket v5 is an open source video sharing platform. In
versions 5. ...)
NOT-FOR-US: ClipBucket
CVE-2025-64338 (ClipBucket v5 is an open source video sharing platform. In
versions 5. ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2025-64336 (ClipBucket v5 is an open source video sharing platform. In
versions 5. ...)
NOT-FOR-US: ClipBucket
CVE-2025-64329 (containerd is an open-source container runtime. Versions
1.7.28 and be ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14f3ac72251685cebaa2cc5fe2a14f772a8b4e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14f3ac72251685cebaa2cc5fe2a14f772a8b4e3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
