Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
946591f1 by Salvatore Bonaccorso at 2025-12-17T08:42:32+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1062,29 +1062,29 @@ CVE-2025-14780 (A vulnerability was detected in
Xiongwei Smart Catering Cloud Pl
CVE-2025-14777 (A flaw was found in Keycloak. An IDOR (Broken Access Control)
vulnerab ...)
- keycloak <itp> (bug #1088287)
CVE-2025-14758 (Incorrect configuration of replication security in the MariaDB
compone ...)
- TODO: check
+ NOT-FOR-US: YAOOK Operator
CVE-2025-14749 (A vulnerability was identified in Ningyuanda TC155 57.0.2.0.
This impa ...)
- TODO: check
+ NOT-FOR-US: Ningyuanda TC155
CVE-2025-14748 (A vulnerability was determined in Ningyuanda TC155 57.0.2.0.
This affe ...)
- TODO: check
+ NOT-FOR-US: Ningyuanda TC155
CVE-2025-14747 (A vulnerability was found in Ningyuanda TC155 57.0.2.0. The
impacted e ...)
- TODO: check
+ NOT-FOR-US: Ningyuanda TC155
CVE-2025-14746 (A vulnerability has been found in Ningyuanda TC155 57.0.2.0.
The affec ...)
- TODO: check
+ NOT-FOR-US: Ningyuanda TC155
CVE-2025-14731 (A weakness has been identified in CTCMS Content Management
System up t ...)
- TODO: check
+ NOT-FOR-US: CTCMS Content Management System
CVE-2025-14730 (A security flaw has been discovered in CTCMS Content
Management System ...)
- TODO: check
+ NOT-FOR-US: CTCMS Content Management System
CVE-2025-14729 (A vulnerability was identified in CTCMS Content Management
System up t ...)
- TODO: check
+ NOT-FOR-US: CTCMS Content Management System
CVE-2025-14722 (A vulnerability was determined in vion707 DMadmin up to
3403cafdb42537 ...)
- TODO: check
+ NOT-FOR-US: vion707 DMadmin
CVE-2025-14593 (A maliciously crafted CATPART file, when parsed through
certain Autode ...)
NOT-FOR-US: Autodesk
CVE-2025-14553 (Exposure of password hashes through an unauthenticated API
response in ...)
NOT-FOR-US: TP-Link
CVE-2025-14443 (A flaw was found in ose-openshift-apiserver. This
vulnerability allows ...)
- TODO: check
+ NOT-FOR-US: ose-openshift-apiserver
CVE-2025-14432 (In limited scenarios, sensitive data might be written to the
log file ...)
NOT-FOR-US: HP
CVE-2025-14252 (An Improper Access Control vulnerability in Advantech SUSI
driver (sus ...)
@@ -1100,7 +1100,7 @@ CVE-2025-13741 (The Schedule Post Changes With
PublishPress Future: Unpublish, D
CVE-2025-13532 (Insecure defaults in the Server Agent component of Fortra's
Core Privi ...)
NOT-FOR-US: Fortra
CVE-2025-13474 (Authorization Bypass Through User-Controlled Key vulnerability
in Menu ...)
- TODO: check
+ NOT-FOR-US: Menulux Mobile App
CVE-2025-13439 (The Fancy Product Designer plugin for WordPress is vulnerable
to Infor ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13231 (The Fancy Product Designer plugin for WordPress is vulnerable
to Serve ...)
@@ -1136,83 +1136,83 @@ CVE-2025-10881 (A maliciously crafted CATPRODUCT file,
when parsed through certa
CVE-2025-10450 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
NOT-FOR-US: RTI Connext
CVE-2025-0836 (Missing Authorization vulnerability in Milestone Systems
XProtect VMS ...)
- TODO: check
+ NOT-FOR-US: Milestone Systems
CVE-2023-53903 (WebsiteBaker 2.13.3 contains a stored cross-site scripting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WebsiteBaker
CVE-2023-53902 (WebsiteBaker 2.13.3 contains a directory traversal
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: WebsiteBaker
CVE-2023-53901 (WBCE CMS 1.6.1 contains a cross-site scripting vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2023-53900 (Spip 4.1.10 contains a file upload vulnerability that allows
attackers ...)
TODO: check
CVE-2023-53899 (PodcastGenerator 3.2.9 contains a blind server-side request
forgery vu ...)
- TODO: check
+ NOT-FOR-US: PodcastGenerator
CVE-2023-53898 (Rukovoditel 3.4.1 contains a stored cross-site scripting
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2023-53897 (Rukovoditel 3.4.1 contains multiple stored cross-site
scripting vulner ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2023-53896 (D-Link DAP-1325 firmware version 1.01 contains a broken access
control ...)
NOT-FOR-US: D-Link
CVE-2023-53895 (PimpMyLog 1.7.14 contains an improper access control
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: PimpMyLog
CVE-2023-53894 (phpfm 1.7.9 contains an authentication bypass vulnerability
that allow ...)
- TODO: check
+ NOT-FOR-US: PHPFM
CVE-2023-53893 (Ateme TITAN File 3.9.12.4 contains an authenticated
server-side reques ...)
- TODO: check
+ NOT-FOR-US: Ateme TITAN File
CVE-2023-53892 (Blackcat CMS 1.4 contains a remote code execution
vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Blackcat CMS
CVE-2023-53891 (Blackcat CMS 1.4 contains a stored cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Blackcat CMS
CVE-2023-53890 (Perch CMS 3.2 contains a stored cross-site scripting
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Perch CMS
CVE-2023-53889 (Perch CMS 3.2 contains a remote code execution vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: Perch CMS
CVE-2023-53888 (Zomplog 3.9 contains a remote code execution vulnerability
that allows ...)
- TODO: check
+ NOT-FOR-US: Zomplog
CVE-2023-53887 (Zomplog 3.9 contains a cross-site scripting vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: Zomplog
CVE-2023-53886 (Xlight FTP Server 3.9.3.6 contains a stack buffer overflow
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Xlight FTP Server
CVE-2023-53885 (Webutler v3.2 contains a remote code execution vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: Webutler
CVE-2023-53884 (Webedition CMS v2.9.8.8 contains a stored cross-site scripting
vulnera ...)
- TODO: check
+ NOT-FOR-US: Webedition CMS
CVE-2023-53883 (Webedition CMS v2.9.8.8 contains a remote code execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Webedition CMS
CVE-2023-53882 (JLex GuestBook 1.6.4 contains a reflected cross-site scripting
vulnera ...)
- TODO: check
+ NOT-FOR-US: JLex GuestBook
CVE-2023-53881 (ReyeeOS 1.204.1614 contains an unencrypted CWMP communication
vulnerab ...)
- TODO: check
+ NOT-FOR-US: ReyeeOS
CVE-2023-53880 (Lucee 5.4.2.17 contains a reflected cross-site scripting
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Lucee
CVE-2023-53879 (NVClient 5.0 contains a stack buffer overflow vulnerability in
the use ...)
TODO: check
CVE-2023-53878 (Member Login Script 3.3 contains a client-side
desynchronization vulne ...)
- TODO: check
+ NOT-FOR-US: Member Login Script
CVE-2023-53877 (Bus Reservation System 1.1 contains a SQL injection
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Bus Reservation System
CVE-2023-53876 (Academy LMS 6.1 contains a file upload vulnerability that
allows authe ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2023-53875 (GOM Player 2.3.90.5360 contains a remote code execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: GOM Player
CVE-2023-53874 (GOM Player 2.3.90.5360 contains a buffer overflow
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: GOM Player
CVE-2023-53873 (SyncBreeze 15.2.24 contains a denial of service vulnerability
in the l ...)
- TODO: check
+ NOT-FOR-US: SyncBreeze
CVE-2023-53872 (Wp2Fac 1.0 contains an OS command injection vulnerability in
the send. ...)
- TODO: check
+ NOT-FOR-US: Wp2Fac
CVE-2023-53871 (Soosyze 2.0.0 contains a file upload vulnerability that allows
attacke ...)
- TODO: check
+ NOT-FOR-US: Soosyze
CVE-2023-53870 (Jorani 1.0.3 contains a reflected cross-site scripting
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Jorani
CVE-2023-53869 (WEBIGniter 28.7.23 contains a file upload vulnerability that
allows au ...)
- TODO: check
+ NOT-FOR-US: WEBIGniter
CVE-2023-53868 (Coppermine Gallery 1.6.25 contains a remote code execution
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Coppermine Gallery
CVE-2023-38913 (SQL injection vulnerability in anirbandutta9 NEWS-BUZZ v.1.0
allows a ...)
- TODO: check
+ NOT-FOR-US: anirbandutta9 NEWS-BUZZ
CVE-2023-36338 (Inventory Management System 1 was discovered to contain a SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: Inventory Management System
CVE-2025-14282 [privilege escalation via unix stream socket forwarding]
- dropbear 2025.89-1 (bug #1123069)
[bookworm] - dropbear <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946591f16da7718895e81d3ca4fc63a0a7188ae6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946591f16da7718895e81d3ca4fc63a0a7188ae6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
