Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8f93713 by Salvatore Bonaccorso at 2025-12-18T21:50:15+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,9 +47,9 @@ CVE-2025-65000 (SSH private keys of the "Remote alert
handlers (Linux)" rule wer
CVE-2025-64997 (Insufficient permission validation in Checkmk versions prior
to 2.4.0p ...)
- check-mk <removed>
CVE-2025-64724 (Arduino IDE is an integrated development environment. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Arduino IDE
CVE-2025-64723 (Arduino IDE is an integrated development environment. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Arduino IDE
CVE-2025-64469 (There is a stack-based buffer overflow vulnerability in NI
LabVIEW in ...)
NOT-FOR-US: National Instruments
CVE-2025-64468 (There is a use-after-free vulnerability in
sentry!sentry_span_set_data ...)
@@ -81,17 +81,17 @@ CVE-2025-64235 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template
function i ...)
TODO: check
CVE-2025-63391 (An authentication bypass vulnerability exists in Open-WebUI
<=0.6.32 i ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2025-63390 (An authentication bypass vulnerability exists in AnythingLLM
v1.8.5 in ...)
- TODO: check
+ NOT-FOR-US: AnythingLLM
CVE-2025-63389 (A critical authentication bypass vulnerability exists in
Ollama platfo ...)
TODO: check
CVE-2025-63388 (A Cross-Origin Resource Sharing (CORS) misconfiguration
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-63387 (Dify v1.9.1 is vulnerable to Insecure Permissions. An
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-63386 (A Cross-Origin Resource Sharing (CORS) misconfiguration
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-63043 (Authorization Bypass Through User-Controlled Key vulnerability
in Pick ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-63002 (Missing Authorization vulnerability in wpforchurch Sermon
Manager allo ...)
@@ -105,15 +105,15 @@ CVE-2025-62960 (Missing Authorization vulnerability in
Sparkle WP Construction L
CVE-2025-59949 (FreshRSS is a free, self-hostable RSS aggregator. Versions
prior to 1. ...)
TODO: check
CVE-2025-56157 (Default credentials in Dify thru 1.5.1. PostgreSQL username
and passwo ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-40898 (A path traversal vulnerability was discovered in the Import
Arc data a ...)
- TODO: check
+ NOT-FOR-US: Nozomi Networks Guardian
CVE-2025-40893 (A Stored HTML Injection vulnerability was discovered in the
Asset List ...)
- TODO: check
+ NOT-FOR-US: Nozomi Networks Guardian
CVE-2025-40892 (A Stored Cross-Site Scripting vulnerability was discovered in
the Repo ...)
- TODO: check
+ NOT-FOR-US: Nozomi Networks Guardian
CVE-2025-40891 (A Stored HTML Injection vulnerability was discovered in the
Time Machi ...)
- TODO: check
+ NOT-FOR-US: Nozomi Networks Guardian
CVE-2025-40602 (A local privilege escalation vulnerability due to insufficient
authori ...)
NOT-FOR-US: SonicWall
CVE-2025-1031 (Authorization Bypass Through User-Controlled Key vulnerability
in Utar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8f93713c5eb109ce65c47d93c28b4327cc64267
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8f93713c5eb109ce65c47d93c28b4327cc64267
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
