Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a42dc607 by Salvatore Bonaccorso at 2025-12-18T22:28:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -122,13 +122,13 @@ CVE-2025-40891 (A Stored HTML Injection vulnerability was
discovered in the Time
CVE-2025-40602 (A local privilege escalation vulnerability due to insufficient
authori ...)
NOT-FOR-US: SonicWall
CVE-2025-1031 (Authorization Bypass Through User-Controlled Key vulnerability
in Utar ...)
- TODO: check
+ NOT-FOR-US: SoliClub
CVE-2025-1030 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
- TODO: check
+ NOT-FOR-US: SoliClub
CVE-2025-1029 (Use of Hard-coded Credentials vulnerability in Utarit
Information Serv ...)
- TODO: check
+ NOT-FOR-US: SoliClub
CVE-2025-14896 (due to insufficient sanitazation in Vega\u2019s `convert()`
function w ...)
- TODO: check
+ NOT-FOR-US: Yuzu tech Kroki
CVE-2025-14889 (A security flaw has been discovered in Campcodes Advanced
Voting Manag ...)
NOT-FOR-US: Campcodes
CVE-2025-14885 (A flaw has been found in SourceCodester Client Database
Management Sys ...)
@@ -152,7 +152,7 @@ CVE-2025-14860 (Use-after-free in the Disability Access
APIs component. This vul
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-98/#CVE-2025-14860
CVE-2025-14823 (In deployments using the ScreenConnect\u2122 Certificate
Signing Exten ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2025-14744 (Unicode RTLO characters could allow malicious websites to
spoof filena ...)
TODO: check
CVE-2025-14739 (Access of Uninitialized Pointer vulnerability in TP-Link
WR940N and WR ...)
@@ -176,79 +176,79 @@ CVE-2025-13641 (The Photo Gallery, Sliders, Proofing and
Themes \u2013 NextGEN G
CVE-2025-13110 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10910 (A flaw in the binding process of Govee\u2019s cloud platform
and devic ...)
- TODO: check
+ NOT-FOR-US: Govee
CVE-2024-58323 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58322 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58321 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58320 (An information disclosure vulnerability in Kentico Xperience
allows pu ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58319 (A reflected cross-site scripting vulnerability in Kentico
Xperience al ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58318 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2024-58317 (A cookie security configuration vulnerability in Kentico
Xperience all ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2023-53944 (EasyPHP Webserver 14.1 contains a path traversal vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: EasyPHP Webserver
CVE-2023-53943 (GLPI 9.5.7 contains a username enumeration vulnerability in
the lost p ...)
TODO: check
CVE-2023-53942 (File Thingie 2.5.7 contains an authenticated file upload
vulnerability ...)
- TODO: check
+ NOT-FOR-US: File Thingie
CVE-2023-53941 (EasyPHP Webserver 14.1 contains an OS command injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: EasyPHP Webserver
CVE-2023-53940 (Codigo Markdown Editor 1.0.1 contains a code execution
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Codigo Markdown Editor
CVE-2023-53939 (TinyWebGallery v2.5 contains a stored cross-site scripting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: TinyWebGallery
CVE-2023-53938 (RockMongo 1.1.7 contains a stored cross-site scripting
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: RockMongo
CVE-2023-53937 (Hubstaff 1.6.14 contains a DLL search order hijacking
vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Hubstaff
CVE-2023-53936 (Cameleon CMS 2.7.4 contains a persistent cross-site scripting
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Cameleon CMS
CVE-2023-53935 (WBiz Desk 1.2 contains a SQL injection vulnerability that
allows non-a ...)
- TODO: check
+ NOT-FOR-US: WBiz Desk
CVE-2023-53934 (A denial of service vulnerability in Kentico Xperience allows
attacker ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2023-53738 (A reflected cross-site scripting vulnerability in Kentico
Xperience al ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2023-53737 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2023-53736 (A reflected cross-site scripting vulnerability in Kentico
Xperience al ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50686 (An information disclosure vulnerability in Kentico Xperience
allows at ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50685 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50684 (An HTML injection vulnerability in Kentico Xperience allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50683 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50682 (A CRLF injection vulnerability in Kentico Xperience allows
attackers t ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50681 (A reflected cross-site scripting vulnerability in Kentico
Xperience al ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2022-50680 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2021-47712 (A cryptography vulnerability in Kentico Xperience allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2021-47711 (A SQL injection vulnerability in Kentico Xperience allows
authenticate ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2020-36891 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2020-36890 (An access control bypass vulnerability in Kentico Xperience
allows adm ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2020-36889 (A stored cross-site scripting vulnerability in Kentico
Xperience allow ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2019-25230 (An information disclosure vulnerability in Kentico Xperience
allows au ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2019-25229 (An unrestricted file upload vulnerability in Kentico Xperience
allows ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2019-25228 (An information disclosure vulnerability in Kentico Xperience
allows at ...)
- TODO: check
+ NOT-FOR-US: Kentico Xperience
CVE-2025-68325 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/9fefc78f7f02d71810776fdeb119a05a946a27cc (6.19-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42dc607779bc286d7b4846cef6e277de117667f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42dc607779bc286d7b4846cef6e277de117667f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
