Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e963307 by Salvatore Bonaccorso at 2025-12-19T09:27:58+01:00
Add some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,33 +45,33 @@ CVE-2025-68279 (Weblate is a web based localization tool.
In versions prior to 5
CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9
through 2. ...)
TODO: check
CVE-2025-67846 (The Deployment Infrastructure in Mintlify Platform before
2025-11-15 a ...)
- TODO: check
+ NOT-FOR-US: Deployment Infrastructure in Mintlify Platform
CVE-2025-67845 (A Directory Traversal vulnerability in the Static Asset Proxy
Endpoint ...)
- TODO: check
+ NOT-FOR-US: Mintlify Platform
CVE-2025-67844 (The GitHub Integration API in Mintlify Platform before
2025-11-15 allo ...)
- TODO: check
+ NOT-FOR-US: Mintlify Platform
CVE-2025-67843 (A Server-Side Template Injection (SSTI) vulnerability in the
MDX Rende ...)
- TODO: check
+ NOT-FOR-US: Mintlify Platform
CVE-2025-67842 (The Static Asset API in Mintlify Platform before 2025-11-15
allows rem ...)
- TODO: check
+ NOT-FOR-US: Mintlify Platform
CVE-2025-67653 (Advantech WebAccess/SCADAis vulnerable to directory traversal,
which m ...)
NOT-FOR-US: Advantech
CVE-2025-67163 (A stored cross-site scripting (XSS) vulnerability in Simple
Machines F ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2025-66522 (A stored cross-site scripting (XSS) vulnerability exists in
the Digita ...)
NOT-FOR-US: Foxit
CVE-2025-66521 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66520 (A stored cross-site scripting (XSS) vulnerability exists in
the Portfo ...)
NOT-FOR-US: Foxit
CVE-2025-66519 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66502 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66501 (A stored cross-site scripting (XSS) vulnerability exists in
pdfonline. ...)
NOT-FOR-US: Foxit
CVE-2025-66500 (A stored cross-site scripting (XSS) vulnerability exists in
webplugins ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2025-66499 (A heap-based buffer overflow vulnerability exists in the PDF
parsing o ...)
NOT-FOR-US: Foxit
CVE-2025-66498 (A memory corruption vulnerability exists in the 3D annotation
handling ...)
@@ -91,29 +91,29 @@ CVE-2025-66174 (There is an improper authentication
vulnerability in some Hikvis
CVE-2025-66173 (There is a privilege escalation vulnerability in some
Hikvision DVR pr ...)
NOT-FOR-US: Hikvision
CVE-2025-65046 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-65041 (Improper authorization in Microsoft Partner Center allows an
unauthori ...)
NOT-FOR-US: Microsoft
CVE-2025-65037 (Improper control of generation of code ('code injection') in
Azure Con ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64677 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64676 ('.../...//' in Microsoft Purview allows an authorized attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64675 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-64663 (Custom Question Answering Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-63951 (An insecure deserialization vulnerability exists in the
rss-mp3.php sc ...)
- TODO: check
+ NOT-FOR-US: MiczFlor RPi-Jukebox-RFID project
CVE-2025-63950 (An insecure deserialization vulnerability exists in the
download.php s ...)
- TODO: check
+ NOT-FOR-US: to3k Twittodon application
CVE-2025-63949 (A Reflected Cross-Site Scripting (XSS) vulnerability in
yohanawi Hotel ...)
- TODO: check
+ NOT-FOR-US: yohanawi Hotel Management System
CVE-2025-63948 (A SQL Injection vulnerability exists in phpMsAdmin version 2.2
in the ...)
- TODO: check
+ NOT-FOR-US: phpMsAdmin
CVE-2025-63947 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
phpMsAd ...)
- TODO: check
+ NOT-FOR-US: phpMsAdmin
CVE-2025-62004 (BullWall Server Intrusion Protection services are initialized
after lo ...)
TODO: check
CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable delay
before the ...)
@@ -147,11 +147,11 @@ CVE-2025-14940 (A vulnerability was determined in
code-projects Scholars Trackin
CVE-2025-14939 (A vulnerability was found in code-projects Online Appointment
Booking ...)
NOT-FOR-US: code-projects
CVE-2025-14910 (A vulnerability was detected in Edimax BR-6208AC 1.02. This
impacts th ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-14909 (A weakness has been identified in JeecgBoot up to 3.9.0. The
impacted ...)
- TODO: check
+ NOT-FOR-US: JeecgBoot
CVE-2025-14908 (A security flaw has been discovered in JeecgBoot up to 3.9.0.
The affe ...)
- TODO: check
+ NOT-FOR-US: JeecgBoot
CVE-2025-14900 (A security vulnerability has been detected in CodeAstro Real
Estate Ma ...)
NOT-FOR-US: CodeAstro
CVE-2025-14899 (A weakness has been identified in CodeAstro Real Estate
Management Sys ...)
@@ -183,7 +183,7 @@ CVE-2025-13911 (The vulnerability affects Ignition SCADA
applications where Pyth
CVE-2025-13754 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13427 (An authentication bypass vulnerability in Google Cloud
Dialogflow CX M ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Dialogflow CX Messenger
CVE-2025-13307 (The Ocean Modal Window WordPress plugin before 2.3.3 is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13008 (An information disclosure vulnerability in M-Files Server
before versi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e963307b5bb871e98fb16a16208cfa5c0957e7f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e963307b5bb871e98fb16a16208cfa5c0957e7f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
