Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e776453c by Salvatore Bonaccorso at 2025-12-24T09:42:17+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -83,55 +83,55 @@ CVE-2025-14933 (NSF Unidata NetCDF-C NC Variable Integer
Overflow Remote Code Ex
CVE-2025-14932 (NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow
Remote Code ...)
TODO: check
CVE-2025-14931 (Hugging Face smolagents Remote Python Executor Deserialization
of Untr ...)
- TODO: check
+ NOT-FOR-US: Hugging Face smolagents
CVE-2025-14930 (Hugging Face Transformers GLM4 Deserialization of Untrusted
Data Remot ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14929 (Hugging Face Transformers X-CLIP Checkpoint Conversion
Deserialization ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14928 (Hugging Face Transformers HuBERT convert_config Code Injection
Remote ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14927 (Hugging Face Transformers SEW-D convert_config Code Injection
Remote C ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14926 (Hugging Face Transformers SEW convert_config Code Injection
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14925 (Hugging Face Accelerate Deserialization of Untrusted Data
Remote Code ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Accelerate
CVE-2025-14924 (Hugging Face Transformers megatron_gpt2 Deserialization of
Untrusted D ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14922 (Hugging Face Diffusers CogView4 Deserialization of Untrusted
Data Remo ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Diffusers
CVE-2025-14921 (Hugging Face Transformers Transformer-XL Model Deserialization
of Untr ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14920 (Hugging Face Transformers Perceiver Model Deserialization of
Untrusted ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-14501 (Sante PACS Server HTTP Content-Length Header Handling NULL
Pointer Der ...)
- TODO: check
+ NOT-FOR-US: Sante PACS Server
CVE-2025-14500 (IceWarp14 X-File-Operation Command Injection Remote Code
Execution Vul ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2025-14499 (IceWarp gmaps Cross-Site Scripting Authentication Bypass
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2025-14498 (TradingView Desktop Electron Uncontrolled Search Path Local
Privilege ...)
TODO: check
CVE-2025-14497 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14496 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14495 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14494 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14493 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14492 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14491 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14490 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14489 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14488 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: RealDefense
CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
- gimp 3.2.0~RC2-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1139/
@@ -149,47 +149,47 @@ CVE-2025-14422 (GIMP PNM File Parsing Integer Overflow
Remote Code Execution Vul
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1136/
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb
(GIMP_3_2_0_RC2)
CVE-2025-14421 (pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read
Information ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14420 (pdfforge PDF Architect CBZ File Parsing Directory Traversal
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14419 (pdfforge PDF Architect PDF File Parsing Memory Corruption
Remote Code ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14418 (pdfforge PDF Architect XLS File Insufficient UI Warning Remote
Code Ex ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14417 (pdfforge PDF Architect Launch Insufficient UI Warning Remote
Code Exec ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14416 (pdfforge PDF Architect DOC File Insufficient UI Warning Remote
Code Ex ...)
- TODO: check
+ NOT-FOR-US: pdfforge PDF Architect
CVE-2025-14415 (Soda PDF Desktop Launch Insufficient UI Warning Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop Launch
CVE-2025-14414 (Soda PDF Desktop Word File Insufficient UI Warning Remote Code
Executi ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14413 (Soda PDF Desktop CBZ File Parsing Directory Traversal Remote
Code Exec ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14412 (Soda PDF Desktop XLS File Insufficient UI Warning Remote Code
Executio ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14411 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read
Information Discl ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14410 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read
Information Discl ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14409 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote
Code Exec ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14408 (Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read
Information Discl ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14407 (Soda PDF Desktop PDF File Parsing Memory Corruption
Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14406 (Soda PDF Desktop Uncontrolled Search Path Element Local
Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: Soda PDF Desktop
CVE-2025-14405 (PDFsam Enhanced Uncontrolled Search Path Element Local
Privilege Escal ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-14404 (PDFsam Enhanced XLS File Insufficient UI Warning Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-14403 (PDFsam Enhanced Launch Insufficient UI Warning Remote Code
Execution V ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-14402 (PDFsam Enhanced DOC File Insufficient UI Warning Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-14401 (PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: PDFsam
CVE-2025-13773 (The Print Invoice & Delivery Notes for WooCommerce plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13767 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5,
10.12.x <= 10. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e776453c06540644c50a0058491620349e507ab4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e776453c06540644c50a0058491620349e507ab4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
