Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9be3c27 by Salvatore Bonaccorso at 2025-12-24T23:32:47+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1124,7 +1124,7 @@ CVE-2019-25245 (Ross Video DashBoard 8.5.1 contains an
elevation of privileges v
CVE-2019-25244 (Legrand BTicino Driver Manager F454 1.0.51 contains multiple
web vulne ...)
NOT-FOR-US: Legrand BTicino Driver Manager F454
CVE-2019-25243 (FaceSentry 6.4.8 contains an authenticated remote command
injection vu ...)
- TODO: check
+ NOT-FOR-US: FaceSentry
CVE-2019-25242 (FaceSentry Access Control System 6.4.8 contains a cross-site
request f ...)
NOT-FOR-US: FaceSentry Access Control System
CVE-2019-25241 (FaceSentry Access Control System 6.4.8 contains a critical
authenticat ...)
@@ -1834,7 +1834,7 @@ CVE-2025-14500 (IceWarp14 X-File-Operation Command
Injection Remote Code Executi
CVE-2025-14499 (IceWarp gmaps Cross-Site Scripting Authentication Bypass
Vulnerability ...)
NOT-FOR-US: IceWarp
CVE-2025-14498 (TradingView Desktop Electron Uncontrolled Search Path Local
Privilege ...)
- TODO: check
+ NOT-FOR-US: TradingView Desktop
CVE-2025-14497 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
NOT-FOR-US: RealDefense
CVE-2025-14496 (RealDefense SUPERAntiSpyware Exposed Dangerous Function Local
Privileg ...)
@@ -1922,33 +1922,33 @@ CVE-2025-13773 (The Print Invoice & Delivery Notes for
WooCommerce plugin for Wo
CVE-2025-13767 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5,
10.12.x <= 10. ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-13716 (Tencent MimicMotion create_pipeline Deserialization of
Untrusted Data ...)
- TODO: check
+ NOT-FOR-US: Tencent MimicMotion
CVE-2025-13715 (Tencent FaceDetection-DSFD resnet Deserialization of Untrusted
Data Re ...)
- TODO: check
+ NOT-FOR-US: Tencent FaceDetection-DSFD
CVE-2025-13714 (Tencent MedicalNet generate_model Deserialization of Untrusted
Data Re ...)
- TODO: check
+ NOT-FOR-US: Tencent MedicalNet
CVE-2025-13713 (Tencent Hunyuan3D-1 load_pretrained Deserialization of
Untrusted Data ...)
- TODO: check
+ NOT-FOR-US: Tencent Hunyuan3D-1
CVE-2025-13712 (Tencent HunyuanDiT merge Deserialization of Untrusted Data
Remote Code ...)
- TODO: check
+ NOT-FOR-US: Tencent HunyuanDiT
CVE-2025-13711 (Tencent TFace eval Deserialization of Untrusted Data Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: Tencent TFace
CVE-2025-13710 (Tencent HunyuanVideo load_vae Deserialization of Untrusted
Data Remote ...)
- TODO: check
+ NOT-FOR-US: Tencent HunyuanVideo
CVE-2025-13709 (Tencent TFace restore_checkpoint Deserialization of Untrusted
Data Rem ...)
- TODO: check
+ NOT-FOR-US: Tencent TFace
CVE-2025-13708 (Tencent NeuralNLP-NeuralClassifier _load_checkpoint
Deserialization of ...)
- TODO: check
+ NOT-FOR-US: Tencent NeuralNLP-NeuralClassifier
CVE-2025-13707 (Tencent HunyuanDiT model_resume Deserialization of Untrusted
Data Remo ...)
- TODO: check
+ NOT-FOR-US: Tencent HunyuanDiT
CVE-2025-13706 (Tencent PatrickStar merge_checkpoint Deserialization of
Untrusted Data ...)
- TODO: check
+ NOT-FOR-US: Tencent PatrickStar
CVE-2025-13703 (VIPRE Advanced Security Incorrect Permission Assignment Local
Privileg ...)
- TODO: check
+ NOT-FOR-US: VIPRE
CVE-2025-13700 (DreamFactory saveZipFile Command Injection Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: DreamFactory
CVE-2025-13698 (Deciso OPNsense diag_backup.php filename Directory Traversal
Arbitrary ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2025-13407 (The Gravity Forms WordPress plugin before 2.9.23.1 does not
properly p ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12840 (Academy Software Foundation OpenEXR EXR File Parsing
Heap-based Buffer ...)
@@ -1960,15 +1960,15 @@ CVE-2025-12839 (Academy Software Foundation OpenEXR EXR
File Parsing Heap-based
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-990/
TODO: check details
CVE-2025-12838 (MSP360 Free Backup Link Following Local Privilege Escalation
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: MSP360
CVE-2025-12495 (Academy Software Foundation OpenEXR EXR File Parsing
Heap-based Buffer ...)
- openexr <unfixed>
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-989/
TODO: check details
CVE-2025-12491 (Senstar Symphony FetchStoredLicense Information Disclosure
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Senstar Symphony
CVE-2024-58335 (OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89
allows XX ...)
- TODO: check
+ NOT-FOR-US: OpenXRechnungToolbox
CVE-2025-68561 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-68560 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9be3c27bb5ec2e7b594e84f9c9549266b6061ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9be3c27bb5ec2e7b594e84f9c9549266b6061ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
