Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
421b6e46 by Salvatore Bonaccorso at 2025-12-26T21:19:03+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2025-67349 (A cross-site scripting (XSS) vulnerability was identified in
FluentCMS ...)
- TODO: check
+ NOT-FOR-US: FluentCMS
CVE-2025-67015 (Incorrect access control in Comtech EF Data CDM-625 / CDM-625A
Advance ...)
- TODO: check
+ NOT-FOR-US: Comtech EF Data
CVE-2025-67014 (Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF
over Fi ...)
- TODO: check
+ NOT-FOR-US: DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution
System
CVE-2025-67013 (The web management interface in ETL Systems Ltd DEXTRA Series
' Digita ...)
- TODO: check
+ NOT-FOR-US: ETL Systems Ltd DEXTRA Series Digital L-Band Distribution
System
CVE-2025-66947 (SQL injection vulnerability in krishanmuraiji SMS v.1.0,
within the /s ...)
- TODO: check
+ NOT-FOR-US: krishanmuraiji SMS
CVE-2025-66738 (An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote
normal pr ...)
- TODO: check
+ NOT-FOR-US: Yealink
CVE-2025-66737 (Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory
Traversal. ...)
- TODO: check
+ NOT-FOR-US: Yealink
CVE-2025-65885 (An issue was discovered in the Delight Custom Firmware (CFW)
for Nokia ...)
- TODO: check
+ NOT-FOR-US: Delight Custom Firmware (CFW) for Nokia devices
CVE-2025-64645 (IBM Concert 1.0.0 through 2.1.0 could allow a local user to
escalate t ...)
NOT-FOR-US: IBM
CVE-2025-57403 (Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When
a DNS qu ...)
- TODO: check
+ NOT-FOR-US: Cola Dnslog
CVE-2025-36230 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to
HTML injec ...)
NOT-FOR-US: IBM
CVE-2025-36229 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow
authenticated u ...)
@@ -27,7 +27,7 @@ CVE-2025-36228 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1
may allow inconsisten
CVE-2025-36192 (IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0)
10.1.3.010.2.45 ...)
NOT-FOR-US: IBM
CVE-2025-25341 (A vulnerability exists in the libxmljs 1.0.11 when parsing a
specially ...)
- TODO: check
+ NOT-FOR-US: Node libxmljs
CVE-2025-1721 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker
to obtai ...)
NOT-FOR-US: IBM
CVE-2025-14687 (IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an
authent ...)
@@ -39,11 +39,11 @@ CVE-2025-13158 (Prototype pollution vulnerability in
apidoc-core versions 0.2.0
CVE-2025-12771 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based
buffer ...)
NOT-FOR-US: IBM
CVE-2024-44065 (Time-based blind SQL Injection vulnerability in Cloudlog
v2.6.15 at th ...)
- TODO: check
+ NOT-FOR-US: Cloudlog
CVE-2024-42718 (A path traversal vulnerability in Croogo CMS 4.0.7 allows
remote attac ...)
- TODO: check
+ NOT-FOR-US: Croogo CMS
CVE-2024-29720 (An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0
allows a ...)
- TODO: check
+ NOT-FOR-US: Terra Informatica Software, Inc Sciter
CVE-2025-8075 (Cybersecurity Nozomi Networks Labs, a specialized security
company foc ...)
NOT-FOR-US: Hanwha Vision Co., Ltd. QNV-C8012
CVE-2025-68946 (In Gitea before 1.20.1, a forbidden URL scheme such as
javascript: can ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/421b6e460116964ed3fa88980875f23e058ea1fa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/421b6e460116964ed3fa88980875f23e058ea1fa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
