Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e15265f1 by Salvatore Bonaccorso at 2025-12-29T21:41:31+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,47 +59,47 @@ CVE-2025-66862 (A buffer overflow vulnerability in function
gnu_special in file
CVE-2025-66861 (An issue was discovered in function d_unqualified_name in file
cp-dema ...)
TODO: check
CVE-2025-65570 (A type confusion in jsish 2.0 allows incorrect control flow
during exe ...)
- TODO: check
+ NOT-FOR-US: Jsish
CVE-2025-65442 (DOM-based Cross-Site Scripting (XSS) vulnerability in
201206030 novel ...)
- TODO: check
+ NOT-FOR-US: 201206030 novel
CVE-2025-60458 (UxPlay 1.72 contains a double free vulnerability in its RTSP
request h ...)
- uxplay <unfixed>
NOTE: https://github.com/0pepsi/CVE-2025-60458
TODO: check upstream status, possibly not reported
CVE-2025-57462 (Reflected Cross site scripting (xss) in machsol machpanel
8.0.32 allow ...)
- TODO: check
+ NOT-FOR-US: machsol machpanel
CVE-2025-57460 (File upload vulnerability in machsol machpanel 8.0.32 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: machsol machpanel
CVE-2025-56333 (An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Fossorial fosrl/pangolin
CVE-2025-55064 (CWE-79 Improper Neutralization of Input During Web Page
Generation (XS ...)
- TODO: check
+ NOT-FOR-US: Priority Web
CVE-2025-55063 (CWE-79 Improper Neutralization of Input During Web Page
Generation (XS ...)
- TODO: check
+ NOT-FOR-US: Priority Web
CVE-2025-55062 (CWE-79 Improper Neutralization of Input During Web Page
Generation (XS ...)
- TODO: check
+ NOT-FOR-US: Priority Web
CVE-2025-55061 (CWE-434 Unrestricted Upload of File with Dangerous Type)
- TODO: check
+ NOT-FOR-US: Priority Web
CVE-2025-55060 (CWE-601 URL Redirection to Untrusted Site ('Open Redirect'))
- TODO: check
+ NOT-FOR-US: Priority Web
CVE-2025-53627 (Meshtastic is an open source mesh networking solution. The
Meshtastic ...)
- TODO: check
+ NOT-FOR-US: Meshtastic
CVE-2025-15202 (A vulnerability has been found in SohuTV CacheCloud up to
3.2.0. This ...)
- TODO: check
+ NOT-FOR-US: SohuTV CacheCloud
CVE-2025-15201 (A flaw has been found in SohuTV CacheCloud up to 3.2.0. The
impacted e ...)
- TODO: check
+ NOT-FOR-US: SohuTV CacheCloud
CVE-2025-15200 (A vulnerability was detected in SohuTV CacheCloud up to 3.2.0.
The aff ...)
- TODO: check
+ NOT-FOR-US: SohuTV CacheCloud
CVE-2025-15199 (A security vulnerability has been detected in code-projects
College No ...)
NOT-FOR-US: code-projects
CVE-2025-15198 (A weakness has been identified in code-projects College Notes
Uploadin ...)
NOT-FOR-US: code-projects
CVE-2025-15197 (A security flaw has been discovered in
code-projects/anirbandutta9 Con ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15196 (A vulnerability was identified in code-projects Assessment
Management ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15195 (A vulnerability was determined in code-projects Assessment
Management ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15194 (A vulnerability was found in D-Link DIR-600 up to 2.15WWb02.
Affected ...)
NOT-FOR-US: D-Link
CVE-2025-15193 (A vulnerability was detected in D-Link DWR-M920 up to 1.1.50.
This aff ...)
@@ -115,7 +115,7 @@ CVE-2025-15189 (A vulnerability was identified in D-Link
DWR-M920 up to 1.1.50.
CVE-2025-15188 (A vulnerability was determined in Campcodes Complete Online
Beauty Par ...)
NOT-FOR-US: Campcodes
CVE-2025-15187 (A vulnerability was found in GreenCMS up to 2.3. This affects
an unkno ...)
- TODO: check
+ NOT-FOR-US: GreenCMS
CVE-2025-15186 (A vulnerability has been found in code-projects Refugee Food
Managemen ...)
NOT-FOR-US: code-projects
CVE-2025-15185 (A flaw has been found in code-projects Refugee Food Management
System ...)
@@ -131,7 +131,7 @@ CVE-2025-15181 (A security flaw has been discovered in
code-projects Refugee Foo
CVE-2025-15180 (A vulnerability was identified in Tenda WH450 1.0.0.18. The
affected e ...)
NOT-FOR-US: Tenda
CVE-2025-14728 (Rapid7 Velociraptor versions before 0.75.6 contain a directory
travers ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Velociraptor
CVE-2025-14280 (The PixelYourSite plugin for WordPress is vulnerable to
Sensitive Info ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14175 (A vulnerability in the SSH server of TP-Link TL-WR820N v2.80
allows th ...)
@@ -141,7 +141,7 @@ CVE-2025-13592 (The Advanced Ads plugin for WordPress is
vulnerable to Remote Co
CVE-2024-30855 (DedeCMS v5.7 was discovered to contain a Cross-Site Request
Forgery (C ...)
NOT-FOR-US: DedeCMS
CVE-2024-25181 (A critical vulnerability has been identified in givanz VvvebJs
1.7.2, ...)
- TODO: check
+ NOT-FOR-US: givanz VvvebJs
CVE-2025-52691 (Successful exploitation of the vulnerability could allow an
unauthenti ...)
NOT-FOR-US: SmarterTools SmarterMail
CVE-2025-15228 (BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary
File Up ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e15265f109d200c40f27afc9a33e9958ab6cb0fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e15265f109d200c40f27afc9a33e9958ab6cb0fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
