Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e1a6c8eb by Salvatore Bonaccorso at 2025-12-30T21:38:56+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,11 +4,11 @@ CVE-2025-69261 (WasmEdge is a WebAssembly runtime. Prior to
version 0.16.0-alpha
NOTE: Fixed by:
https://github.com/WasmEdge/WasmEdge/commit/37cc9fa19bd23edbbdaa9252059b17f191fa4d17
(0.16.0-alpha.3)
TODO: check details on affected range
CVE-2025-69257 (theshit is a command-line utility that automatically detects
and fixes ...)
- TODO: check
+ NOT-FOR-US: theshit
CVE-2025-69256 (The Serverless Framework is a framework for using AWS Lambda
and other ...)
- TODO: check
+ NOT-FOR-US: Serverless Framework
CVE-2025-69210 (FacturaScripts is open-source enterprise resource planning and
account ...)
- TODO: check
+ NOT-FOR-US: FacturaScripts
CVE-2025-69204 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.12+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
@@ -134,22 +134,22 @@ CVE-2025-68950 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec
(7.1.2-12)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/5655e26ee9032a208ad9add1fde2877205d5e540
(6.9.13-37)
CVE-2025-68926 (RustFS is a distributed object storage system built in Rust.
In versio ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2025-68618 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.12+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb
(7.1.2-12)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/693c8497290ea0c7cac75d3068ea4fa70d7d507e
(6.9.13-37)
CVE-2025-66848 (JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000
(4.3.1.r ...)
- TODO: check
+ NOT-FOR-US: JD Cloud NAS routers
CVE-2025-66835 (TrueConf Client 8.5.2 is vulnerable to DLL hijacking via
crafted wfapi ...)
- TODO: check
+ NOT-FOR-US: TrueConf Client
CVE-2025-66834 (A CSV Formula Injection vulnerability in TrueConf Server
v5.5.2.10813 ...)
- TODO: check
+ NOT-FOR-US: TrueConf Server
CVE-2025-66824 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
the Meetin ...)
- TODO: check
+ NOT-FOR-US: TrueConf Server
CVE-2025-66823 (An HTML Injection vulnerability in TrueConf server 5.5.2.10813
in the ...)
- TODO: check
+ NOT-FOR-US: TrueConf Server
CVE-2025-66103 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-66094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -157,7 +157,7 @@ CVE-2025-66094 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-66080 (Missing Authorization vulnerability in WP Legal Pages WP
Cookie Notice ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-65925 (An issue was discovered in Zeroheight (SaaS) prior to
2025-06-13. A le ...)
- TODO: check
+ NOT-FOR-US: Zeroheight (SaaS)
CVE-2025-65411 (A NULL pointer dereference in the src/path.c component of GNU
Unrtf v0 ...)
TODO: check
CVE-2025-65409 (A divide-by-zero in the encryption/decryption routines of GNU
Recutils ...)
@@ -175,11 +175,11 @@ CVE-2025-62128 (Missing Authorization vulnerability in
SiteLock SiteLock Securit
CVE-2025-62112 (Cross-Site Request Forgery (CSRF) vulnerability in Merv
Barrett Import ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-61557 (nixseparatedebuginfod before v0.4.1 is vulnerable to Directory
Travers ...)
- TODO: check
+ NOT-FOR-US: nixseparatedebuginfod
CVE-2025-59129 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-56332 (Authentication Bypass in fosrl/pangolin v1.6.2 and before
allows attac ...)
- TODO: check
+ NOT-FOR-US: fosrl/pangolin
CVE-2025-52835 (Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by
GMO WING ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-50343 (An issue was discovered in matio 1.5.28. A heap-based memory
corruptio ...)
@@ -191,17 +191,17 @@ CVE-2025-15358 (DVP-12SE11T - Denial of Service
Vulnerability)
CVE-2025-15353 (A vulnerability was detected in itsourcecode Society
Management System ...)
NOT-FOR-US: itsourcecode System
CVE-2025-15264 (A vulnerability was determined in FeehiCMS up to 2.1.1.
Impacted is an ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2025-15263 (A weakness has been identified in BiggiDroid Simple PHP CMS
1.0. Affec ...)
- TODO: check
+ NOT-FOR-US: BiggiDroid Simple PHP CMS
CVE-2025-15262 (A security flaw has been discovered in BiggiDroid Simple PHP
CMS 1.0. ...)
- TODO: check
+ NOT-FOR-US: BiggiDroid Simple PHP CMS
CVE-2025-15258 (A weakness has been identified in Edimax BR-6208AC 1.02/1.03.
Affected ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-15257 (A security flaw has been discovered in Edimax BR-6208AC
1.02/1.03. Aff ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-15256 (A vulnerability was identified in Edimax BR-6208AC 1.02/1.03.
Affected ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2025-15255 (A vulnerability was determined in Tenda W6-S 1.0.0.4(510).
This impact ...)
NOT-FOR-US: Tenda
CVE-2025-15254 (A vulnerability was found in Tenda W6-S 1.0.0.4(510). This
affects the ...)
@@ -211,27 +211,27 @@ CVE-2025-15253 (A vulnerability has been found in Tenda
M3 1.0.0.13(4903). The i
CVE-2025-15252 (A flaw has been found in Tenda M3 1.0.0.13(4903). The affected
element ...)
NOT-FOR-US: Tenda
CVE-2025-15251 (A vulnerability was detected in beecue FastBee up to 2.1.
Impacted is ...)
- TODO: check
+ NOT-FOR-US: FastBee
CVE-2025-15250 (A security vulnerability has been detected in 08CMS Novel
System up to ...)
- TODO: check
+ NOT-FOR-US: 08CMS Novel System
CVE-2025-15249 (A weakness has been identified in zhujunliang3 work_platform
up to 6bc ...)
- TODO: check
+ NOT-FOR-US: zhujunliang3 work_platform
CVE-2025-15248 (A security flaw has been discovered in sunhailin12315
product-review \ ...)
- TODO: check
+ NOT-FOR-US: sunhailin12315 product-review
CVE-2025-15247 (A vulnerability was identified in gmg137 snap7-rs up to
153d3e8c16decd ...)
- TODO: check
+ NOT-FOR-US: gmg137 snap7-rs
CVE-2025-15246 (A vulnerability was determined in aizuda snail-job up to 1.7.0
on macO ...)
- TODO: check
+ NOT-FOR-US: aizuda snail-job
CVE-2025-15245 (A vulnerability was found in D-Link DCS-850L 1.02.09. Affected
is the ...)
NOT-FOR-US: D-Link
CVE-2025-15244 (A vulnerability has been found in PHPEMS up to 11.0. This
impacts an u ...)
- TODO: check
+ NOT-FOR-US: PHPEMS
CVE-2025-15243 (A flaw has been found in code-projects Simple Stock System
1.0. This a ...)
NOT-FOR-US: code-projects
CVE-2025-15242 (A vulnerability was detected in PHPEMS up to 11.0. The
impacted elemen ...)
- TODO: check
+ NOT-FOR-US: PHPEMS
CVE-2025-15241 (A security vulnerability has been detected in CloudPanel
Community Edi ...)
- TODO: check
+ NOT-FOR-US: CloudPanel
CVE-2025-15234 (A weakness has been identified in Tenda M3 1.0.0.13(4903).
Impacted is ...)
NOT-FOR-US: Tenda
CVE-2025-15103 (DVP-12SE11T - Authentication Bypass via Partial Password
Disclosure)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a6c8eb8165343ea74c180bdd9f7404cc2c03a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a6c8eb8165343ea74c180bdd9f7404cc2c03a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
