Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd80e742 by Salvatore Bonaccorso at 2026-01-23T22:19:20+01:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -225,39 +225,39 @@ CVE-2026-0994 (A denial-of-service (DoS) vulnerability
exists in google.protobuf
CVE-2026-0914 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2025-71177 (LavaLite CMS versions up to and including 10.1.0 contain a
stored cros ...)
- TODO: check
+ NOT-FOR-US: LavaLite CMS
CVE-2025-70986 (Incorrect access control in the selectDept function of RuoYi
v4.8.2 al ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2025-70985 (Incorrect access control in the update function of RuoYi
v4.8.2 allows ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2025-70983 (Incorrect access control in the authRoutes function of
SpringBlade v4. ...)
- TODO: check
+ NOT-FOR-US: SpringBlade
CVE-2025-69908 (An unauthenticated information disclosure vulnerability in
Newgen Omni ...)
- TODO: check
+ NOT-FOR-US: Newgen OmniApp
CVE-2025-69907 (An unauthenticated information disclosure vulnerability exists
in Newg ...)
- TODO: check
+ NOT-FOR-US: Newgen OmniDocs
CVE-2025-67231 (A reflected cross-site scripting (XSS) vulnerability in
ToDesktop Buil ...)
- TODO: check
+ NOT-FOR-US: ToDesktop Builder
CVE-2025-67230 (Improper permissions in the handler for the Custom URL Scheme
in ToDes ...)
- TODO: check
+ NOT-FOR-US: ToDesktop Builder
CVE-2025-67229 (An improper certificate validation vulnerability exists in
ToDesktop B ...)
- TODO: check
+ NOT-FOR-US: ToDesktop Builder
CVE-2025-67125 (A signed integer overflow in docopt.cpp v0.6.2
(LeafPattern::match in ...)
TODO: check
CVE-2025-67124 (A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload
finaliz ...)
- TODO: check
+ NOT-FOR-US: svenstaro/miniserve
CVE-2025-66720 (Null pointer dereference in free5gc pcf 1.4.0 in file
internal/sbi/pro ...)
NOT-FOR-US: Free5GC
CVE-2025-66719 (An issue was discovered in Free5gc NRF 1.4.0. In the
access-token gene ...)
NOT-FOR-US: Free5GC
CVE-2025-4320 (Authentication Bypass by Primary Weakness, Weak Password
Recovery Mech ...)
- TODO: check
+ NOT-FOR-US: Birebirsoft
CVE-2025-4319 (Improper Restriction of Excessive Authentication Attempts, Weak
Passwo ...)
- TODO: check
+ NOT-FOR-US: Birebirsoft
CVE-2025-46699 (Dell Data Protection Advisor, versions prior to 19.12,
contains an Imp ...)
NOT-FOR-US: Dell / EMC
CVE-2025-2204 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Tapandsign
CVE-2025-14947 (The All-in-One Video Gallery plugin for WordPress is
vulnerable to una ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14866 (The Melapress Role Editor plugin for WordPress is vulnerable
to Privil ...)
@@ -281,23 +281,23 @@ CVE-2021-47897 (PEEL Shopping 9.3.0 contains a stored
cross-site scripting vulne
CVE-2021-47896 (PDF Complete Corporate Edition 4.1.45 contains an unquoted
service pat ...)
NOT-FOR-US: PDF Complete Corporate Edition
CVE-2021-47895 (Nsauditor 3.2.2.0 contains a denial of service vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2021-47894 (Managed Switch Port Mapping Tool 2.85.2 contains a denial of
service v ...)
- TODO: check
+ NOT-FOR-US: Managed Switch Port Mapping Tool
CVE-2021-47893 (AgataSoft PingMaster Pro 2.1 contains a denial of service
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: AgataSoft PingMaster Pro
CVE-2021-47892 (PEEL Shopping 9.3.0 contains a stored cross-site scripting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: PEEL Shopping
CVE-2021-47891 (Unified Remote 3.9.0.2463 contains a remote code execution
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Unified Remote
CVE-2021-47890 (LogonExpert 8.1 contains an unquoted service path
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: LogonExpert
CVE-2021-47889 (Softros LAN Messenger 9.6.4 contains an unquoted service path
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Softros LAN Messenger
CVE-2021-47888 (Textpattern versions prior to 4.8.3 contain an authenticated
remote co ...)
TODO: check
CVE-2021-47881 (dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local
buffer ov ...)
- TODO: check
+ NOT-FOR-US: dataSIMS Avionics ARINC 664-1
CVE-2018-25132 (MyBB Trending Widget Plugin 1.2 contains a cross-site
scripting vulner ...)
NOT-FOR-US: MyBB
CVE-2018-25116 (MyBB Thread Redirect Plugin 0.2.1 contains a cross-site
scripting vuln ...)
@@ -624,15 +624,15 @@ CVE-2025-9289 (A Cross-Site Scripting (XSS) vulnerability
was identified in a pa
CVE-2025-67847 (A flaw was found in Moodle. An attacker with access to the
restore int ...)
- moodle <removed>
CVE-2025-67652 (An attacker with access to the project file could use the
exposed cre ...)
- TODO: check
+ NOT-FOR-US: CLICK Programmable Logic Controller
CVE-2025-55705 (This vulnerability occurs when the system permits multiple
simultaneou ...)
- TODO: check
+ NOT-FOR-US: EVMAPA
CVE-2025-54816 (This vulnerability occurs when a WebSocket endpoint does not
enforce ...)
- TODO: check
+ NOT-FOR-US: EVMAPA
CVE-2025-53968 (This vulnerability arises because there are no limitations on
the numb ...)
- TODO: check
+ NOT-FOR-US: EVMAPA
CVE-2025-25051 (An attacker could decrypt sensitive data, impersonate
legitimate users ...)
- TODO: check
+ NOT-FOR-US: CLICK Programmable Logic Controller
CVE-2025-22234 (The fix applied in CVE-2025-22228 inadvertently broke the
timing attac ...)
TODO: check
CVE-2025-15522 (The Uncanny Automator \u2013 Easy Automation, Integration,
Webhooks & ...)
@@ -646,20 +646,20 @@ CVE-2025-15349 (Anritsu ShockLine SCPI Race Condition
Remote Code Execution Vuln
CVE-2025-15348 (Anritsu ShockLine CHX File Parsing Deserialization of
Untrusted Data R ...)
NOT-FOR-US: Anritsu
CVE-2025-15063 (Ollama MCP Server execAsync Command Injection Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Ollama MCP Server
CVE-2025-15062 (Trimble SketchUp SKP File Parsing Use-After-Free Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Trimble
CVE-2025-15061 (Framelink Figma MCP Server fetchWithRetry Command Injection
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Framelink Figma MCP Server
CVE-2025-15059 (GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
- gimp <unfixed> (bug #1126267)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1196/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e
CVE-2025-14751 (A low-privileged user can bypass account credentials without
confirmin ...)
- TODO: check
+ NOT-FOR-US: Weintek cMT X Series HMI EasyWeb Service
CVE-2025-14750 (The web application does not sufficiently verify inputs that
are assum ...)
- TODO: check
+ NOT-FOR-US: Weintek cMT X Series HMI EasyWeb Service
CVE-2025-14745 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to
Post, and Au ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14069 (The Schema & Structured Data for WP & AMP plugin for WordPress
is vuln ...)
@@ -368763,7 +368763,7 @@ CVE-2022-0691 (Authorization Bypass Through
User-Controlled Key in NPM url-parse
NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4
NOTE:
https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63
(1.5.9)
CVE-2022-25369 (An issue was discovered in Dynamicweb before 9.12.8. An
attacker can a ...)
- TODO: check
+ NOT-FOR-US: Dynamicweb
CVE-2022-25368 (Spectre BHB is a variant of Spectre-v2 in which malicious code
uses th ...)
NOTE:
https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html
NOTE: This is a CVE specific for the impact of Spectre-BHB on Ampere
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd80e742de4ba5039dec189461c847d174009b7d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd80e742de4ba5039dec189461c847d174009b7d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
