Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38cfbc00 by security tracker role at 2025-07-02T20:12:59+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-6943 (Secret Server version 11.7 and earlier is
vulnerable to a SQL rep
CVE-2025-6942 (The distributed engine versions 8.4.39.0 and earlier of Secret
Server ...)
TODO: check
CVE-2025-6725 (In the PdfViewer component, a Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-53494 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-53493 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -23,7 +23,7 @@ CVE-2025-53108 (HomeBox is a home inventory and organization
system. Prior to 0.
CVE-2025-53106 (Graylog is a free and open log management platform. In
versions 6.2.0 ...)
TODO: check
CVE-2025-53006 (DataEase is an open source business intelligence and data
visualizatio ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2025-52891 (ModSecurity is an open source, cross platform web application
firewall ...)
TODO: check
CVE-2025-52886 (Poppler is a PDF rendering library. Versions prior to 25.06.0
use `std ...)
@@ -35,9 +35,9 @@ CVE-2025-52841 (Cross-Site Request Forgery (CSRF)
vulnerability in Laundry on Li
CVE-2025-52559 (Zulip is an open-source team chat application. From versions
2.0.0-rc1 ...)
TODO: check
CVE-2025-4946 (The Vikinger theme for WordPress is vulnerable to arbitrary
file delet ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49713 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49588 (Linkwarden is a self-hosted, open-source collaborative
bookmark manage ...)
TODO: check
CVE-2025-45814 (Missing authentication checks in the query.fcgi endpoint of
NS3000 v8. ...)
@@ -49,9 +49,9 @@ CVE-2025-45424 (Incorrect access control in Xinference before
v1.4.0 allows atta
CVE-2025-45029 (WINSTAR WN572HP3 v230525 was discovered to contain a heap
overflow via ...)
TODO: check
CVE-2025-43025 (HP Universal Print Driver is potentially vulnerable to denial
of servi ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-39362 (Missing Authorization vulnerability in Mollie Mollie Payments
for WooC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-34092 (A cookie encryption bypass vulnerability exists in Google
Chrome\u2019 ...)
TODO: check
CVE-2025-34091 (A padding oracle vulnerability exists in Google Chrome\u2019s
AppBound ...)
@@ -83,7 +83,7 @@ CVE-2025-34067 (An unauthenticated remote command execution
vulnerability exists
CVE-2025-34057 (An information disclosure vulnerability exists in Ruijie NBR
series ro ...)
TODO: check
CVE-2025-2330 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for
WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27026 (A missing double-check feature in the WebGUI for CLI
deactivation in I ...)
TODO: check
CVE-2025-27025 (The target device exposes a service on a specific TCP port
with a conf ...)
@@ -97,19 +97,19 @@ CVE-2025-27022 (A path traversal vulnerability of the
WebGUI HTTP endpoint in In
CVE-2025-27021 (The misconfiguration in the sudoers configuration of the
operating sys ...)
TODO: check
CVE-2025-24335 (Nokia Single RAN baseband software versions earlier than
24R1-SR 2.1 M ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-24334 (The Nokia Single RAN baseband software earlier than 23R2-SR
1.0 MP can ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-24333 (Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP
contain ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-24332 (Nokia Single RAN AirScale baseband allows an authenticated
administrat ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-24331 (The Single RAN baseband OAM service is intended to run as an
unprivile ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-24330 (Sending a crafted SOAP "provision" operation message PlanId
field with ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-24329 (Sending a crafted SOAP "provision" operation message archive
field wit ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-20310 (A vulnerability in the web UI of Cisco Enterprise Chat and
Email (ECE) ...)
TODO: check
CVE-2025-20309 (A vulnerability in Cisco Unified Communications Manager
(Unified CM) a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38cfbc0085ea1674ab8921c1a98568a9ac1cf2ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38cfbc0085ea1674ab8921c1a98568a9ac1cf2ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
