Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ab96ceb9 by Salvatore Bonaccorso at 2025-08-08T22:37:51+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,41 +29,41 @@ CVE-2025-8731 (A vulnerability was found in TRENDnet
TI-G160i, TI-PG102i and TPL
CVE-2025-8730 (A vulnerability was found in Belkin F9K1009 and F9K1010
2.00.04/2.00.0 ...)
NOT-FOR-US: Belkin
CVE-2025-8729 (A vulnerability has been found in MigoXLab LMeterX 1.2.0 and
classifie ...)
- TODO: check
+ NOT-FOR-US: MigoXLab LMeterX
CVE-2025-8393 (A TLS vulnerability exists in the phone application used to
manage a ...)
- TODO: check
+ NOT-FOR-US: Dreame Technology
CVE-2025-8356 (In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a
Path T ...)
NOT-FOR-US: Xerox
CVE-2025-8355 (In Xerox FreeFlow Core version 8.0.4, improper handling of XML
input a ...)
NOT-FOR-US: Xerox
CVE-2025-8284 (By default, the Packet Power Monitoring and Control Web
Interface do n ...)
- TODO: check
+ NOT-FOR-US: Packet Power
CVE-2025-8088 (A path traversal vulnerability affecting the Windows version of
WinRAR ...)
TODO: check
CVE-2025-5095 (Burk Technology ARC Solo's password change mechanism can be
utilized w ...)
- TODO: check
+ NOT-FOR-US: Burk Technology
CVE-2025-53606 (Deserialization of Untrusted Data vulnerability in Apache
Seata (incub ...)
- TODO: check
+ NOT-FOR-US: Apache Seata
CVE-2025-53520 (The affected product allows firmware updates to be downloaded
from EG4 ...)
- TODO: check
+ NOT-FOR-US: EG4
CVE-2025-52914 (A vulnerability in the Suite Applications Services component
of Mitel ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2025-52913 (A vulnerability in the NuPoint Unified Messaging (NPM)
component of Mi ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2025-52586 (The MOD3 command traffic between the monitoring application
and the i ...)
- TODO: check
+ NOT-FOR-US: EG4
CVE-2025-50928 (Easy Hosting Control Panel EHCP v20.04.1.b was discovered to
contain a ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel EHCP
CVE-2025-50927 (A reflected cross-site scripting (XSS) vulnerability in the
List All F ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel EHCP
CVE-2025-50468 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An
attacker can e ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2025-50467 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An
attacker can e ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2025-50466 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An
attacker can e ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2025-50465 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An
attacker can e ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2025-4796 (The Eventin plugin for WordPress is vulnerable to privilege
escalation ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4576 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
@@ -71,41 +71,41 @@ CVE-2025-4576 (A reflected cross-site scripting (XSS)
vulnerability in the Lifer
CVE-2025-48913 (If untrusted users are allowed to configure JMS for Apache
CXF, previo ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-47872 (The public-facing product registration endpoint server
responds diffe ...)
- TODO: check
+ NOT-FOR-US: EG4
CVE-2025-46414 (The affected product does not limit the number of attempts for
inputti ...)
- TODO: check
+ NOT-FOR-US: EG4
CVE-2025-36119 (IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated
user obta ...)
NOT-FOR-US: IBM
CVE-2025-36023 (IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0
IF005 and ...)
NOT-FOR-US: IBM
CVE-2012-10053 (Simple Web Server 2.2 rc2 contains a stack-based buffer
overflow vulne ...)
- TODO: check
+ NOT-FOR-US: Simple Web Server
CVE-2012-10052 (EGallery version 1.2 contains an unauthenticated arbitrary
file upload ...)
- TODO: check
+ NOT-FOR-US: EGallery
CVE-2012-10051 (Photodex ProShow Producer version 5.0.3256 contains a
stack-based buff ...)
- TODO: check
+ NOT-FOR-US: Photodex ProShow Producer
CVE-2012-10050 (CuteFlow version 2.11.2 and earlier contains an arbitrary file
upload ...)
TODO: check
CVE-2012-10049 (WebPageTest version 2.6 and earlier contains an arbitrary file
upload ...)
- TODO: check
+ NOT-FOR-US: WebPageTest
CVE-2012-10048 (Zenoss Core 3.x contains a command injection vulnerability in
the show ...)
TODO: check
CVE-2012-10047 (Cyclope Employee Surveillance Solution versions 6.x is
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Cyclope Employee Surveillance Solution
CVE-2012-10046 (The E-Mail Security Virtual Appliance (ESVA) (tested on
version ESVA_2 ...)
- TODO: check
+ NOT-FOR-US: E-Mail Security Virtual Appliance (ESVA)
CVE-2012-10045 (XODA version 0.4.5 contains an unauthenticated file upload
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: XODA
CVE-2012-10044 (MobileCartly version 1.0 contains an arbitrary file creation
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: MobileCartly
CVE-2012-10043 (A stack-based buffer overflow vulnerability exists in ActFax
Server ve ...)
- TODO: check
+ NOT-FOR-US: ActFax Server
CVE-2012-10042 (Sflog! CMS 1.0 contains an authenticated arbitrary file upload
vulnera ...)
- TODO: check
+ NOT-FOR-US: Sflog! CMS
CVE-2012-10041 (WAN Emulator v2.3 contains two unauthenticated command
execution vulne ...)
- TODO: check
+ NOT-FOR-US: WAN Emulator
CVE-2012-10036 (Project Pier 0.8.8 and earlier contains an unauthenticated
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Project Pier
CVE-2010-10013 (An unauthenticated remote command execution vulnerability
exists in Aj ...)
TODO: check
CVE-2025-8708 (A vulnerability was found in Antabot White-Jotter 0.22. It has
been de ...)
@@ -446690,7 +446690,7 @@ CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows
Unauthenticated SMB Hash Captur
CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and
Directory E ...)
NOT-FOR-US: Aquaforest TIFF Server
CVE-2020-9322 (The /users endpoint in Statamic Core before 2.11.8 allows XSS
to add a ...)
- TODO: check
+ NOT-FOR-US: Statamic
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and
TraefikEE 2.0. ...)
- traefik <itp> (bug #983289)
CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass
via a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab96ceb928ca8da9d5c0fbf30575e5516478304b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab96ceb928ca8da9d5c0fbf30575e5516478304b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
