Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9492ff1f by Moritz Muehlenhoff at 2025-08-26T11:11:24+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2025-5931 (The Dokan Pro plugin for WordPress is
vulnerable to privilege esc
CVE-2025-57814 (request-filtering-agent is an http(s).Agent implementation
that blocks ...)
TODO: check
CVE-2025-57809 (XGrammar is an open-source library for efficient, flexible,
and portab ...)
- TODO: check
+ NOT-FOR-US: XGrammar
CVE-2025-57805 (The Scratch Channel is a news website. In versions 1 and 1.1,
a POST r ...)
- TODO: check
+ NOT-FOR-US: CVE-2025-57805 (The Scratch Channel
CVE-2025-57804 (h2 is a pure-Python implementation of a HTTP/2 protocol stack.
Prior t ...)
TODO: check
CVE-2025-57704 (Delta Electronics EIP Builder version 1.11 is vulnerable to a
File Par ...)
@@ -83,7 +83,7 @@ CVE-2025-53419 (Delta Electronics COMMGR has Code Injection
vulnerability.)
CVE-2025-53418 (Delta Electronics COMMGR has Stack-based Buffer Overflow
vulnerability ...)
NOT-FOR-US: Delta Electronics
CVE-2025-41702 (The JWT secret key is embedded in the egOS WebGUI backend and
is reada ...)
- TODO: check
+ NOT-FOR-US: egOS WebGUI
CVE-2024-8860 (The Tourfic plugin for WordPress is vulnerable to unauthorized
modific ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9417 (A weakness has been identified in itsourcecode Apartment
Management Sy ...)
@@ -113,7 +113,7 @@ CVE-2025-7426 (Information disclosure and exposure of
authentication FTP credent
CVE-2025-6737 (Securden\u2019s Unified PAM Remote Vendor Gateway access portal
shares ...)
NOT-FOR-US: Securden's Unified PAM Remote Vendor Gateway access portal
CVE-2025-5302 (A denial of service vulnerability exists in the JSONReader
component o ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2025-57811 (Craft is a platform for creating digital experiences. From
versions 4. ...)
NOT-FOR-US: Craft CMS
CVE-2025-57802 (Airlink's Daemon interfaces with Docker and the Panel to
provide secur ...)
@@ -193,16 +193,16 @@ CVE-2025-54481 (A stack-based buffer overflow
vulnerability exists in the MFER p
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE:
https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
CVE-2025-54370 (PhpOffice/PhpSpreadsheet is a pure PHP library for reading and
writing ...)
- TODO: check
+ NOT-FOR-US: PHPOffice
CVE-2025-53510 (A memory corruption vulnerability exists in the PSD Image
Decoding fun ...)
- sail <unfixed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218
CVE-2025-53120 (A path traversal vulnerability in unauthenticated upload
functionality ...)
- TODO: check
+ NOT-FOR-US: Securden Unified PAM
CVE-2025-53119 (An unauthenticated unrestricted file upload vulnerability
allows an at ...)
- TODO: check
+ NOT-FOR-US: Securden Unified PAM
CVE-2025-53118 (An authentication bypass vulnerability exists which allows an
unauthen ...)
- TODO: check
+ NOT-FOR-US: Securden Unified PAM
CVE-2025-53085 (A memory corruption vulnerability exists in the PSD RLE
Decoding funct ...)
- sail <unfixed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219
@@ -213,15 +213,15 @@ CVE-2025-52456 (A memory corruption vulnerability exists
in the WebP Image Decod
- sail <unfixed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224
CVE-2025-52130 (File upload vulnerability in WebErpMesv2 1.17 in the
app/Http/Controll ...)
- TODO: check
+ NOT-FOR-US: WebErpMesv2
CVE-2025-51281 (D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via
the en` ...)
NOT-FOR-US: D-Link
CVE-2025-50900 (An issue was discovered in getrebuild/rebuild 4.0.4. The
affected sour ...)
- TODO: check
+ NOT-FOR-US: getrebuild/rebuild
CVE-2025-50722 (Insecure Permissions vulnerability in sparkshop v.1.1.7 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: sparkshop
CVE-2025-50383 (alextselegidis Easy!Appointments v1.5.1 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: alextselegidis Easy!Appointments
CVE-2025-50129 (A memory corruption vulnerability exists in the PCX Image
Decoding fun ...)
- sail <unfixed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220
@@ -231,11 +231,11 @@ CVE-2025-46407 (A memory corruption vulnerability exists
in the BMPv3 Palette De
- sail <unfixed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215
CVE-2025-45968 (An issue in System PDV v1.0 allows a remote attacker to obtain
sensiti ...)
- TODO: check
+ NOT-FOR-US: System PDV
CVE-2025-44179 (Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: Hitron CGNF-TWN
CVE-2025-44178 (DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper
access ...)
- TODO: check
+ NOT-FOR-US: DASAN GPON ONU H660WM
CVE-2025-43960 (Adminer 4.8.1, when using Monolog for logging, allows a Denial
of Serv ...)
TODO: check
CVE-2025-3478 (A Stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
@@ -249,9 +249,9 @@ CVE-2025-32468 (A memory corruption vulnerability exists in
the BMPv3 Image Deco
- sail <unfixed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216
CVE-2025-29525 (DASAN GPON ONU H660WM OS version H660WMR210825 Hardware
version DS-E5- ...)
- TODO: check
+ NOT-FOR-US: DASAN GPON ONU H660WM
CVE-2025-29524 (Incorrect access control in the component
/cgi-bin/system_diagnostic_m ...)
- TODO: check
+ NOT-FOR-US: DASAN GPON ONU H660WM
CVE-2025-29523 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was
discover ...)
NOT-FOR-US: D-Link
CVE-2025-29522 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was
discover ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9492ff1f6f37703cc54f880a9fbafaabada3f50a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9492ff1f6f37703cc54f880a9fbafaabada3f50a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
