Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c7b7d3f by security tracker role at 2025-08-20T20:16:01+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-9246 (A flaw has been found in Linksys RE6250, RE6300, RE6350,
RE6500, RE700 ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-9245 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350,
RE6500 ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-9244 (A security vulnerability has been detected in Linksys RE6250,
RE6300, ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-9241 (A weakness has been identified in elunez eladmin up to 2.7.
This affec ...)
TODO: check
CVE-2025-9240 (A security flaw has been discovered in elunez eladmin up to
2.7. Affec ...)
@@ -15,7 +15,7 @@ CVE-2025-9238 (A vulnerability was determined in Swatadru
Exam-Seating-Arrangeme
CVE-2025-9237 (A vulnerability was found in CodeAstro Ecommerce Website 1.0.
This imp ...)
TODO: check
CVE-2025-9236 (A vulnerability has been found in Portabilis i-Diario up to
2.10. This ...)
- TODO: check
+ NOT-FOR-US: Portabilis
CVE-2025-9235 (A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted
element ...)
TODO: check
CVE-2025-9234 (A vulnerability was detected in Scada-LTS up to 2.7.8.1. The
affected ...)
@@ -29,7 +29,7 @@ CVE-2025-9228 (MiR software versions prior to version 3.0.0
have insufficient au
CVE-2025-9173 (A weakness has been identified in Emlog Pro up to 2.5.18. This
issue a ...)
TODO: check
CVE-2025-9074 (A vulnerability was identified in Docker Desktop that allows
local run ...)
- TODO: check
+ NOT-FOR-US: Docker products not packaged in Debian
CVE-2025-8612 (AOMEI Backupper Workstation Link Following Local Privilege
Escalation ...)
TODO: check
CVE-2025-8611 (AOMEI Cyber Backup Missing Authentication for Critical Function
Remote ...)
@@ -37,17 +37,17 @@ CVE-2025-8611 (AOMEI Cyber Backup Missing Authentication
for Critical Function R
CVE-2025-8610 (AOMEI Cyber Backup Missing Authentication for Critical Function
Remote ...)
TODO: check
CVE-2025-8453 (CWE-269: Improper Privilege Management vulnerability exists
that could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-8449 (CWE-400: Uncontrolled Resource Consumption vulnerability exists
that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-8448 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor vu ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-8415 (A vulnerability was found in the Cryostat HTTP API. Cryostat's
HTTP AP ...)
TODO: check
CVE-2025-8309 (There is an improper privilege management vulnerability
identified in ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-8102 (The Easy Digital Downloads plugin for WordPress is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6183 (The StrongDM macOS client incorrectly processed JSON-formatted
message ...)
TODO: check
CVE-2025-6182 (The StrongDM Windows service incorrectly handled communication
related ...)
@@ -63,13 +63,13 @@ CVE-2025-5260 (Server-Side Request Forgery (SSRF)
vulnerability in Pik Online Ya
CVE-2025-5115 (In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25,
<=12.0.21, ...)
TODO: check
CVE-2025-57734 (In JetBrains TeamCity before 2025.07.1 aWS credentials were
exposed in ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-57733 (In JetBrains TeamCity before 2025.07.1 sMTP injection was
possible all ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-57732 (In JetBrains TeamCity before 2025.07.1 privilege escalation
was possib ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-57731 (In JetBrains YouTrack before 2025.2.92387 stored XSS was
possible via ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-57730 (In JetBrains IntelliJ IDEA before 2025.2 hTML injection was
possible v ...)
TODO: check
CVE-2025-57729 (In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin
startup was ...)
@@ -81,33 +81,33 @@ CVE-2025-57727 (In JetBrains IntelliJ IDEA before 2025.2
credentials disclosure
CVE-2025-55751 (OnboardLite is the result of the Influx Initiative, our vision
for an ...)
TODO: check
CVE-2025-55746 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2025-55732 (Frappe is a full-stack web application framework. Prior to
15.74.2 and ...)
TODO: check
CVE-2025-55731 (Frappe is a full-stack web application framework. A carefully
crafted ...)
TODO: check
CVE-2025-55503 (Tenda AC6 V15.03.06.23_multi has a stack overflow
vulnerability via th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-55499 (Tenda AC6 V15.03.06.23_multi was discovered to contain a
buffer overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-55498 (Tenda AC6 V15.03.06.23_multi was discovered to contain a
buffer overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-55483 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow
in the f ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-55482 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow
in the f ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-55444 (A SQL injection vulnerability exists in the id2 parameter of
the cance ...)
TODO: check
CVE-2025-54927 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-54926 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-54925 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-54924 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-54923 (CWE-502: Deserialization of Untrusted Data vulnerability
exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-54175 (QuickCMS.EXT is vulnerable to Reflected XSS in
sFileNameparameter in t ...)
TODO: check
CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in
article creati ...)
@@ -115,9 +115,9 @@ CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site
Request Forgery in article
CVE-2025-54172 (QuickCMS is vulnerable to Stored XSS in sTitleparameter in
page editor ...)
TODO: check
CVE-2025-51991 (XWiki through version 17.3.0 is vulnerable to Server-Side
Template Inj ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-51990 (XWiki through version 17.3.0 is affected by multiple stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-50904 (There is an authentication bypass vulnerability in WinterChenS
my-site ...)
TODO: check
CVE-2025-50902 (Cross Site Request Forgery (CSRF) vulnerability in old-peanut
Open-Sho ...)
@@ -129,61 +129,61 @@ CVE-2025-50864 (An Origin Validation Error in the
elysia-cors library thru 1.3.0
CVE-2025-50503 (A vulnerability in the password reset workflow of the Touch
Lebanon Mo ...)
TODO: check
CVE-2025-47054 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46998 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46962 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46936 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46932 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46856 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46852 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46849 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43757 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43750 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0 thro ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43749 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP
2025.Q1.0 thro ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43748 (Insufficient CSRF protection for omni-administrator users in
Liferay P ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43746 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43742 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43741 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-36114 (IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a
remote at ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32010 (A stack-based buffer overflow vulnerability exists in the
Cloud API fu ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-31355 (A firmware update vulnerability exists in the Firmware
Signature Valid ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-30256 (A denial of service vulnerability exists in the HTTP Header
Parsing fu ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-28041 (Incorrect access control in the doFilter function of
itranswarp up to ...)
TODO: check
CVE-2025-27129 (An authentication bypass vulnerability exists in the HTTP
authenticati ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-24496 (An information disclosure vulnerability exists in the
/goform/getprodu ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-24322 (An unsafe default authentication vulnerability exists in the
Initial S ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-20345 (A vulnerability in the debug logging function of Cisco Duo
Authenticat ...)
TODO: check
CVE-2025-20269 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
TODO: check
CVE-2025-20131 (A vulnerability in the GUI of Cisco Identity Services Engine
(ISE) cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-1142 (IBM Edge Application Manager 4.5 is vulnerable to server-side
request ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-1139 (IBM Edge Application Manager 4.5 could allow a local user to
read or m ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-57491 (Authentication Bypass vulnerability in jobx up to
v1.0.1-RELEASE allow ...)
TODO: check
CVE-2024-57157 (Incorrect access control in Jantent v1.1 allows attackers to
bypass au ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c7b7d3f468c369c04b2a7b433057df162ccafeb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c7b7d3f468c369c04b2a7b433057df162ccafeb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
