Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
201f6aa0 by security tracker role at 2025-10-01T20:29:08+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-9512 (The Schema & Structured Data for WP & AMP WordPress plugin
before 1.50 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9075 (The ZoloBlocks plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8679 (In ExtremeGuest Essentials before 25.5.0, captive-portal may
permit un ...)
TODO: check
CVE-2025-61792 (Quadient DS-700 iQ devices through 2025-09-30 might have a
race condit ...)
@@ -33,9 +33,9 @@ CVE-2025-61189 (Jeecgboot versions 3.8.2 and earlier are
affected by a path trav
CVE-2025-61188 (Jeecgboot versions 3.8.2 and earlier are affected by a path
traversal ...)
TODO: check
CVE-2025-61045 (TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain
a comma ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-61044 (TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain
a comma ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60991 (A reflected cross-site scripted (XSS) vulnerability in Codazon
Magento ...)
TODO: check
CVE-2025-59687 (IMPAQTR Aurora before 1.36 allows Insecure Direct Object
Reference att ...)
@@ -55,9 +55,9 @@ CVE-2025-59147 (Suricata is a network IDS, IPS and NSM engine
developed by the O
CVE-2025-58769 (auth0-PHP is an SDK for Auth0 Authentication and Management
APIs. In v ...)
TODO: check
CVE-2025-58055 (Discourse is an open-source community discussion platform. In
versions ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-58054 (Discourse is an open-source community discussion platform.
Versions 3. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-57444 (An authenticated cross-site scripting (XSS) vulnerability in
the Admin ...)
TODO: check
CVE-2025-57393 (A stored cross-site scripting (XSS) in Kissflow Work Platform
Kissflow ...)
@@ -71,7 +71,7 @@ CVE-2025-56515 (File upload vulnerability in Fiora chat
application 1.0.0 throug
CVE-2025-56514 (Cross Site Scripting (XSS) vulnerability in Fiora chat
application 1.0 ...)
TODO: check
CVE-2025-55191 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2025-52042 (In Frappe ERPNext 15.57.5, the function
get_rfq_containing_supplier() ...)
TODO: check
CVE-2025-52041 (In Frappe ERPNext 15.57.5, the function
get_stock_balance_for() at erp ...)
@@ -83,11 +83,11 @@ CVE-2025-52039 (In Frappe ERPNext 15.57.5, the function
get_material_requests_ba
CVE-2025-46205 (A heap-use-after free in the PdfTokenizer::ReadDictionary
function of ...)
TODO: check
CVE-2025-43826 (Stored cross-site scripting (XSS) vulnerabilities in Web
Content trans ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43718 (Poppler 24.06.1 through 25.x before 25.04.0 allows stack
consumption a ...)
TODO: check
CVE-2025-41421 (Improper handling of symbolic links in the TeamViewer Full
Client and ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-40648 (Stored Cross-Site Scripting (XSS) vulnerability in Issabel
v5.0.0, con ...)
TODO: check
CVE-2025-40647 (Stored Cross-Site Scripting (XSS) vulnerability in Issabel
v5.0.0, con ...)
@@ -99,19 +99,19 @@ CVE-2025-28357 (A CRLF injection vulnerability in Neto CMS
v6.313.0 through v6.3
CVE-2025-24525 (Keysight Ixia Vision has an issue with hardcoded cryptographic
materia ...)
TODO: check
CVE-2025-20371 (In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and
9.2.8, an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20370 (In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and
9.2.8, a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20369 (In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8,
and Splun ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20368 (In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8,
and Splun ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20367 (In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8,
and Splunk ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20366 (In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8,
and Splun ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20361 (A vulnerability in the web-based management interface of Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20357 (A vulnerability in the web-based management interface of Cisco
Cyber V ...)
TODO: check
CVE-2025-20356 (A vulnerability in the web-based management interface of Cisco
Cyber V ...)
@@ -121,13 +121,13 @@ CVE-2025-11233 (Starting from Rust 1.87.0 and before Rust
1.89.0, the tier 3 Cyg
CVE-2025-11226 (ACE vulnerability in conditional configuration file processing
by QOS ...)
TODO: check
CVE-2025-10847 (DX Unified Infrastructure Management (Nimsoft/UIM) and below
contains ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2025-10744 (The File Manager, Code Editor, and Backup by Managefy plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10735 (The Block For Mailchimp \u2013 Easy Mailchimp Form Integration
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10578 (A potential security vulnerability has been identified in the
HP Suppo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-10538 (An authentication bypass vulnerability exists in LG Innotek
camera mod ...)
TODO: check
CVE-2024-57494 (Cross Site Scripting vulnerability in Neto E-Commerce CMS
v.6.313.0 th ...)
@@ -223,13 +223,13 @@ CVE-2023-53489 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2023-53488 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
TODO: check
CVE-2023-50301 (IBM Transformation Extender Advanced 10.0.1 stores potentially
sensiti ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-50300 (IBM Transformation Extender Advanced 10.0.1 could allow a
local us ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-49883 (IBM Transformation Extender Advanced 10.0.1 does not
require tha ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-49881 (IBM Transformation Extender Advanced 10.0.1 does not
invalidate sess ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-50469 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
TODO: check
CVE-2022-50468 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
@@ -283,7 +283,7 @@ CVE-2022-50445 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2021-4460 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
TODO: check
CVE-2020-36852 (The Custom Searchable Data Entry System plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11219
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/201f6aa01b388fc5cef8f0638f677936e6862b79
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/201f6aa01b388fc5cef8f0638f677936e6862b79
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
