Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c277cefd by security tracker role at 2025-10-10T20:13:42+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,17 +3,17 @@ CVE-2025-8887 (Authorization Bypass Through User-Controlled
Key, Missing Authori
CVE-2025-8886 (Incorrect Permission Assignment for Critical Resource, Exposure
of Sen ...)
TODO: check
CVE-2025-7781 (The WP JobHunt plugin for WordPress, used by the JobCareer
theme, is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7374 (The WP JobHunt plugin for WordPress, used by the JobCareer
theme, is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-62245 (Cross-site request forgery (CSRF) vulnerability in Liferay
Portal 7.4. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62239 (Cross-site scripting (XSS) vulnerability in workflow process
builder i ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62238 (Stored cross-site scripting (XSS) vulnerability on the
Membership page ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62237 (Stored cross-site scripting (XSS) vulnerability in
Commerce\u2019s vie ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-61929 (Cherry Studio is a desktop client that supports for multiple
LLM provi ...)
TODO: check
CVE-2025-61927 (Happy DOM is a JavaScript implementation of a web browser
without its ...)
@@ -65,13 +65,13 @@ CVE-2025-60838 (An arbitrary file upload vulnerability in
MCMS v6.0.1 allows att
CVE-2025-60378 (Stored HTML injection in RISE Ultimate Project Manager & CRM
allows au ...)
TODO: check
CVE-2025-60308 (code-projects Simple Online Hotel Reservation System 1.0 has a
Cross S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-60307 (code-projects Computer Laboratory System 1.0 has a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-60306 (code-projects Simple Car Rental System 1.0 has a permission
bypass iss ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-60305 (SourceCodester Online Student Clearance System 1.0 is
vulnerable to In ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-60269 (JEEWMS 20250820 is vulnerable to SQL Injection in the
exportXls functi ...)
TODO: check
CVE-2025-60268 (An arbitrary file upload vulnerability exists in JeeWMS
20250820, whic ...)
@@ -81,21 +81,21 @@ CVE-2025-59530 (quic-go is an implementation of the QUIC
protocol in Go. In vers
CVE-2025-55903 (A HTML injection vulnerability exists in Perfex CRM v3.3.1.
The applic ...)
TODO: check
CVE-2025-52655 (Inclusion of Functionality from Untrusted Control Sphere
vulnerability ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52650 (Inline script execution allowed in CSP vulnerability has been
identifi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52635 (A rusted types in scripts not enforced in CSP vulnerability
has been ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52634 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52632 (A Missing Secure Attribute in Encrypted Session (SSL) Cookie
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52630 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52625 (A vulnerability Cacheable SSL Page Found vulnerability has
been ident ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52624 (A vulnerabilityBypass of the script allowlist configuration in
HCL AIO ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-48043 (Incorrect Authorization vulnerability in ash-project ash
allows Authen ...)
TODO: check
CVE-2025-41089 (Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from
Xibo Sign ...)
@@ -107,7 +107,7 @@ CVE-2025-40640 (Stored Cross-Site Scripting (XSS)
vulnerability in Energy CRM v2
CVE-2025-37727 (Insertion of sensitive information in log file in
Elasticsearch can le ...)
TODO: check
CVE-2025-30001 (Incorrect Execution-Assigned Permissions vulnerability in
Apache Strea ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-25018 (Improper Neutralization of Input During Web Page Generation in
Kibana ...)
TODO: check
CVE-2025-25017 (Improper Neutralization of Input During Web Page Generation in
Kibana ...)
@@ -119,11 +119,11 @@ CVE-2025-23282 (NVIDIA Display Driver for Linux contains
a vulnerability where a
CVE-2025-23280 (NVIDIA Display Driver for Linux contains a vulnerability where
an atta ...)
TODO: check
CVE-2025-11618 (A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6
packet proc ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-11617 (A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet
processi ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-11616 (A missing validation check in FreeRTOS-Plus-TCP's ICMPv6
packet proces ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-11581 (A security vulnerability has been detected in PowerJob up to
5.1.2. Th ...)
TODO: check
CVE-2025-11580 (A weakness has been identified in PowerJob up to 5.1.2. This
affects t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c277cefda6ced9bb646f53ec15233cdbde515417
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c277cefda6ced9bb646f53ec15233cdbde515417
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
