Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4372ec42 by security tracker role at 2025-10-15T20:13:40+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-9967 (The Orion SMS OTP Verification plugin for WordPress is
vulnerable to p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9548 (A potential null pointer dereference vulnerability was reported
in the ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-8486 (A potential vulnerability was reported in PC Manager that could
allow ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-6026 (An improper certificate validation vulnerability was reported
in the L ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-62410 (In versions before 20.0.2, it was found that
--disallow-code-generatio ...)
TODO: check
CVE-2025-62382 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
@@ -29,55 +29,55 @@ CVE-2025-61990 (When using a multi-bladed platform with
more than one blade, und
CVE-2025-61974 (When a client SSL profile is configured on a virtual server,
undisclos ...)
TODO: check
CVE-2025-61960 (When a per-request policy is configured on a BIG-IP APM portal
access ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61958 (A vulnerability exists in the iHealth command that may allow
an authen ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61955 (A vulnerability exists in F5OS-A and F5OS-C systems that may
allow an ...)
TODO: check
CVE-2025-61951 (Undisclosed traffic can cause the Traffic Management
Microkernel (TMM) ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61938 (When a BIG-IP Advanced WAF or ASM security policy is
configured with a ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61935 (When a BIG IP Advanced WAF or ASM security policy is
configured on a v ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61933 (A reflected cross-site scripting (XSS) vulnerability exists in
an undi ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-60016 (When Diffie-Hellman (DH) group Elliptic Curve Cryptography
(ECC) Brain ...)
TODO: check
CVE-2025-60015 (An out-of-bounds write vulnerability exists in F5OS-A and
F5OS-C that ...)
TODO: check
CVE-2025-60013 (When a user attempts to initialize the rSeries FIPS module
using a pas ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59781 (When DNS cache is configured on a BIG-IP or BIG-IP Next CNF
virtual se ...)
TODO: check
CVE-2025-59778 (When the Allowed IP Addresses feature is configured on the
F5OS-C part ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59483 (A validation vulnerability exists in an undisclosed URL in the
Configu ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59481 (A vulnerability exists in an undisclosed iControl REST and
BIG-IP TMOS ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59478 (When a BIG-IP AFM denial-of-service (DoS) protection profile
is config ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59419 (Netty is an asynchronous, event-driven network application
framework. ...)
TODO: check
CVE-2025-59269 (A stored cross-site scripting (XSS) vulnerability exists in an
undiscl ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59268 (On the BIG-IP system, undisclosed endpoints that contain
static non-se ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-58474 (When BIG-IP Advanced WAF is configured on a virtual server
with Server ...)
TODO: check
CVE-2025-58424 (On BIG-IP systems, undisclosed traffic can cause data
corruption and u ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-58153 (Under undisclosed traffic conditions along with conditions
beyond the ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-58133 (Authentication bypass in some Zoom Rooms Clients before
version 6.5.1 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-58132 (Command injection in some Zoom Clients for Windows may allow
an authen ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-58120 (When HTTP/2 Ingress is configured, undisclosed traffic can
cause the T ...)
TODO: check
CVE-2025-58096 (When the database variable tm.tcpudptxchecksumis configured as
non-def ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-58071 (When IPsec is configured on the BIG-IP system, undisclosed
traffic can ...)
TODO: check
CVE-2025-57780 (A vulnerability exists in F5OS-A and F5OS-C system that may
allow an a ...)
@@ -91,7 +91,7 @@ CVE-2025-56746 (Creativeitem Academy LMS up to and including
5.13 does not regen
CVE-2025-55670 (On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for
Kubernetes sy ...)
TODO: check
CVE-2025-55669 (When the BIG-IP Advanced WAF and ASM security policy and a
server-side ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-55083 (In NetX Duo version before 6.4.4, the component of Eclipse
Foundation ...)
TODO: check
CVE-2025-55082 (In NetX Duo version before 6.4.4, the component of Eclipse
Foundation ...)
@@ -99,41 +99,41 @@ CVE-2025-55082 (In NetX Duo version before 6.4.4, the
component of Eclipse Found
CVE-2025-55081 (In Eclipse Foundation NextX Duo before 6.4.4, a module of
ThreadX, the ...)
TODO: check
CVE-2025-55036 (When BIG-IP SSL Orchestrator explicit forward proxy is
configured on a ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-54858 (When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is
configured ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-54854 (When a BIG-IP APM OAuth access profile (Resource Server or
Resource Cl ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-54805 (When an iRule is configured on a virtual server via the
declarative AP ...)
TODO: check
CVE-2025-54755 (A directory traversal vulnerability exists in TMUI that allows
an auth ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-54479 (When a classification profile is configured on a virtual
server withou ...)
TODO: check
CVE-2025-54271 (Creative Cloud Desktop versions 6.7.0.278 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-53868 (When running in Appliance mode, a highly privileged
authenticated atta ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-53860 (A vulnerability exists in F5OS-A software that allows a highly
privile ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-53856 (When a virtual server, network address translation (NAT)
object, or se ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-53521 (When a BIG-IP APM Access Policy is configured on a virtual
server, und ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-53474 (When an iRule using an ILX::callcommand is configured on a
virtual ser ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-48008 (When a TCP profile with Multipath TCP (MPTCP) enabled is
configured on ...)
TODO: check
CVE-2025-47150 (When SNMP is configured on F5OS Appliance and Chassis systems,
undiscl ...)
TODO: check
CVE-2025-47148 (When the BIG-IP system is configured as both a Security
Assertion Mark ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-46706 (When an iRule containing the HTTP::respond command is
configured on a ...)
TODO: check
CVE-2025-41430 (When BIG-IP SSL Orchestrator is enabled, undisclosed traffic
can cause ...)
TODO: check
CVE-2025-2529 (Applications using affected versions of Ehcache 3.x can
experience deg ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-20360 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
TODO: check
CVE-2025-20359 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
@@ -147,93 +147,93 @@ CVE-2025-20329 (A vulnerability in the logging component
of Cisco TelePresence C
CVE-2025-11832 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
TODO: check
CVE-2025-11728 (The Oceanpayment CreditCard Gateway plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11722 (The Woocommerce Category and Products Accordion Panel plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11701 (The Zip Attachments plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11692 (The Zip Attachments plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11619 (Improper certificate validation when connecting to gateways in
Devolut ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-11568 (A data corruption vulnerability has been identified in the
luksmeta ut ...)
TODO: check
CVE-2025-11365 (The WP Google Map Plugin plugin for WordPress is vulnerable to
blind S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11196 (The External Login plugin for WordPress is vulnerable to
sensitive inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11177 (The External Login plugin for WordPress is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10869 (Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This
vulnera ...)
TODO: check
CVE-2025-10754 (The DocoDoco Store Locator plugin for WordPress is vulnerable
to arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10743 (The Outdoor plugin for WordPress is vulnerable to SQL
Injection via th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10730 (The Wp tabber widget plugin for WordPress is vulnerable to SQL
Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10699 (A vulnerability was reported in the Lenovo LeCloud client
application ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-10682 (The TARIFFUXX plugin for WordPress is vulnerable to SQL
Injection in v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10660 (The WP Dashboard Chat plugin for WordPress is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10648 (The YourMembership Single Sign On \u2013 YM SSO Login plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10581 (A potential DLL hijacking vulnerability was discovered in the
Lenovo P ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-10577 (Potential vulnerabilities have been identified in the audio
package fo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-10576 (Potential vulnerabilities have been identified in the audio
package fo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-10575 (The WP jQuery Pager plugin for WordPress is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10486 (The Content Writer plugin for WordPress is vulnerable to
Sensitive Inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10313 (The Find And Replace content for WordPress plugin for
WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10312 (The Theme Importer plugin for WordPress is vulnerable to
Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10310 (The Rich Snippet Site Report plugin for WordPress is
vulnerable to SQ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10303 (The Library Management System plugin for WordPress is
vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10301 (The FunKItools plugin for WordPress is vulnerable to
Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10300 (The TopBar plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10299 (The WPBifr\xf6st \u2013 Instant Passwordless Temporary Login
Links plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10294 (The OwnID Passwordless Login plugin for WordPress is
vulnerable to Aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10293 (The Keyy Two Factor Authentication (like Clef) plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10194 (The Shortcode Button plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10186 (The WhyDonate \u2013 FREE Donate button \u2013 Crowdfunding
\u2013 Fun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10141 (The Digiseller plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10140 (The Quick Social Login plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10139 (The WP BookWidgets plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10135 (The WP ViewSTL plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10133 (The URLYar URL Shortner plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10132 (The Dhivehi Text plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10056 (The Task Scheduler plugin for WordPress is vulnerable to
Server-Side R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10051 (The Demo Import Kit plugin for WordPress is vulnerable to
arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10045 (The onOffice for WP-Websites plugin for WordPress is
vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10041 (The Flex QR Code Generator plugin for WordPress is vulnerable
to arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10038 (The Binary MLM Plan plugin for WordPress is vulnerable to
limited Priv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9640 (A flaw was found in Samba, in the vfs_streams_xattr module,
where unin ...)
- samba 2:4.23.2+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2025-9640.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4372ec42d0ee0f116f598a070f01d95d04c112b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4372ec42d0ee0f116f598a070f01d95d04c112b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
