Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c466c2f by security tracker role at 2025-10-27T20:14:51+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2025-9164 (Docker Desktop Installer.exe is vulnerable to DLL hijacking due
to ins ...)
- TODO: check
+ NOT-FOR-US: Docker products not packaged in Debian
CVE-2025-8432 (Incorrect Default Permissions vulnerability in Centreon Infra
Monitori ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2025-62516 (Landlord Onboarding & Rental Signup introduces the landlord
onboarding ...)
TODO: check
CVE-2025-62263 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay
Portal ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62253 (Open redirect vulnerability in page administration in Liferay
Portal 7 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-61795 (Improper Resource Shutdown or Release vulnerability in Apache
Tomcat. ...)
TODO: check
CVE-2025-61482 (Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH
privacyID ...)
TODO: check
CVE-2025-61481 (An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18
allows a re ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2025-61385 (SQL injection vulnerability in tlocke pg8000 1.31.4 allows
remote atta ...)
TODO: check
CVE-2025-61247 (indieka900 online-shopping-system-php 1.0 is vulnerable to SQL
Injecti ...)
@@ -41,15 +41,15 @@ CVE-2025-60424 (A lack of rate limiting in the OTP
verification component of Nag
CVE-2025-60291 (An issue was discovered in eTimeTrackLite Web thru 12.0
(20250704). Th ...)
TODO: check
CVE-2025-59463 (An attacker may cause chunk-size mismatches that block file
transfers ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-59462 (An attacker who tampers with the C++ CLI client may crash the
UpdateSe ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-59461 (A remote unauthenticated attacker may use the unauthenticated
C++ API ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-59460 (The system is deployed in its default state, with
configuration settin ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-59459 (An attacker that gains SSH access to an unprivileged account
may be ab ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-59151 (Pi-hole Admin Interface is a web interface for managing
Pi-hole, a net ...)
TODO: check
CVE-2025-58356 (Constellation is the first Confidential Kubernetes. The
Constellation ...)
@@ -79,11 +79,11 @@ CVE-2025-52263 (An issue in the Web Configuration module of
Startcharge Artemis
CVE-2025-50055 (Cross-site scripting (XSS) vulnerability in the SAML
Authentication mo ...)
TODO: check
CVE-2025-46602 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.0,
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46583 (There is a Denial of Service\uff08DoS\uff09vulnerability in
the ZTE MC ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-46582 (A private key disclosure vulnerability exists in ZTE's ZXMP
M721 produ ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2025-41384 (Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM
v7.14.1 ...)
TODO: check
CVE-2025-41068 (Reachable Assertion vulnerability in Open5GS up to version
2.7.5 allow ...)
@@ -93,13 +93,13 @@ CVE-2025-41067 (Reachable Assertion vulnerability in
Open5GS up to version 2.7.5
CVE-2025-41009 (SQL injection vulnerability in the DRED virtual campus
platform. This ...)
TODO: check
CVE-2025-36170 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent
Fix 02 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36138 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent
Fix 02 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36121 (IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A
remotely ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36007 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent
Fix 02 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34292 (Rox, the software running BeWelcome,contains a PHP object
injection vu ...)
TODO: check
CVE-2025-34133 (Wimi Teamwork versions prior to 7.38.17 contains a cross-site
request ...)
@@ -117,55 +117,55 @@ CVE-2025-27222 (TRUfusion Enterprise through 7.10.4.0
uses the /trufusionPortal/
CVE-2025-26862 (Unexpected authentication form rendering in HTML Form Adapter
using on ...)
TODO: check
CVE-2025-12365 (Error Messages Wrapped In HTTP Header.This issue affects
BLU-IC2: thro ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12364 (Weak Password Policy.This issue affects BLU-IC2: through
1.19.5; BLU-I ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12363 (Email Password Disclosure.This issue affects BLU-IC2: through
1.19.5; ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12351 (Honeywell S35 Series Cameras contains an authorization bypass
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-12312 (A flaw has been found in PHPGurukul Curfew e-Pass Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-12311 (A vulnerability was detected in PHPGurukul Curfew e-Pass
Management Sy ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-12310 (A security vulnerability has been detected in VirtFusion up to
6.0.2. ...)
TODO: check
CVE-2025-12309 (A weakness has been identified in code-projects Nero Social
Networking ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12308 (A security flaw has been discovered in code-projects Nero
Social Netwo ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12307 (A vulnerability was identified in code-projects Nero Social
Networking ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12306 (A vulnerability was determined in code-projects Nero Social
Networking ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12305 (A vulnerability was found in quequnlong shiyi-blog up to
1.2.1. This i ...)
TODO: check
CVE-2025-12304 (A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS
up to f ...)
TODO: check
CVE-2025-12303 (A flaw has been found in PHPGurukul Curfew e-Pass Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-12302 (A vulnerability was detected in code-projects Simple Food
Ordering Sys ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12301 (A security vulnerability has been detected in code-projects
Simple Foo ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12300 (A weakness has been identified in code-projects Simple Food
Ordering S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12299 (A security flaw has been discovered in code-projects Simple
Food Order ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12298 (A vulnerability was identified in code-projects Simple Food
Ordering S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12297 (A vulnerability was detected in atjiu pybbs up to 6.0.0. This
affects ...)
TODO: check
CVE-2025-12296 (A security vulnerability has been detected in D-Link DAP-2695
2.00RC13 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-12295 (A weakness has been identified in D-Link DAP-2695 2.00RC13.
The affect ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-12294 (A security flaw has been discovered in SourceCodester Point of
Sales 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-12293 (A vulnerability was identified in SourceCodester Point of
Sales 1.0. T ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-12292 (A vulnerability was determined in SourceCodester Point of
Sales 1.0. T ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-12291 (A vulnerability was found in ashymuzuro Full-Ecommece-Website
and Muzu ...)
TODO: check
CVE-2025-12290 (A vulnerability has been found in Sui Shang Information
Technology Sui ...)
@@ -179,27 +179,27 @@ CVE-2025-12287 (A security vulnerability has been
detected in Bdtask Wholesale I
CVE-2025-12286 (A weakness has been identified in VeePN up to 1.6.2. This
affects an u ...)
TODO: check
CVE-2025-12283 (A security flaw has been discovered in code-projects Client
Details Sy ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12282 (A vulnerability was identified in code-projects Client Details
System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12281 (A vulnerability was determined in code-projects Client Details
System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12280 (A vulnerability was found in code-projects Client Details
System 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12279 (A vulnerability has been found in code-projects Client Details
System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12277 (A flaw has been found in Abdullah-Hasan-Sajjad Online-School
up to f09 ...)
TODO: check
CVE-2025-12276 (A vulnerability was detected in LearnHouse up to
98dfad76aad70711a8113 ...)
TODO: check
CVE-2025-12274 (A security vulnerability has been detected in Tenda CH22
1.0.0.1. Affe ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-12273 (A weakness has been identified in Tenda CH22 1.0.0.1. Affected
is the ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-12272 (A security flaw has been discovered in Tenda CH22 1.0.0.1.
This impact ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-12271 (A vulnerability was identified in Tenda CH22 1.0.0.1. This
affects the ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-12270 (A vulnerability was determined in LearnHouse up to
98dfad76aad70711a81 ...)
TODO: check
CVE-2025-12269 (A vulnerability was found in LearnHouse up to
98dfad76aad70711a8113f6c ...)
@@ -211,33 +211,33 @@ CVE-2025-12267 (A flaw has been found in abhicodebox
ModernShop 20250922. This i
CVE-2025-12266 (A vulnerability was detected in Zytec Dalian Zhuoyun
Technology Centra ...)
TODO: check
CVE-2025-12265 (A weakness has been identified in Tenda CH22 1.0.0.1. Affected
by this ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-12264 (A security flaw has been discovered in Wisencode up to
20251012. Affec ...)
TODO: check
CVE-2025-12263 (A vulnerability was identified in code-projects Online Event
Judging S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12262 (A vulnerability was determined in code-projects Online Event
Judging S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12261 (A vulnerability was found in CodeAstro Gym Management System
1.0. This ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-12260 (A vulnerability has been found in TOTOLINK A3300R
17.0.0cu.557_B202210 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-12259 (A flaw has been found in TOTOLINK A3300R
17.0.0cu.557_B20221024. The a ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-12258 (A vulnerability was detected in TOTOLINK A3300R
17.0.0cu.557_B20221024 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-12257 (A security vulnerability has been detected in SourceCodester
Online St ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-12256 (A weakness has been identified in code-projects Online Event
Judging S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12255 (A security flaw has been discovered in code-projects Online
Event Judg ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12254 (A vulnerability was identified in code-projects Online Event
Judging S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12253 (A vulnerability was determined in AMTT Hotel Broadband
Operation Syste ...)
TODO: check
CVE-2025-12252 (A vulnerability was found in code-projects Online Event
Judging System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-12251 (A vulnerability has been found in OpenWGA 7.11.12 Build 737.
This impa ...)
TODO: check
CVE-2025-12250 (A flaw has been found in OpenWGA 7.11.12 Build 737. This
affects an un ...)
@@ -253,11 +253,11 @@ CVE-2025-12080 (On Wear OS devices, when Google Messages
is configured as the de
CVE-2025-11955 (Incorrect validation of OCSP certificates vulnerability in
TheGreenBow ...)
TODO: check
CVE-2025-11248 (ZohoCorp ManageEngine Endpoint Central versions prior to
11.4.2528.05 ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-10561 (The device is running an outdated operating system, which may
be susce ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-10023 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2023-49440 (AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the
"preview para ...)
TODO: check
CVE-2023-37749 (Incorrect access control in the REST API endpoint of HubSpot
v1.29441 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c466c2fdba3ec6cfe49a5def53b90fa0fab8202
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c466c2fdba3ec6cfe49a5def53b90fa0fab8202
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
