Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d1558b7 by security tracker role at 2025-10-29T20:14:49+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,99 +5,99 @@ CVE-2025-9870 (Razer Synapse 3 RazerPhilipsHueUninstall Link
Following Local Pri
CVE-2025-9869 (Razer Synapse 3 Macro Module Link Following Local Privilege
Escalation ...)
TODO: check
CVE-2025-64291 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64290 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce
Premmerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64288 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce
Premmerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64286 (Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP
Rentals ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64285 (Missing Authorization vulnerability in Premmerce Premmerce
Wholesale P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64284 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64283 (Authorization Bypass Through User-Controlled Key vulnerability
in Rome ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64234 (Missing Authorization vulnerability in Evergreen Content
Poster Evergr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64229 (Missing Authorization vulnerability in BoldGrid Client
Invoicing by Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64228 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64226 (Cross-Site Request Forgery (CSRF) vulnerability in colabrio
Stockie Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64220 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64219 (Missing Authorization vulnerability in Strategy11 Team
Business Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64216 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64212 (Missing Authorization vulnerability in StylemixThemes
MasterStudy LMS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64211 (Missing Authorization vulnerability in StylemixThemes
Masterstudy Elem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64210 (Missing Authorization vulnerability in StylemixThemes
Masterstudy Elem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64208 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64204 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64202 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64201 (Cross-Site Request Forgery (CSRF) vulnerability in blubrry
PowerPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64200 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64199 (Missing Authorization vulnerability in WpEstate wpresidence
wpresidenc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64197 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64195 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64194 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64150 (A missing permission check in Jenkins Publish to Bitbucket
Plugin 0.4 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64149 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Publish t ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64148 (A missing permission check in Jenkins Publish to Bitbucket
Plugin 0.4 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64147 (Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys
display ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64146 (Jenkins Curseforge Publisher Plugin 1.0 stores API Keys
unencrypted in ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64145 (Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API
tokens di ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64144 (Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens
unencrypt ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64143 (Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores
authorizat ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64142 (A missing permission check in Jenkins Nexus Task Runner Plugin
0.9.2 a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64141 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Nexus Tas ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64140 (Jenkins Azure CLI Plugin 0.9 and earlier does not restrict
which comma ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64139 (A missing permission check in Jenkins Start Windocks
Containers Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64138 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Start Win ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64137 (A missing permission check in Jenkins Themis Plugin 1.4.1 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64136 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Themis Pl ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64135 (Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and
earlier se ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64134 (Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated
version ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64133 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Extensibl ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64132 (Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does
not per ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64131 (Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not
implemen ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64104 (LangGraph SQLite Checkpoint is an implementation of LangGraph
Checkpoi ...)
TODO: check
CVE-2025-64103 (Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only
required multi ...)
@@ -109,7 +109,7 @@ CVE-2025-64101 (Zitadel is open-source identity
infrastructure software. Prior t
CVE-2025-64100 (CKAN is an open-source DMS (data management system) for
powering data ...)
TODO: check
CVE-2025-63622 (A vulnerability was found in code-projects Online Complaint
Site 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-62797 (FluxCP is a web-based Control Panel for rAthena servers
written in PHP ...)
TODO: check
CVE-2025-62792 (Wazuh is a free and open source platform used for threat
prevention, d ...)
@@ -147,11 +147,11 @@ CVE-2025-60542 (SQL Injection vulnerability in TypeORM
before 0.3.26 via crafted
CVE-2025-60320 (memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted
service pat ...)
TODO: check
CVE-2025-60075 (Cross-Site Request Forgery (CSRF) vulnerability in Allegro
Marketing h ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58939 (Cross-Site Request Forgery (CSRF) vulnerability in highwarden
Super St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58711 (Missing Authorization vulnerability in solwin Blog Designer
PRO blog-d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-57227 (An unquoted service path in Kingosoft Technology Ltd Kingo
ROOT v1.5.8 ...)
TODO: check
CVE-2025-56558 (An issue discovered in Dyson App v6.1.23041-23595 allows
unauthenticat ...)
@@ -161,31 +161,31 @@ CVE-2025-54384 (CKAN is an open-source DMS (data
management system) for powering
CVE-2025-35980
REJECTED
CVE-2025-1549 (A local privilege escalation vulnerability in the WatchGuard
Mobile VP ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-12479 (Systemic Lack of Cross-Site Request Forgery (CSRF) Token
Implementatio ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12478 (Non-Compliant TLS Configuration.This issue affects BLU-IC2:
through 1. ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12477 (Server Version Disclosure.This issue affects BLU-IC2: through
1.19.5; ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12476 (Resource Lacking AuthN.This issue affects BLU-IC2: through
1.19.5; BLU ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12461 (This vulnerability allows an attacker to access parts of the
applicati ...)
TODO: check
CVE-2025-12450 (The LiteSpeed Cache plugin for WordPress is vulnerable to
Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12148 (In Search Guard versions 3.1.1 and earlier, Field Masking (FM)
rules a ...)
TODO: check
CVE-2025-12147 (In Search Guard FLX versions 3.1.1 and earlier, Field-Level
Security ( ...)
TODO: check
CVE-2025-12142 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-12058 (The Keras.Model.load_model method, including when executed
with the in ...)
TODO: check
CVE-2025-11632 (The Call Now Button \u2013 The #1 Click to Call Button for
WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11587 (The Call Now Button \u2013 The #1 Click to Call Button for
WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11466 (Allegra DatabaseBackupBL Directory Traversal Information
Disclosure Vu ...)
TODO: check
CVE-2025-11465 (Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote
Code Execut ...)
@@ -205,9 +205,9 @@ CVE-2025-11200 (MLflow Weak Password Requirements
Authentication Bypass Vulnerab
CVE-2025-10934 (GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
TODO: check
CVE-2025-10932 (Uncontrolled Resource Consumption vulnerability in Progress
MOVEit Tra ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2024-58269 (A vulnerability has been identified in Rancher Manager, where
sensitiv ...)
- TODO: check
+ NOT-FOR-US: SUSE
CVE-2024-45162 (A stack-based buffer overflow issue was discovered in the
phddns clien ...)
TODO: check
CVE-2024-45161 (A CSRF issue was discovered in the administrative web GUI in
Blu-Castl ...)
@@ -219,13 +219,13 @@ CVE-2023-39178
CVE-2023-39177
REJECTED
CVE-2023-32199 (A vulnerability has been identified within Rancher Manager,
where aft ...)
- TODO: check
+ NOT-FOR-US: SUSE
CVE-2018-25120 (D-Link DNS-343 ShareCenter devices running firmware versions
up to and ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2015-10147 (The Easy Testimonial Slider and Form plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10146 (The Thumbnail Slider With Lightbox plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11232 (To trigger the issue, three configuration parameters must have
specifi ...)
- isc-kea <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2025-11232
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d1558b742c966f78c4fa98fd895befb4d6ae554
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d1558b742c966f78c4fa98fd895befb4d6ae554
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
