Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc582597 by security tracker role at 2025-10-31T20:13:36+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2025-8849 (LibreChat version 0.7.9 is vulnerable to a Denial of Service
(DoS) att ...)
TODO: check
CVE-2025-8489 (The King Addons for Elementor \u2013 Free Elements, Widgets,
Templates ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8385 (The Zombify plugin for WordPress is vulnerable to Path
Traversal in al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8383 (The Depicter plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7846 (The WordPress User Extra Fields plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6520 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of
service (Do ...)
@@ -25,41 +25,41 @@ CVE-2025-64386 (The equipment grants a JWT token for each
connection in the time
CVE-2025-64385 (The equipment initially can be configured using the
manufacturer's app ...)
TODO: check
CVE-2025-64368 (Cross-Site Request Forgery (CSRF) vulnerability in
Mikado-Themes Bard ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64367 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64366 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64365 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64364 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64363 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64362 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64361 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64360 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64359 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64358 (Missing Authorization vulnerability in WebToffee Smart Coupons
for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64357 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR.
Advance ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64356 (Missing Authorization vulnerability in f1logic Insert PHP Code
Snippet ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64354 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64353 (Deserialization of Untrusted Data vulnerability in Chouby
Polylang pol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64352 (Missing Authorization vulnerability in WPDeveloper Essential
Addons fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64351 (Insertion of Sensitive Information Into Sent Data
vulnerability in Ran ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64350 (Missing Authorization vulnerability in Rank Math SEO Rank Math
SEO seo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64349 (ELOG allows an authenticated user to modify another user's
profile. An ...)
TODO: check
CVE-2025-64348 (ELOG allows an authenticated user to modify or overwrite the
configura ...)
@@ -73,37 +73,37 @@ CVE-2025-63562 (Summer Pearl Group Vacation Rental
Management Platform prior to
CVE-2025-63561 (Summer Pearl Group Vacation Rental Management Platform prior
to 1.0.2 ...)
TODO: check
CVE-2025-63469 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63468 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63467 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63466 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63465 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63464 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63463 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63462 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to
contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63461 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to
contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63460 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to
contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63459 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to
contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63458 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-63454 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-62618 (ELOG allows an authenticated user to upload arbitrary HTML
files. The ...)
TODO: check
CVE-2025-62267 (Multiple cross-site scripting (XSS) vulnerabilities in web
content tem ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in
Languauge Overri ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62232 (Sensitive data exposure via logging in basic-auth leads to
plaintext u ...)
TODO: check
CVE-2025-61427 (A reflected cross-site scripting (XSS) vulnerability in BEO
GmbH BEO A ...)
@@ -113,9 +113,9 @@ CVE-2025-61141 (sqls-server/sqls 0.2.28 is vulnerable to
command injection in th
CVE-2025-60749 (DLL Hijacking vulnerability in Trimble SketchUp desktop 2025
via craft ...)
TODO: check
CVE-2025-60711 (Protection mechanism failure in Microsoft Edge
(Chromium-based) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-5397 (The Noo JobMonster theme for WordPress is vulnerable to
Authentication ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-59501 (Authentication bypass by spoofing in Microsoft Configuration
Manager a ...)
TODO: check
CVE-2025-58152 (FutureNet MA and IP-K series provided by Century Systems Co.,
Ltd. put ...)
@@ -145,9 +145,9 @@ CVE-2025-48982 (This vulnerability in Veeam Agent for
Microsoft Windows allows f
CVE-2025-48980 (In Brave Browser Desktop versions prior to 1.83.10 that have
the split ...)
TODO: check
CVE-2025-40603 (A potential exposure of sensitive information in log files in
SonicWal ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-36249 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does
not set ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34298 (Nagios Log Server versions prior to 2024R1.3.2 contain a
privilege esc ...)
TODO: check
CVE-2025-34287 (Nagios XI versions prior to 2024R2 contain an improperly owned
script, ...)
@@ -183,7 +183,7 @@ CVE-2025-34135 (Nagios XI versions prior
to2024R1.4.2configure some systemd unit
CVE-2025-34134 (Nagios XI versions prior to 2024R1.4.2 contain a remote code
execution ...)
TODO: check
CVE-2025-33003 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
could allo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-30191 (Malicious content from E-Mail can be used to perform a
redressing atta ...)
TODO: check
CVE-2025-30188 (Malicious or unintentional API requests can be used to add
significant ...)
@@ -193,23 +193,23 @@ CVE-2025-29270 (Incorrect access control in the
realtime.cgi endpoint of Deep Se
CVE-2025-27208 (A reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
TODO: check
CVE-2025-12554 (Missing Security Headers.This issue affects BLU-IC2: through
1.19.5; B ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12553 (Email Server Certificate Verification Disabled.This issue
affects BLU- ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12552 (Insufficient Password Policy.This issue affects BLU-IC2:
through 1.19. ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12547 (A vulnerability was identified in LogicalDOC Community Edition
up to 9 ...)
TODO: check
CVE-2025-12546 (A vulnerability was determined in LogicalDOC Community Edition
up to 9 ...)
TODO: check
CVE-2025-12521 (The Analytify Pro plugin for WordPress is vulnerable to
Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12509 (On a client with an admin user, a Global_Shipping script can
be implem ...)
- TODO: check
+ NOT-FOR-US: Bizerba
CVE-2025-12508 (When using domain users as BRAIN2 users, communication with
Active Dir ...)
- TODO: check
+ NOT-FOR-US: Bizerba
CVE-2025-12507 (The service Bizerba Communication Server (BCS) has an unquoted
service ...)
- TODO: check
+ NOT-FOR-US: Bizerba
CVE-2025-12501 (Integer overflow in GameMaker IDE below 2024.14.0 version can
lead to ...)
TODO: check
CVE-2025-12460 (An XSS issue was discovered in Afterlogic Aurora webmail
version 9.8.3 ...)
@@ -217,27 +217,27 @@ CVE-2025-12460 (An XSS issue was discovered in Afterlogic
Aurora webmail version
CVE-2025-12357 (By manipulating the Signal Level Attenuation Characterization
(SLAC) ...)
TODO: check
CVE-2025-12175 (The The Events Calendar plugin for WordPress is vulnerable to
unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12115 (The WPC Name Your Price for WooCommerce plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12094 (The OOPSpam Anti-Spam: Spam Protection for WordPress Forms &
Comments ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12041 (The ERI File Library plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11975 (The FuseWP \u2013 WordPress User Sync to Email List &
Marketing Automa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11843 (Therefore Corporation GmbH has recently become aware that
Therefore\u2 ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2025-11806 (The Qzzr Shortcode Plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11602 (Potential information leak in bolt protocol handshake in Neo4j
Enterpr ...)
TODO: check
CVE-2025-11191 (The RealPress WordPress plugin before 1.1.0 registers the
REST routes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10897 (The WooCommerce Designer Pro theme for WordPress is vulnerable
to arbi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10693 (When SmartStart Inclusion fails during the onboarding of a
Z-Wave PIR ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2024-58273 (Nagios Log Server versions prior to 2024R1.0.2 contain a local
privile ...)
TODO: check
CVE-2024-58272 (Nagios Log Server versions prior to 2024R1 contain a stored
cross-site ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc5825978468f2e11ad84bdd18a6a4ef423914bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc5825978468f2e11ad84bdd18a6a4ef423914bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
