Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52eac0d5 by security tracker role at 2025-11-11T08:12:48+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2025-9524 (The VAPIX API port.cgi did not have sufficient input
validation, which ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-9055 (The VAPIX Edge storage API that allowed a privilege escalation,
enabli ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-8998 (It was possible to upload files with a specific name to a
temporary di ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-8108 (An ACAP configuration file has improper permissions and lacks
input va ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-7429 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and
below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-6779 (An ACAP configuration file has improper permissions, which
could allow ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-6571 (A 3rd-party componentexposed its password in process arguments,
allowi ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-6298 (ACAP applications can gain elevated privileges due to improper
input v ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-64529 (SpiceDB is an open source database system for creating and
managing se ...)
TODO: check
CVE-2025-64522 (Soft Serve is a self-hostable Git server for the command line.
Version ...)
@@ -59,13 +59,13 @@ CVE-2025-63296 (KERUI K259 5MP Wi-Fi / Tuya Smart Security
Camera firmware v33.5
CVE-2025-62780 (changedetection.io is a free open source web page change
detection too ...)
TODO: check
CVE-2025-5718 (The ACAP Application framework could allow privilege escalation
throug ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-5454 (An ACAP configuration file lacked sufficient input validation,
which c ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-5452 (A malicious ACAP application can gain access to admin-level
service ac ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-4645 (An ACAP configuration file lacked sufficient input validation,
which c ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-49145 (Combodo iTop is a web based IT service management tool. In
versions pr ...)
TODO: check
CVE-2025-48878 (Combodo iTop is a web based IT service management tool. In
versions on ...)
@@ -75,173 +75,173 @@ CVE-2025-48065 (Combodo iTop is a web based IT service
management tool. Versions
CVE-2025-48055 (Combodo iTop is a web based IT service management tool. In
versions pr ...)
TODO: check
CVE-2025-42940 (SAP CommonCryptoLib does not perform necessary boundary checks
during ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42924 (SAP S/4HANA landscape SAP E-Recruiting BSP allows an
unauthenticated a ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42919 (Due to an Information Disclosure vulnerability in SAP
NetWeaver Applic ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42899 (SAP S4CORE (Manage journal entries) does not perform necessary
authori ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42897 (Due to information disclosure vulnerability in anonymous API
provided ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42895 (Due to insufficient validation of connection property values,
the SAP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42894 (Due to a Path Traversal vulnerability in SAP Business
Connector, an at ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42893 (Due to an Open Redirect vulnerability in SAP Business
Connector, an un ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42892 (Due to an OS Command Injection vulnerability in SAP Business
Connector ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42890 (SQL Anywhere Monitor (Non-GUI) baked credentials into the
code,exposin ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42889 (SAP Starter Solution allows an authenticated attacker to
execute craft ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42888 (SAP GUI for Windows may allow a highly privileged user on the
affected ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42887 (Due to missing input sanitation, SAP Solution Manager allows
an authen ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42886 (Due to a Reflected Cross-Site Scripting (XSS) vulnerability in
SAP Bus ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42885 (Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an
unauthe ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42884 (SAP NetWeaver Enterprise Portal allows an unauthenticated
attacker to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42883 (Migration Workbench (DX Workbench) in SAP NetWeaver
Application Server ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42882 (Due to a missing authorization check in SAP NetWeaver
Application Serv ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-31719 (In TEE EcDSA algorithm, there is a possible memory consistency
issue. ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2025-12880 (The Progress Bar Blocks for Gutenberg plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12813 (The Holiday class post calendar plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12754 (The Geopost plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12753 (The Chart Expert plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12711 (The Share to Google Classroom plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12672 (The Flickr Show plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12671 (The WP-Iconics plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12668 (The WP Count Down Timer plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12667 (The GitHub Gist Shortcode Plugin for WordPress is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12665 (The Ninja Countdown | Fastest Countdown Builder plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12663 (The Jeba Cute forkit plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12662 (The Coon Google Maps plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12658 (The Preload Current Images plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12652 (The Ungapped Widgets plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12651 (The Live Photos on WordPress plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12644 (The Nonaki \u2013 Drag and Drop Email Template builder and
Newsletter ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12637 (The Elastic Theme Editor plugin for WordPress is vulnerable to
arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12632 (The RandomQuotr plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12631 (The Squirrels Auto Inventory plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12590 (The YSlider plugin for WordPress is vulnerable to Cross-Site
Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12589 (The WP-Walla plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12588 (The USB Qr Code Scanner For Woocommerce plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12542
REJECTED
CVE-2025-12538 (The Fleet Manager plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12526 (The Private Google Calendars plugin for WordPress is
vulnerable to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12132 (The WP Custom Admin Login Page Logo plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12126 (The The Total Book Project plugin for WordPress is vulnerable
to Insec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12021 (The WP-OAuth plugin for WordPress is vulnerable to Reflected
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12020 (The Double the Donation \u2013 A workplace giving tool to help
your fu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12019 (The Featured Image plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12010 (The Authors List plugin for WordPress is vulnerable to
Sensitive Infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11999 (The Add Multiple Marker plugin for WordPress is vulnerable to
unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11997 (The Document Pro Elementor \u2013 Documentation & Knowledge
Base plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11996 (The Find Unused Images plugin for WordPress is vulnerable to
unauthori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11988 (The Crypto plugin for WordPress is vulnerable to unauthorized
manipula ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11986 (The Crypto plugin for WordPress is vulnerable to Information
exposure ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11894 (The Shelf Planner plugin for WordPress is vulnerable to
unauthorized m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11892 (An improper neutralization of input vulnerability was
identified in Gi ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2025-11891 (The Shelf Planner plugin for WordPress is vulnerable to
Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11886 (The CTL Arcade Lite plugin for WordPress is vulnerable to
Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11882 (The Simple Donate plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11874 (The Slippy Slider \u2013 Responsive Touch Navigation Slider
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11873 (The WP BBCode plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11869 (The Precise Columns plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11863 (The My Geo Posts Free plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11860 (The Twitter Feed plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11859 (The Paypal Donation Shortcode plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11856 (The Eventbee Ticketing Widget plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11855 (The age-restriction WordPress plugin through 3.0.2 does not
have autho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11829 (The Five9 Live Chat plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11828 (The Magazine Companion plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11822 (The WP Bootstrap Tabs plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11821 (The Woocommerce \u2013 Products By Custom Tax plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11805 (The Skip to Timestamp plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11578 (A privilege escalation vulnerability was identified in GitHub
Enterpri ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2025-11532 (The Wisly plugin for WordPress is vulnerable to Insecure
Direct Object ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11521 (The Astra Security Suite \u2013 Firewall & Malware Scan plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11457 (The EasyCommerce \u2013 AI-Powered, Fast & Beautiful WordPress
Ecommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11451 (The Auto Amazon Links \u2013 Amazon Associates Affiliate
Plugin plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11307 (The WP Go Maps (formerly WP Google Maps) WordPress plugin
before 9.0.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11237 (The Make Email Customizer for WooCommerce WordPress plugin
through 1.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11170 (The WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3
for CPI p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11168 (The Mementor Core plugin for WordPress is vulnerable to
Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11129 (The Include Fussball.de Widgets plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10714 (AXIS Optimizer was vulnerable to an unquoted search path
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2021-4462 (Employee Records System version 1.0 contains an unrestricted
file uplo ...)
TODO: check
CVE-2018-25124 (PacsOne Server version 6.6.2 (prior versions are likely
affected) cont ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52eac0d57e205ff91ac13116d71a39caac95b8c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52eac0d57e205ff91ac13116d71a39caac95b8c0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
