Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2587261c by security tracker role at 2025-11-12T20:13:43+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2025-9316 (N-central < 2025.4 can generate sessionIDs for unauthenticated
users ...)
TODO: check
CVE-2025-8485 (An improper permissions vulnerability was reported in Lenovo
App Store ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-8421 (An improper default permission vulnerability was reported in
Lenovo Do ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-65002 (Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI
access if ...)
TODO: check
CVE-2025-65001 (Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to
potentially ...)
TODO: check
CVE-2025-64407 (Apache OpenOffice documents can contain links. A missing
Authorization ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64406 (An out-of-bounds Write vulnerability in Apache OpenOffice
could allow ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64405 (Apache OpenOffice documents can contain links. A missing
Authorization ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64404 (Apache OpenOffice documents can contain links to other files.
A missin ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64403 (Apache OpenOffice Calc spreadsheet can contain links to other
files, i ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64402 (Apache OpenOffice documents can contain links. A missing
Authorization ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64401 (Apache OpenOffice documents can contain links. A missing
Authorization ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64293 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64281 (An Authentication Bypass issue in CentralSquare Community
Development ...)
TODO: check
CVE-2025-64280 (A SQL Injection Vulnerability in CentralSquare Community
Development 1 ...)
TODO: check
CVE-2025-64117 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-64099 (Open Access Management (OpenAM) is an access management
solution. In v ...)
TODO: check
CVE-2025-63929 (A null pointer dereference vulnerability exists in airpig2011
IEC104 t ...)
@@ -43,7 +43,7 @@ CVE-2025-63679 (free5gc v4.1.0 and before is vulnerable to
Buffer Overflow. When
CVE-2025-63667 (Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW
v1.14.92 ...)
TODO: check
CVE-2025-63666 (Tenda AC15 v15.03.05.18_multi) issues an authentication cookie
that ex ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-63419 (Cross Site Scripting (XSS) vulnerability in CrushFTP
11.3.6_48. The We ...)
TODO: check
CVE-2025-63353 (A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows
the devic ...)
@@ -55,7 +55,7 @@ CVE-2025-62876 (A Execution with Unnecessary Privileges
vulnerability in lightdm
CVE-2025-61667 (The Datadog Agent collects events and metrics from hosts and
sends the ...)
TODO: check
CVE-2025-61623 (Reflected cross-site scripting vulnerability in Apache OFBiz.
This is ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-60646 (A stored cross-site scripting (XSS) in the Business Line
Management mo ...)
TODO: check
CVE-2025-60645 (A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows
attackers ...)
@@ -63,7 +63,7 @@ CVE-2025-60645 (A Cross-Site Request Forgery (CSRF) in
xxl-api v1.3.0 allows att
CVE-2025-59491 (Cross Site Scripting vulnerability in CentralSquare Community
Developm ...)
TODO: check
CVE-2025-59118 (Unrestricted Upload of File with Dangerous Type vulnerability
in Apach ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-59089 (If an attacker causes kdcproxy to connect to an
attacker-controlled KD ...)
TODO: check
CVE-2025-59088 (If kdcproxy receives a request for a realm which does not have
server ...)
@@ -77,27 +77,27 @@ CVE-2025-56385 (A SQL injection vulnerability exists in the
login functionality
CVE-2025-52331 (Cross-site scripting (XSS) vulnerability in the generate
report functi ...)
TODO: check
CVE-2025-46428 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,
contain a ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-37734 (Origin Validation Error in Kibana can lead to Server-Side
Request Forg ...)
TODO: check
CVE-2025-27368 (IBM OpenPages 9.0 and 9.1 is vulnerable to information
disclosure of s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-25236 (Omnissa Workspace ONE UEM contains an observable response
discrepancy ...)
TODO: check
CVE-2025-20379 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and
9.2.9 an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20378 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7,
9.2.9, and S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-13058 (A security flaw has been discovered in soerennb eXtplorer up
to 2.1.15 ...)
TODO: check
CVE-2025-13057 (A vulnerability was identified in Campcodes School Fees
Payment Manage ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-12998 (Improper Authentication vulnerability in TYPO3 Extension
"Modules" cod ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2025-12903 (The Payment Plugins Braintree For WooCommerce plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12732 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12382 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-12152
@@ -105,35 +105,35 @@ CVE-2025-12152
CVE-2025-12068
REJECTED
CVE-2025-12048 (An arbitrary file upload vulnerability was reported in the
Lenovo Scan ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-12047 (A vulnerability was reported in the Lenovo Scanner pro
application dur ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-11994 (The Easy Email Subscription plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11962 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-11797 (A maliciously crafted DWG file, when parsed through Autodesk
3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-11795 (A maliciously crafted JPG file, when parsed through Autodesk
3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to an XML External
Entities ...)
TODO: check
CVE-2025-11567 (CWE-276: Incorrect Default Permissions vulnerability exists
that could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-11566 (CWE-307: Improper Restriction of Excessive Authentication
Attempts vul ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-11565 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-11454 (The Specific Content For Mobile \u2013 Customize the mobile
version wi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11367 (The N-central Software Probe < 2025.4 is vulnerable to Remote
Code Exe ...)
TODO: check
CVE-2025-11366 (N-central < 2025.4 is vulnerable to authentication bypass via
path tra ...)
TODO: check
CVE-2025-10495 (A potential vulnerability was reported in the Lenovo PC
Manager, Lenov ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-48829 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-47866 (Ceph is a distributed object, block, and file storage
platform. In ver ...)
TODO: check
CVE-2024-45301 (Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In
versions 2 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2587261c094c8a257d27a843d2fb7e6665aadeef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2587261c094c8a257d27a843d2fb7e6665aadeef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
