Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82013326 by security tracker role at 2025-11-13T20:13:43+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2025-8397 (The Save as PDF Button plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7704 (Supermicro BMC Insyde SMASH shell program has a stacked-based
overflo ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2025-64741 (Improper authorization handling in Zoom Workplace for Android
before v ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-64740 (Improper verification of cryptographic signature in the
installer for ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-64739 (External control of file name or path in certain Zoom Clients
may allo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-64738 (External control of file name or path in Zoom Workplace for
macOS befo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-64726 (Socket Firewall is an HTTP/HTTPS proxy server that intercepts
package ...)
TODO: check
CVE-2025-64718 (js-yaml is a JavaScript YAML parser and dumper. In js-yaml
4.1.0 and b ...)
@@ -41,55 +41,55 @@ CVE-2025-64523 (File Browser provides a file managing
interface within a specifi
CVE-2025-64511 (MaxKB is an open-source AI assistant for enterprise. In
versions prior ...)
TODO: check
CVE-2025-64482 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-64429 (DuckDB is a SQL database management system. DuckDB implemented
block-b ...)
TODO: check
CVE-2025-64384 (Missing Authorization vulnerability in jetmonsters
JetFormBuilder jetf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64383 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64382 (Missing Authorization vulnerability in WebToffee Order Export
& Order ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64381 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64380 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64379 (Missing Authorization vulnerability in Pluggabl Booster for
WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64370 (Missing Authorization vulnerability in YOP YOP Poll yop-poll
allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64369 (Missing Authorization vulnerability in codepeople Contact Form
Email c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64345 (Wasmtime is a runtime for WebAssembly. Prior to version
38.0.4, 37.0.3 ...)
TODO: check
CVE-2025-64292 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64277 (Missing Authorization vulnerability in QuantumCloud ChatBot
chatbot al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64276 (Missing Authorization vulnerability in Ays Pro Survey Maker
survey-mak ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64275 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64274 (Missing Authorization vulnerability in wpkoithemes WPKoi
Templates for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64271 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
WP Plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64269 (Missing Authorization vulnerability in EDGARROJAS WooCommerce
PDF Invo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64267 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64265 (Missing Authorization vulnerability in N-Media Frontend File
Manager n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64264 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64263 (Missing Authorization vulnerability in PluginEver WP Content
Pilot wp- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64262 (Cross-Site Request Forgery (CSRF) vulnerability in ramon
fincken Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64261 (Missing Authorization vulnerability in codepeople Appointment
Booking ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64259 (Missing Authorization vulnerability in Jeroen Schmit Theater
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64186 (Evervault is a payment security solution. A vulnerability was
identifi ...)
TODO: check
CVE-2025-63645 (A stored cross-site scripting (XSS) vulnerability exists in
pH7Softwar ...)
@@ -99,125 +99,125 @@ CVE-2025-63406 (An issue in Intermesh BV GroupOffice
vulnerable before v.25.0.47
CVE-2025-63396 (An issue was discovered in PyTorch v2.5 and v2.7.1. Omission
of profil ...)
TODO: check
CVE-2025-62484 (Inefficient regular expression complexity in certain Zoom
Workplace Cl ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-62483 (Improper removal of sensitive information in certain Zoom
Clients befo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-62482 (Cross-site scripting in Zoom Workplace for Windows before
version 6.5. ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-60702 (A command injection vulnerability exists in the TOTOLINK
A950RG Router ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60701 (A command injection vulnerability exists in the D-Link DIR-882
Router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60700 (A command injection vulnerability exists in the D-Link DIR-882
Router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60699 (A buffer overflow vulnerability exists in the TOTOLINK A950RG
Router f ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60698 (A command injection vulnerability exists in the D-Link DIR-882
Router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60697 (A command injection vulnerability exists in the D-Link DIR-882
Router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60696 (A stack-based buffer overflow vulnerability exists in the
makeRequest. ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60695 (A stack-based buffer overflow vulnerability exists in the
mtk_dut bina ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60694 (A stack-based buffer overflow exists in the
validate_static_route func ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60693 (A stack-based buffer overflow exists in the get_merge_mac
function of ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60692 (A stack-based buffer overflow vulnerability exists in the
libshared.so ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60691 (A stack-based buffer overflow exists in the httpd binary of
Linksys E1 ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60690 (A stack-based buffer overflow exists in the get_merge_ipaddr
function ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60689 (An unauthenticated command injection vulnerability exists in
the Start ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60688 (A stack buffer overflow vulnerability exists in the ToToLink
LR1200GB ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60687 (An unauthenticated command injection vulnerability exists in
the ToToL ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60686 (A local stack-based buffer overflow vulnerability exists in
the infost ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60685 (A stack buffer overflow exists in the ToToLink A720R Router
firmware V ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60684 (A stack buffer overflow vulnerability exists in the ToToLink
LR1200GB ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60683 (A command injection vulnerability exists in the ToToLink A720R
Router ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60682 (A command injection vulnerability exists in the ToToLink A720R
Router ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60679 (A stack buffer overflow vulnerability exists in the D-Link
DIR-816A2 r ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60676 (An unauthenticated command injection vulnerability exists in
the D-Lin ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60675 (A command injection vulnerability exists in the D-Link
DIR-823G router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60674 (A stack buffer overflow vulnerability exists in the D-Link
DIR-878A1 r ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60673 (An unauthenticated command injection vulnerability exists in
the D-Lin ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60672 (An unauthenticated command injection vulnerability exists in
the D-Lin ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60671 (A command injection vulnerability exists in the D-Link
DIR-823G router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-59840 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
TODO: check
CVE-2025-59480 (Mattermost Mobile Apps versions <=2.32.0 fail to verify that
SSO redir ...)
TODO: check
CVE-2025-59367 (An authentication bypass vulnerability has been identified in
certain ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-55810 (A vulnerability was found in Alaga Home Security WiFi Camera
3K (model ...)
TODO: check
CVE-2025-52186 (Lichess lila before commit
11b4c0fb00f0ffd823246f839627005459c8f05c (2 ...)
TODO: check
CVE-2025-46608 (Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an
Improper ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46427 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0,
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46370 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46369 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46368 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46367 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46362 (Dell Alienware Command Center 6.x (AWCC), versions prior to
6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-43515 (The issue was addressed by refusing external connections by
default. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-41069 (Insecure Direct Object Reference (IDOR) vulnerability in
DeporSite of ...)
TODO: check
CVE-2025-40681 (Cross-site Scripting (XSS) vulnerability reflected in xCally's
Omnicha ...)
TODO: check
CVE-2025-36223 (IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header
injection, caus ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33119 (IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials
in conf ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-30669 (Improper certificate validation in certain Zoom Clients may
allow an u ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-30662 (Symlink following in the installer for the Zoom Workplace VDI
Plugin m ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-20355 (A vulnerability in the web-based management interface of Cisco
Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20353 (A vulnerability in the web-based management interface of Cisco
Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20349 (A vulnerability in the REST API of Cisco Catalyst Center could
allow a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20346 (A vulnerability in Cisco Catalyst Center could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20341 (A vulnerability in Cisco Catalyst Center Virtual Appliance
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-13123 (A flaw has been found in AMTT Hotel Broadband Operation System
1.0. Th ...)
TODO: check
CVE-2025-13122 (A vulnerability was detected in SourceCodester Patients
Waiting Area Q ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13121 (A security vulnerability has been detected in cameasy Liketea
1.0.0. I ...)
TODO: check
CVE-2025-13120 (A vulnerability has been found in mruby up to 3.4.0. This
vulnerabilit ...)
TODO: check
CVE-2025-13119 (A flaw has been found in Fabian Ros/SourceCodester Simple
E-Banking Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13118 (A vulnerability was detected in macrozheng mall-swarm up to
1.0.3. Aff ...)
TODO: check
CVE-2025-13117 (A security vulnerability has been detected in macrozheng
mall-swarm up ...)
@@ -229,29 +229,29 @@ CVE-2025-13115 (A security flaw has been discovered in
macrozheng mall-swarm up
CVE-2025-13114 (A vulnerability was identified in macrozheng mall-swarm up to
1.0.3. T ...)
TODO: check
CVE-2025-13076 (A flaw has been found in code-projects Responsive Hotel Site
1.0. The ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-13075 (A vulnerability was detected in code-projects Responsive Hotel
Site 1. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-13063 (A flaw has been found in DinukaNavaratna Dee Store 1.0.
Affected is an ...)
TODO: check
CVE-2025-13061 (A vulnerability was detected in itsourcecode Online Voting
System 1.0. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-13060 (A security vulnerability has been detected in SourceCodester
Survey Ap ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13059 (A weakness has been identified in SourceCodester Alumni
Management Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-12979 (The Welcart e-Commerce plugin for WordPress is vulnerable to
unauthori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12892 (The Survey Maker plugin for WordPress is vulnerable to
unauthorized mo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12891 (The Survey Maker plugin for WordPress is vulnerable to
unauthorized ac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12844 (The AI Engine plugin for WordPress is vulnerable to PHP Object
Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12785 (Certain HP LaserJet Pro printers may be vulnerable to
information disc ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-12784 (Certain HP LaserJet Pro printers may be vulnerable to
information disc ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-12765 (pgAdmin <= 9.9 is affected by avulnerability in the LDAP
authenticatio ...)
TODO: check
CVE-2025-12764 (pgAdmin <= 9.9 is affected by an LDAP injection vulnerability
in the L ...)
@@ -261,35 +261,35 @@ CVE-2025-12763 (pgAdmin 4 versions up to 9.9 are affected
by a command injection
CVE-2025-12762 (pgAdmin versions up to 9.9 are affected by a Remote Code
Execution (RC ...)
TODO: check
CVE-2025-12733 (The Import any XML, CSV or Excel File to WordPress (WP All
Import) plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12703
REJECTED
CVE-2025-12681 (The Comment Edit Core \u2013 Simple Comment Editing plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12620 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image
Polls plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12536 (The SureForms plugin for WordPress is vulnerable to Sensitive
Informat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12377 (The Gallery Plugin for WordPress \u2013 Envira Photo Gallery
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12366 (The Page Builder: Pagelayer \u2013 Drag and Drop website
builder plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12089 (The Data Tables Generator by Supsystic plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12015 (The Convert WebP & AVIF | Quicq | Best image optimizer and
compression ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11923 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, &
Quizzes p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11777 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail
to prop ...)
TODO: check
CVE-2025-11769 (The WordPress Content Flipper plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11538 (A vulnerability exists in Keycloak's server distribution where
enablin ...)
TODO: check
CVE-2025-11260 (The WP Headless CMS Framework plugin for WordPress is
vulnerable to pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10295 (The Angel \u2013 Fashion Model Agency WordPress CMS Theme
theme for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7329 (Tinycontrol LAN Controller v3 (LK3) firmware versions up to
1.58a (har ...)
TODO: check
CVE-2023-7327 (Ozeki SMS Gateway versions up to and including 10.3.208 contain
a path ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/820133267c367ed1ead11a8e92975f0a4b6a0204
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/820133267c367ed1ead11a8e92975f0a4b6a0204
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
