Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12542dc9 by security tracker role at 2025-11-14T20:13:05+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-9982 (A vulnerability exists in QuickCMS version 6.8 where sensitive
admin c ...)
TODO: check
CVE-2025-8870 (On affected platforms running Arista EOS, certain serial
console input ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-8855 (Authorization Bypass Through User-Controlled Key, Weak Password
Recove ...)
TODO: check
CVE-2025-64446 (A relative path traversal vulnerability in Fortinet FortiWeb
8.0.0 thr ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-63830 (CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in
the File ...)
TODO: check
CVE-2025-63725 (Reflected Cross-Site Scripting (XSS) vulnerability in SVX
Portal 2.7A ...)
@@ -13,7 +13,7 @@ CVE-2025-63725 (Reflected Cross-Site Scripting (XSS)
vulnerability in SVX Portal
CVE-2025-63724 (SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via
crafted POS ...)
TODO: check
CVE-2025-63701 (A heap corruption vulnerability exists in the Advantech
TP-3250 printe ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-63680 (Nero BackItUp in the Nero Productline is vulnerable to a path
parsing/ ...)
TODO: check
CVE-2025-63291 (When processing API requests, the Alteryx server
2022.1.1.42654 and 20 ...)
@@ -41,11 +41,11 @@ CVE-2025-54340 (A vulnerability was found in the
Application Server of Desktop A
CVE-2025-54339 (An Incorrect Access Control vulnerability was found in the
Application ...)
TODO: check
CVE-2025-4618 (A sensitive information disclosure vulnerability in Palo Alto
Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-4617 (An insufficient policy enforcement vulnerability in Palo Alto
Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-4616 (An insufficient validation of an untrusted input vulnerability
in Palo ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-13204 (npm package `expr-eval` is vulnerable to Prototype Pollution.
An attac ...)
TODO: check
CVE-2025-13180 (A vulnerability was found in Bdtask/CodeCanyon Wholesale
Inventory Con ...)
@@ -59,13 +59,13 @@ CVE-2025-13177 (A vulnerability was detected in
Bdtask/CodeCanyon SalesERP up to
CVE-2025-13174 (A weakness has been identified in rachelos WeRSS we-mp-rss up
to 1.4.7 ...)
TODO: check
CVE-2025-13172 (A security flaw has been discovered in CodeAstro Gym
Management System ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-13171 (A vulnerability was identified in ZZCMS 2023. This impacts an
unknown ...)
TODO: check
CVE-2025-13170 (A vulnerability was detected in code-projects Simple Online
Hotel Rese ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-13169 (A security vulnerability has been detected in code-projects
Simple Onl ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-13168 (A weakness has been identified in ury-erp ury up to 0.2.0.
This affect ...)
TODO: check
CVE-2025-13033 (A vulnerability was identified in the email parsing library
due to imp ...)
@@ -77,29 +77,29 @@ CVE-2025-12187
CVE-2025-12149 (In Search Guard FLX versions 3.1.2 and earlier, while
Document-Level S ...)
TODO: check
CVE-2025-11981 (The School Management System \u2013 WPSchoolPress plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11918 (Rockwell Automation Arena\xae suffers from a stack-based
buffer overfl ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11794 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11,
10.12.x <= ...)
TODO: check
CVE-2025-10018 (QuickCMS is vulnerable to multiple Stored XSS in language
editor funct ...)
TODO: check
CVE-2024-55016 (PHPGurukul Student Record Management System 3.20 is vulnerable
to SQL ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44640 (PHPGurukul Student Record System 3.20 is vulnerable to SQL
Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44639 (PHPGurukul Student Record System 3.20 is vulnerable to SQL
Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44636 (PHPGurukul Student Record System 3.20 is vulnerable to SQL
Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44635 (PHPGurukul Student Record System 3.20 is vulnerable to Cross
Site Scri ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44633 (PHPGurukul Student Record System 3.20 is vulnerable to SQL
Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44632 (PHPGurukul Student Record System 3.20 is vulnerable to SQL
Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44630 (Multiple parameters in register.php in PHPGurukul Student
Record Syste ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-42749 (Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows
a local ...)
TODO: check
CVE-2024-21635 (Memos is a privacy-first, lightweight note-taking service that
uses Ac ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12542dc93125d181cdbff3262c9f50de846c6791
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12542dc93125d181cdbff3262c9f50de846c6791
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
