Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
17b5bb3c by security tracker role at 2025-12-15T20:14:10+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-67809 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and
10.1. A ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2025-66963 (An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local
attacker to obt ...)
TODO: check
CVE-2025-66844 (In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector
may be ...)
@@ -45,9 +45,9 @@ CVE-2025-65176 (An issue was discovered in Dynatrace OneAgent
before 1.325.47. W
CVE-2025-60786 (A Zip Slip vulnerability in the import a Project component of
iceScrum ...)
TODO: check
CVE-2025-55901 (TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to
command injec ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-55893 (TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to
command Inject ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-55703 (An error-based SQL injection vulnerability exists in the
Sunbird Power ...)
TODO: check
CVE-2025-51962 (A HTML Injection vulnerability in the comment section of the
project p ...)
@@ -57,7 +57,7 @@ CVE-2025-37732 (Improper neutralization of input during web
page generation ('Cr
CVE-2025-37731 (Improper Authentication in Elasticsearch PKI realm can lead to
user im ...)
TODO: check
CVE-2025-36360 (IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2
through 7.2.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34412 (The Convercent Whistleblowing Platform operated by EQS Group
contains ...)
TODO: check
CVE-2025-34411 (The Convercent Whistleblowing Platform operated by EQS Group
exposes a ...)
@@ -73,43 +73,43 @@ CVE-2025-14714 (An Authentication Bypass vulnerability
existed where the applica
CVE-2025-14711 (A flaw has been found in FantasticLBP Hotels Server up to
67b44df162fa ...)
TODO: check
CVE-2025-14503 (An overly-permissive IAM trust policy in the Harmonix on AWS
framework ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-14387 (The LearnPress \u2013 WordPress LMS Plugin plugin for
WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14383 (The Booking Calendar plugin for WordPress is vulnerable to
time-based ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14156 (The Fox LMS \u2013 WordPress LMS Plugin plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14148 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an
authent ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14038 (EDB Hybrid Manager contains a flaw that allows an
unauthenticated atta ...)
TODO: check
CVE-2025-14003 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13950 (The OneSignal \u2013 Web Push Notifications plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13888 (A flaw was found in OpenShift GitOps. Namespace admins can
create Argo ...)
TODO: check
CVE-2025-13824 (A security issue exists due to improper handling of malformed
CIP pack ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-13823 (A security issue was found in the IPv6 stack in the Micro850
and Micro ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-13728 (The FluentAuth \u2013 The Ultimate Authorization & Security
Plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13610 (The RegistrationMagic \u2013 Custom Registration Forms, User
Registrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13608 (The CC Child Pages plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13489 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 Deploy
transmits data ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13367 (The User Registration & Membership \u2013 Custom Registration
Form Bui ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12900 (The FileBird \u2013 WordPress Media Library Folders & File
Manager plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12035 (An integer overflow condition exists in Bluetooth Host stack,
within t ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-11670 (Zohocorp ManageEngine ADManager Plus versions before 8025 are
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-11393 (A flaw was found in runtimes-inventory-rhel8-operator. An
internal pro ...)
TODO: check
CVE-2024-44599 (FNT Command 13.4.0 is vulnerable to Directory Traversal.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b5bb3cbf6425161e226451eda1dba95dc12da5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b5bb3cbf6425161e226451eda1dba95dc12da5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
