Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1904a0c3 by security tracker role at 2025-06-11T20:14:23+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,15 +5,15 @@ CVE-2025-6001 (A Cross-Site Request Forgery (CSRF)
vulnerability exists in the p
CVE-2025-5687 (A vulnerability in Mozilla VPN on macOS allows privilege
escalation fr ...)
TODO: check
CVE-2025-5144 (The The Events Calendar plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4922 (Nomad Community and Nomad Enterprise (\u201cNomad\u201d)
prefix-based ...)
TODO: check
CVE-2025-4605 (A maliciously crafted .usdc file, when loaded through Autodesk
Maya, c ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-4573 (Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x
<= 10.5 ...)
TODO: check
CVE-2025-4315 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4128 (Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to
proper ...)
TODO: check
CVE-2025-49150 (Cursor is a code editor built for programming with AI. Prior
to 0.51.0 ...)
@@ -23,17 +23,17 @@ CVE-2025-49148 (ClipShare is a lightweight and
cross-platform tool for clipboard
CVE-2025-49146 (pgjdbc is an open source postgresql JDBC Driver. From 42.7.4
and until ...)
TODO: check
CVE-2025-48448 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-48447 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-48446 (Incorrect Authorization vulnerability in Drupal Commerce
Alphabank Red ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-48445 (Incorrect Authorization vulnerability in Drupal Commerce
Eurobank (Red ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-48444 (Missing Authorization vulnerability in Drupal Quick Node Block
allows ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-48013 (Missing Authorization vulnerability in Drupal Quick Node Block
allows ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-41663 (An unauthenticated remote attacker in a man-in-the-middle
position can ...)
TODO: check
CVE-2025-41662 (An unauthenticated remote attacker can execute arbitrary
commands with ...)
@@ -47,35 +47,35 @@ CVE-2025-40914 (Perl CryptX before version 0.087 contains a
dependency that may
CVE-2025-40912 (CryptX for Perl before version 0.065 contains a dependency
that may be ...)
TODO: check
CVE-2025-3473 (IBM Security Guardium 12.1 could allow a local privileged user
to esca ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-3302 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-35941 (A password is exposed locally.)
TODO: check
CVE-2025-32711 (Ai command injection in M365 Copilot allows an unauthorized
attacker t ...)
TODO: check
CVE-2025-32466 (A SQL injection vulnerability in RSMediaGallery! component
1.7.4 - 2.1 ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-32465 (A stored XSS vulnerability in RSTickets! component 1.9.12 -
3.3.0 for ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-30085 (Remote code execution vulnerability in RSForm!pro component
3.0.0 - 3. ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-26412 (The SIMCom SIM7600G modem supports an undocumented AT command,
which a ...)
TODO: check
CVE-2025-26383 (The iSTAR Configuration Utility (ICU) tool leaks memory, which
could r ...)
TODO: check
CVE-2025-25032 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4,
12.0.0, 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-1699 (An incorrect default permissions vulnerability was reported in
the Mot ...)
TODO: check
CVE-2025-1698 (Null pointer exception vulnerabilities were reported in the
fingerprin ...)
TODO: check
CVE-2025-0923 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4,
12.0.0, 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-0917 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4,
12.0.0, 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-0163 (IBM Security Verify Access Appliance and Docker 10.0 through
10.0.8 co ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-5991 (There is a "Use After Free" vulnerability in Qt's
QHttp2ProtocolHandle ...)
- qt6-base <unfixed>
- qtbase-opensource-src <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1904a0c38537ef18ef69a7eaa9ef2b5c966d4738
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1904a0c38537ef18ef69a7eaa9ef2b5c966d4738
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
