Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
72ba92fc by security tracker role at 2025-07-09T20:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,75 +1,75 @@
CVE-2025-7381 (ImpactThis is an information disclosure vulnerability
originating from ...)
TODO: check
CVE-2025-7379 (A security bypass vulnerability allows exploitation via Reverse
Tabnab ...)
- TODO: check
+ NOT-FOR-US: Asustor
CVE-2025-7204 (In ConnectWise PSA versions older than 2025.9, a vulnerability
exists ...)
TODO: check
CVE-2025-6514 (mcp-remote is exposed to OS command injection when connecting
to untru ...)
TODO: check
CVE-2025-53743 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not
mask Applit ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53742 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores
Applitools AP ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53678 (Jenkins User1st uTester Plugin 1.1 and earlier stores the
uTester JWT ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53677 (Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa
Deploymen ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53676 (Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa
Deployment Token ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53675 (Jenkins Warrior Framework Plugin 1.2 and earlier stores
passwords unen ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53674 (Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask
the Sense ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53673 (Jenkins Sensedia Api Platform tools Plugin 1.0 stores the
Sensedia API ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53672 (Jenkins Kryptowire Plugin 0.2 and earlier stores the
Kryptowire API ke ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53671 (Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not
mask DiveCl ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53670 (Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores
DiveCloud API ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53669 (Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API
Auth Ke ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53668 (Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth
Keys unen ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53667 (Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's
Snitch t ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53666 (Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch
tokens u ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53665 (Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask
Apica Loa ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53664 (Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica
Loadtest L ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53663 (Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores
SonarQube au ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53662 (Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores
IFTTT Maker ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53661 (Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does
not mask T ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53660 (Jenkins QMetry Test Management Plugin 1.13 and earlier does
not mask Q ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53659 (Jenkins QMetry Test Management Plugin 1.13 and earlier stores
Qmetry A ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53658 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not
escape the ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53657 (Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier
does not m ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53656 (Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier
stores SLM ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53655 (Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not
mask the ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53654 (Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores
the AWS Se ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53653 (Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores
Scanner ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53652 (Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier
does not ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53651 (Jenkins HTML Publisher Plugin 425 and earlier displays log
messages th ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53650 (Jenkins Credentials Binding Plugin 687.v619cb_15e923f and
earlier does ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53645 (Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x
before ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2025-53620 (@builder.io/qwik-city is the meta-framework for Qwik. When a
Qwik Serv ...)
TODO: check
CVE-2025-53548 (Clerk helps developers build user management. Applications
that use th ...)
@@ -77,7 +77,7 @@ CVE-2025-53548 (Clerk helps developers build user management.
Applications that
CVE-2025-53546 (Folo organizes feeds content into one timeline. Using
pull_request_tar ...)
TODO: check
CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware
V22.5.4.9 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping
diagnostic ...)
TODO: check
CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was
discovere ...)
@@ -95,15 +95,15 @@ CVE-2025-3498 (An unauthenticated user with management
network access can get an
CVE-2025-3497 (The Linux distribution underlying the Radiflow iSAP Smart
Collector ( ...)
TODO: check
CVE-2025-36599 (Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains
an Inse ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-2670 (IBM OpenPages 9.0 is vulnerable to information disclosure of
sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27028 (The Linux deprivileged user vpuserin Radiflow iSAP Smart
Collector (Ce ...)
TODO: check
CVE-2025-27027 (A user with vpusercredentials that opens an SSH connection to
the devi ...)
TODO: check
CVE-2025-1112 (IBM OpenPages with Watson 8.3 and 9.0 could allow an
authenticated use ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-38264 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/0bf04c874fcb1ae46a863034296e4b33d8fbd66c (6.16-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72ba92fc7b834008e1900127109aa8f55b5486a3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72ba92fc7b834008e1900127109aa8f55b5486a3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
