Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
646aa54b by security tracker role at 2025-07-23T20:13:11+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-8070 (The Windows service configuration of ABP and AES contains an
unquoted ...)
- TODO: check
+ NOT-FOR-US: Asustor
CVE-2025-8069 (During the AWS Client VPN client installation on Windows
devices, the ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-8060 (A vulnerability has been found in Tenda AC23 16.03.07.52 and
classifie ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to
2.41 is ...)
TODO: check
CVE-2025-8022 (All versions of the package bun are vulnerable to Improper
Neutralizat ...)
@@ -19,23 +19,23 @@ CVE-2025-7724 (An unauthenticated OS command injection
vulnerability existsin VI
CVE-2025-7723 (A command injection vulnerability exists that can be exploited
after a ...)
TODO: check
CVE-2025-7722 (The Social Streams plugin for WordPress is vulnerable to
privilege esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6261 (The Fleetwire Fleet Management plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6215 (The Omnishop plugin for WordPress is vulnerable to
Unauthenticated Reg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6214 (The Omnishop plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6190 (The Realty Portal \u2013 Agent plugin for WordPress is
vulnerable to P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6174 (The Qwizcards | online quizzes and flashcards WordPress plugin
through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6054 (The YANewsflash plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5818 (The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5753 (The Valuation Calculator plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-54455 (Use of Hard-coded Credentials vulnerability in Samsung
Electronics Mag ...)
TODO: check
CVE-2025-54454 (Use of Hard-coded Credentials vulnerability in Samsung
Electronics Mag ...)
@@ -73,13 +73,13 @@ CVE-2025-54439 (Unrestricted Upload of File with Dangerous
Type vulnerability in
CVE-2025-54438 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-54297 (A stored XSS vulnerability in CComment component 5.0.0-6.1.14
for Joom ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54296 (A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for
Joomla ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54295 (A Reflected XSS vulnerability in DJ-Reviews component
1.0-1.3.6 for Jo ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54294 (A SQLi vulnerability in Komento component 4.0.0-4.0.7for
Joomla was di ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54141 (ViewVC is a browser interface for CVS and Subversion version
control r ...)
TODO: check
CVE-2025-54140 (pyLoad is a free and open-source Download Manager written in
pure Pyth ...)
@@ -107,7 +107,7 @@ CVE-2025-50481 (A cross-site scripting (XSS) vulnerability
in the component /blo
CVE-2025-50477 (A URL redirection in lbry-desktop v0.53.9 allows attackers to
redirect ...)
TODO: check
CVE-2025-50127 (A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla
was disc ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-4700 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2025-4439 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
@@ -123,7 +123,7 @@ CVE-2025-47187 (A vulnerability in the Mitel 6800 Series,
6900 Series, and 6900w
CVE-2025-46686 (Redis through 7.4.3 allows memory consumption via a multi-bulk
command ...)
TODO: check
CVE-2025-46171 (vBulletin 3.8.7 is vulnerable to a denial-of-service condition
via the ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2025-46099 (In Pluck CMS 4.7.20-dev, an authenticated attacker can upload
or creat ...)
TODO: check
CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to
redirect vict ...)
@@ -131,27 +131,27 @@ CVE-2025-44109 (A URL redirection in Pinokio v3.6.23
allows attackers to redirec
CVE-2025-43881 (Improper validation of specified quantity in input issue
exists in Rea ...)
TODO: check
CVE-2025-43489 (A potential security vulnerability has been identified in the
Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43488 (A potential security vulnerability has been identified in the
Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43487 (A potential privilege escalation through Sudo vulnerability
has been i ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43486 (A potential stored cross-site scripting vulnerability has been
identif ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43485 (A potential security vulnerability has been identified in the
Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43484 (A potential reflected cross-site scripting vulnerability has
been iden ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43483 (A potential security vulnerability has been identified in the
Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43022 (A potential SQL injection vulnerability has been identified in
the Pol ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43021 (A potential security vulnerability has been identified in the
Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43020 (A potential command injection vulnerability has been
identified in the ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-42947 (SAP FICA ODN framework allows a high privileged user to inject
value i ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-41687 (An unauthenticated remote attacker may use a stack based
buffer overfl ...)
TODO: check
CVE-2025-41684 (An authenticated remote attacker can execute arbitrary
commands with r ...)
@@ -161,47 +161,47 @@ CVE-2025-41683 (An authenticated remote attacker can
execute arbitrary commands
CVE-2025-41425 (DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a
cross-site script ...)
TODO: check
CVE-2025-40599 (An authenticated arbitrary file upload vulnerability exists in
the SMA ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-40598 (A Reflected cross-site scripting (XSS) vulnerability exists in
the SMA ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-40597 (A Heap-based buffer overflow vulnerability in the SMA100
series web in ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-40596 (A Stack-based buffer overflow vulnerability in the SMA100
series web i ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-36117 (IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the
session i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36116 (IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by
cross-site W ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33077 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and
10.0.1 is vul ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33076 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and
10.0.1 is vul ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33020 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and
10.0.1 transm ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-31701 (A vulnerability has been found in Dahua products. Attackers
could exp ...)
TODO: check
CVE-2025-31700 (A vulnerability has been found in Dahua products. Attackers
could exp ...)
TODO: check
CVE-2025-2634 (Out of bounds read vulnerability due to improper bounds
checking in NI ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2025-2633 (Out of bounds read vulnerability due to improper bounds
checking in NI ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2025-27930 (Zohocorp ManageEngine Applications Manager versions176600 and
prior ar ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2024-53288 (Improper neutralization of input during web page generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-53287 (Improper neutralization of input during web page generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-53286 (Improper neutralization of special elements used in an OS
command ('OS ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-41751 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-41750 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-40686 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-40682 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1,
1.3.7.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-12310 (A vulnerability in Imprivata Enterprise Access
Management(formerly Imp ...)
TODO: check
CVE-2022-4978 (Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows
unauth ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/646aa54b2a1ee2d9ccedbded3a0bdd4411ff1ea1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/646aa54b2a1ee2d9ccedbded3a0bdd4411ff1ea1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
