Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
588adc5a by security tracker role at 2025-07-28T20:13:44+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-8279 (Insufficient input validation within GitLab
Language Server 7.6.0
CVE-2025-8275 (A vulnerability, which was classified as problematic, has been
found i ...)
TODO: check
CVE-2025-8274 (A vulnerability classified as critical was found in Campcodes
Online R ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-8273 (A vulnerability classified as critical has been found in
code-projects ...)
TODO: check
CVE-2025-8272 (A vulnerability was found in code-projects Exam Form Submission
1.0. I ...)
@@ -27,35 +27,35 @@ CVE-2025-7676 (DLL hijacking of all PE32 executables when
run on Windows for ARM
CVE-2025-6918 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-6250 (Prior to 25.4.270.0, when wmic.exe is elevated with a full
admin token ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2025-5997 (Incorrect Use of Privileged APIs vulnerability in Beamsec
PhishPro all ...)
TODO: check
CVE-2025-54569 (In Malwarebytes Binisoft Windows Firewall Control before
6.16.0.0, the ...)
TODO: check
CVE-2025-54538 (In JetBrains TeamCity before 2025.07 password exposure was
possible vi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54537 (In JetBrains TeamCity before 2025.07 user credentials were
stored in p ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54536 (In JetBrains TeamCity before 2025.07 a CSRF was possible on
GraphQL en ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54535 (In JetBrains TeamCity before 2025.07 password reset and email
verifica ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54534 (In JetBrains TeamCity before 2025.07 reflected XSS was
possible on the ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54533 (In JetBrains TeamCity before 2025.07 improper access control
allowed d ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54532 (In JetBrains TeamCity before 2025.07 improper access control
allowed d ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54531 (In JetBrains TeamCity before 2025.07 path traversal was
possible via p ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54530 (In JetBrains TeamCity before 2025.07 privilege escalation was
possible ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54529 (In JetBrains TeamCity before 2025.07 a CSRF was possible in
external O ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54528 (In JetBrains TeamCity before 2025.07 a CSRF was possible in
GitHub App ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54527 (In JetBrains YouTrack before 2025.2.86935, 2025.2.87167,
2025.3.8734 ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-54423 (copyparty is a portable file server. In versions up to and
including v ...)
TODO: check
CVE-2025-54419 (A SAML library not dependent on any frameworks that runs in
Node. In v ...)
@@ -63,35 +63,35 @@ CVE-2025-54419 (A SAML library not dependent on any
frameworks that runs in Node
CVE-2025-54418 (CodeIgniter is a PHP full-stack web framework. A command
injection vul ...)
TODO: check
CVE-2025-54299 (A stored XSS vulnerability in No Boss Testimonials component
1.0.0-3.0 ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54298 (A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0
for Joo ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-53696 (iSTAR Ultra performs a firmware verification on boot, however
the veri ...)
TODO: check
CVE-2025-53695 (OS Command Injection in iSTAR Ultra products web application
allows an ...)
TODO: check
CVE-2025-50494 (Improper session invalidation in the component
/doctor/change-password ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50493 (Improper session invalidation in the component
/doctor/change-password ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50492 (Improper session invalidation in the component
/edms/change-password.p ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50491 (Improper session invalidation in the component
/banker/change-password ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50490 (Improper session invalidation in the component
/elms/emp-changepasswor ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50489 (Improper session invalidation in the component
/srms/change-password.p ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50488 (Improper session invalidation in the component
/library/change-passwor ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50487 (Improper session invalidation in the component
/bbdms/change-password. ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50486 (Improper session invalidation in the component
/carrental/update-passw ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50485 (Improper session invalidation in the component
/crm/change-password.ph ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-50484 (Improper session invalidation in the component
/crm/change-password.ph ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-43023 (A potential security vulnerability has been identified in the
HP Linux ...)
TODO: check
CVE-2025-40730 (HTML injection in Vox Media's Chorus CMS. This vulnerability
allows an ...)
@@ -107,7 +107,7 @@ CVE-2025-30125 (An issue was discovered on Marbella KR8s
Dashcam FF 2.0.8 device
CVE-2025-30124 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8
devices. Whe ...)
TODO: check
CVE-2025-2297 (Prior to version 25.4.270.0, a local authenticated attacker can
manipu ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust
CVE-2025-29534 (An authenticated remote code execution vulnerability in
PowerStick Wav ...)
TODO: check
CVE-2025-27802 (The Episerver Content Management System (CMS) by Optimizely
was affect ...)
@@ -123,9 +123,9 @@ CVE-2025-26469 (An incorrect default permissions
vulnerability exists in the CSe
CVE-2025-24485 (A server-side request forgery vulnerability exists in the
cecho.php fu ...)
TODO: check
CVE-2024-49343 (IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to
HTML inje ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-49342 (IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate
account ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-38497 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/3014168731b7930300aab656085af784edc861f6 (6.16-rc7)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/588adc5a67d55da38fe4993bea172a233b383d2c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/588adc5a67d55da38fe4993bea172a233b383d2c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
