[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 8 21:13:51 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a695d911 by security tracker role at 2025-07-08T20:13:45+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,75 +7,75 @@ CVE-2025-7345 (A flaw exists in gdk\u2011pixbuf within the gdk_pixbuf__jpeg_imag
CVE-2025-7326 (Weak authentication in EOLASP.NET Core allows an unauthorized attacker ...)
TODO: check
CVE-2025-7193 (A vulnerability was found in itsourcecode Agri-Trading Online Shopping ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-7192 (A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classifi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-7191 (A vulnerability has been found in code-projects Student Enrollment Sys ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7190 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7189 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7188 (A vulnerability classified as critical was found in code-projects Chat ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7187 (A vulnerability classified as critical has been found in code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7186 (A vulnerability was found in code-projects Chat System 1.0. It has bee ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7185 (A vulnerability was found in code-projects Library System 1.0. It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7184 (A vulnerability was found in code-projects Library System 1.0. It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7183 (A vulnerability was found in Campcodes Sales and Inventory System 1.0 ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-7182 (A vulnerability has been found in itsourcecode Student Transcript Proc ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-7181 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7180 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7179 (A vulnerability classified as critical was found in code-projects Libr ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7178 (A vulnerability classified as critical has been found in code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7177 (A vulnerability was found in PHPGurukul Car Washing Management System ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-7176 (A vulnerability was found in PHPGurukul Hospital Management System 1.0 ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-7175 (A vulnerability was found in code-projects E-Commerce Site 1.0. It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7174 (A vulnerability was found in code-projects Library System 1.0 and clas ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7173 (A vulnerability has been found in code-projects Library System 1.0 and ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7172 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7171 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7170 (A vulnerability classified as critical was found in code-projects Crim ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7169 (A vulnerability classified as critical has been found in code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7037 (SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-6996 (Improper use of encryption in the agent of Ivanti Endpoint Manager bef ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-6995 (Improper use of encryption in the agent of Ivanti Endpoint Manager bef ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-6771 (OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before v ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-6770 (OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before v ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-6744 (The The Woodmart theme for WordPress is vulnerable to arbitrary shortc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5464 (Insertion of sensitive information into a log file in Ivanti Connect S ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-5463 (Insertion of sensitive information into a log file in Ivanti Connect S ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-5451 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-5450 (Improper access control in the certificate management component of Iva ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-53545 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
TODO: check
CVE-2025-53513 (The /charms endpoint on a Juju controller lacked sufficient authorizat ...)
@@ -93,11 +93,11 @@ CVE-2025-53355 (MCP Server Kubernetes is an MCP Server that can connect to a Kub
CVE-2025-50130 (A heap-based buffer overflow vulnerability exists in VS6Sim.exe contai ...)
TODO: check
CVE-2025-4663 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2025-49760 (External control of file name or path in Windows Storage allows an aut ...)
TODO: check
CVE-2025-49756 (Use of a broken or risky cryptographic algorithm in Office Developer P ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-49753 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
TODO: check
CVE-2025-49744 (Heap-based buffer overflow in Microsoft Graphics Component allows an a ...)
@@ -347,37 +347,37 @@ CVE-2025-47178 (Improper neutralization of special elements used in an sql comma
CVE-2025-47159 (Protection mechanism failure in Windows Virtualization-Based Security ...)
TODO: check
CVE-2025-47135 (Dimension versions 4.1.2 and earlier are affected by an out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-47109 (After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43587 (After Effects versions 25.2, 24.6.6 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43580 (Audition versions 25.2, 24.6.3 and earlier are affected by an Access o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43019 (A potential security vulnerability has been identified in the HP Suppo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-41224 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-41223 (A vulnerability has been identified in RUGGEDCOM i800 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-41222 (A vulnerability has been identified in RUGGEDCOM i800 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40742 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40741 (A vulnerability has been identified in Solid Edge SE2025 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40740 (A vulnerability has been identified in Solid Edge SE2025 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40739 (A vulnerability has been identified in Solid Edge SE2025 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40738 (A vulnerability has been identified in SINEC NMS (All versions < V4.0) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40737 (A vulnerability has been identified in SINEC NMS (All versions < V4.0) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40736 (A vulnerability has been identified in SINEC NMS (All versions < V4.0) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40735 (A vulnerability has been identified in SINEC NMS (All versions < V4.0) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40721 (Reflected Cross-site Scripting (XSS) vulnerability in versions prior t ...)
TODO: check
CVE-2025-40720 (Reflected Cross-site Scripting (XSS) vulnerability in versions prior t ...)
@@ -401,161 +401,161 @@ CVE-2025-40712 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter
CVE-2025-40711 (SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gatew ...)
TODO: check
CVE-2025-40593 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-3648 (A vulnerability has been identified in the Now Platform that could res ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2025-3630 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-37103 (Hard-coded login credentials were found in HPE Networking Instant On ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37102 (An authenticated command injection vulnerability exists in the Command ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-36600 (Dell Client Platform BIOS contains an Improper Access Control Applied ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-33054 (Insufficient UI warning of dangerous operations in Remote Desktop Clie ...)
TODO: check
CVE-2025-30312 (Dimension versions 4.1.2 and earlier are affected by an out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-2827 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 throu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-2793 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-29267 (SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP ...)
TODO: check
CVE-2025-27369 (IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to informa ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27367 (IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27127 (A vulnerability has been identified in TIA Project-Server (All version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-27061 (Memory corruption whhile handling the subsystem failure memory during ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27058 (Memory corruption while processing packet data with exceedingly large ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27057 (Transient DOS while handling beacon frames with invalid IE header leng ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27056 (Memory corruption during sub-system restart while processing clean-up ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27055 (Memory corruption during the image encoding process.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27052 (Memory corruption while processing data packets in diag received from ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27051 (Memory corruption while processing command message in WLAN Host.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27050 (Memory corruption while processing event close when client process ter ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27047 (Memory corruption while processing the TESTPATTERNCONFIG escape path.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27046 (Memory corruption while processing multiple simultaneous escape calls.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27044 (Memory corruption while executing timestamp video decode command with ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27043 (Memory corruption while processing manipulated payload in video firmwa ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-27042 (Memory corruption while processing video packets received from video f ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-26636 (Processor optimization removal or modification of security-critical co ...)
TODO: check
CVE-2025-24474 (An Improper Neutralization of Special Elements used in an SQL Command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-23365 (A vulnerability has been identified in TIA Administrator (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-23364 (A vulnerability has been identified in TIA Administrator (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-21466 (Memory corruption while processing a private escape command in an even ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21454 (Transient DOS while processing received beacon frame.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21450 (Cryptographic issue occurs due to use of insecure connection method wh ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21449 (Transient DOS may occur while processing malformed length field in SSI ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21446 (Transient DOS may occur when processing vendor-specific information el ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21445 (Memory corruption while copying the result to the transmission queue w ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21444 (Memory corruption while copying the result to the transmission queue i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21433 (Transient DOS when importing a PKCS#8-encoded RSA private key with a z ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21432 (Memory corruption while retrieving the CBOR data from TA.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21427 (Information disclosure while decoding this RTP packet Payload when UE ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21426 (Memory corruption while processing camera TPG write request.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21422 (Cryptographic issue while processing crypto API calls, missing checks ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-21195 (Improper link resolution before file access ('link following') in Serv ...)
TODO: check
CVE-2025-21168 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-21167 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-21166 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-21165 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-21164 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-21009 (Out-of-bounds read in decoding malformed frame header in libsavsvc.so ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21008 (Out-of-bounds read in decoding frame header in libsavsvc.so prior to A ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21007 (Out-of-bounds write in accessing uninitialized memory in libsavsvc.so ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21006 (Out-of-bounds write in handling of macro blocks for MPEG4 codec in lib ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21005 (Improper access control in isemtelephony prior to Android 15 allows lo ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21004 (Improper verification of intent by broadcast receiver in System UI for ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21003 (Insecure storage of sensitive information in Emergency SOS prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21002 (Improper access control in LeAudioService prior to SMR Jul-2025 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21001 (Improper access control in LeAudioService prior to SMR Jul-2025 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21000 (Improper privilege management in Bluetooth prior to SMR Jul-2025 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20999 (Improper authorization in accessing saved Wi-Fi password for Galaxy Ta ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20998 (Improper access control in SamsungAccount for Galaxy Watch prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20997 (Incorrect default permission in Framework for Galaxy Watch prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20983 (Out-of-bounds write in checking auth secret in KnoxVault trustlet prio ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-20982 (Out-of-bounds write in setting auth secret in KnoxVault trustlet prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-0928 (In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controll ...)
TODO: check
CVE-2025-0293 (CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Iv ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-0292 (SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Polic ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-55599 (An Improperly Implemented Security Check for Standard vulnerability [C ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-53009 (Memory corruption while operating the mailbox in Automotive.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-52965 (A missing critical step in authentication vulnerability [CWE-304] in F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-49784 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expe ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-49783 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than ex ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-36349 (A transient execution vulnerability in some AMD processors may allow a ...)
TODO: check
CVE-2024-36348 (A transient execution vulnerability in some AMD processors may allow a ...)
TODO: check
CVE-2024-31854 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-31853 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-52236 (A vulnerability has been identified in RUGGEDCOM i800 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-43039 (IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. T ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-48386 (Git is a fast, scalable, distributed revision control system with an u ...)
- git <unfixed>
NOTE: https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a695d9111ca89e2ef738b8f4fc317f836915ba5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a695d9111ca89e2ef738b8f4fc317f836915ba5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250708/b9b606a1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list