[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 9 21:14:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72ba92fc by security tracker role at 2025-07-09T20:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,75 +1,75 @@
CVE-2025-7381 (ImpactThis is an information disclosure vulnerability originating from ...)
TODO: check
CVE-2025-7379 (A security bypass vulnerability allows exploitation via Reverse Tabnab ...)
- TODO: check
+ NOT-FOR-US: Asustor
CVE-2025-7204 (In ConnectWise PSA versions older than 2025.9, a vulnerability exists ...)
TODO: check
CVE-2025-6514 (mcp-remote is exposed to OS command injection when connecting to untru ...)
TODO: check
CVE-2025-53743 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applit ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53742 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools AP ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53678 (Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53677 (Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deploymen ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53676 (Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53675 (Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unen ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53674 (Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sense ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53673 (Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53672 (Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API ke ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53671 (Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCl ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53670 (Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53669 (Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Ke ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53668 (Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unen ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53667 (Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch t ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53666 (Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens u ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53665 (Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loa ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53664 (Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest L ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53663 (Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube au ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53662 (Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53661 (Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask T ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53660 (Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Q ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53659 (Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry A ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53658 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53657 (Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not m ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53656 (Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53655 (Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53654 (Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Se ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53653 (Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53652 (Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53651 (Jenkins HTML Publisher Plugin 425 and earlier displays log messages th ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53650 (Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53645 (Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2025-53620 (@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Serv ...)
TODO: check
CVE-2025-53548 (Clerk helps developers build user management. Applications that use th ...)
@@ -77,7 +77,7 @@ CVE-2025-53548 (Clerk helps developers build user management. Applications that
CVE-2025-53546 (Folo organizes feeds content into one timeline. Using pull_request_tar ...)
TODO: check
CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.9 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic ...)
TODO: check
CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was discovere ...)
@@ -95,15 +95,15 @@ CVE-2025-3498 (An unauthenticated user with management network access can get an
CVE-2025-3497 (The Linux distribution underlying the Radiflow iSAP Smart Collector ( ...)
TODO: check
CVE-2025-36599 (Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Inse ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-2670 (IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27028 (The Linux deprivileged user vpuserin Radiflow iSAP Smart Collector (Ce ...)
TODO: check
CVE-2025-27027 (A user with vpusercredentials that opens an SSH connection to the devi ...)
TODO: check
CVE-2025-1112 (IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated use ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-38264 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0bf04c874fcb1ae46a863034296e4b33d8fbd66c (6.16-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72ba92fc7b834008e1900127109aa8f55b5486a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72ba92fc7b834008e1900127109aa8f55b5486a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250709/c0c0dfb0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list