[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 23 21:13:19 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
646aa54b by security tracker role at 2025-07-23T20:13:11+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2025-8070 (The Windows service configuration of ABP and AES contains an unquoted ...)
- TODO: check
+ NOT-FOR-US: Asustor
CVE-2025-8069 (During the AWS Client VPN client installation on Windows devices, the ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-8060 (A vulnerability has been found in Tenda AC23 16.03.07.52 and classifie ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to 2.41 is ...)
TODO: check
CVE-2025-8022 (All versions of the package bun are vulnerable to Improper Neutralizat ...)
@@ -19,23 +19,23 @@ CVE-2025-7724 (An unauthenticated OS command injection vulnerability existsin VI
CVE-2025-7723 (A command injection vulnerability exists that can be exploited after a ...)
TODO: check
CVE-2025-7722 (The Social Streams plugin for WordPress is vulnerable to privilege esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6261 (The Fleetwire Fleet Management plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6215 (The Omnishop plugin for WordPress is vulnerable to Unauthenticated Reg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6214 (The Omnishop plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6190 (The Realty Portal \u2013 Agent plugin for WordPress is vulnerable to P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6174 (The Qwizcards | online quizzes and flashcards WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6054 (The YANewsflash plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5818 (The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5753 (The Valuation Calculator plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-54455 (Use of Hard-coded Credentials vulnerability in Samsung Electronics Mag ...)
TODO: check
CVE-2025-54454 (Use of Hard-coded Credentials vulnerability in Samsung Electronics Mag ...)
@@ -73,13 +73,13 @@ CVE-2025-54439 (Unrestricted Upload of File with Dangerous Type vulnerability in
CVE-2025-54438 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-54297 (A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joom ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54296 (A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54295 (A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Jo ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54294 (A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was di ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54141 (ViewVC is a browser interface for CVS and Subversion version control r ...)
TODO: check
CVE-2025-54140 (pyLoad is a free and open-source Download Manager written in pure Pyth ...)
@@ -107,7 +107,7 @@ CVE-2025-50481 (A cross-site scripting (XSS) vulnerability in the component /blo
CVE-2025-50477 (A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect ...)
TODO: check
CVE-2025-50127 (A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was disc ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-4700 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
TODO: check
CVE-2025-4439 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
@@ -123,7 +123,7 @@ CVE-2025-47187 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w
CVE-2025-46686 (Redis through 7.4.3 allows memory consumption via a multi-bulk command ...)
TODO: check
CVE-2025-46171 (vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2025-46099 (In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or creat ...)
TODO: check
CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to redirect vict ...)
@@ -131,27 +131,27 @@ CVE-2025-44109 (A URL redirection in Pinokio v3.6.23 allows attackers to redirec
CVE-2025-43881 (Improper validation of specified quantity in input issue exists in Rea ...)
TODO: check
CVE-2025-43489 (A potential security vulnerability has been identified in the Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43488 (A potential security vulnerability has been identified in the Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43487 (A potential privilege escalation through Sudo vulnerability has been i ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43486 (A potential stored cross-site scripting vulnerability has been identif ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43485 (A potential security vulnerability has been identified in the Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43484 (A potential reflected cross-site scripting vulnerability has been iden ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43483 (A potential security vulnerability has been identified in the Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43022 (A potential SQL injection vulnerability has been identified in the Pol ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43021 (A potential security vulnerability has been identified in the Poly Cla ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-43020 (A potential command injection vulnerability has been identified in the ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-42947 (SAP FICA ODN framework allows a high privileged user to inject value i ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-41687 (An unauthenticated remote attacker may use a stack based buffer overfl ...)
TODO: check
CVE-2025-41684 (An authenticated remote attacker can execute arbitrary commands with r ...)
@@ -161,47 +161,47 @@ CVE-2025-41683 (An authenticated remote attacker can execute arbitrary commands
CVE-2025-41425 (DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site script ...)
TODO: check
CVE-2025-40599 (An authenticated arbitrary file upload vulnerability exists in the SMA ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-40598 (A Reflected cross-site scripting (XSS) vulnerability exists in the SMA ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-40597 (A Heap-based buffer overflow vulnerability in the SMA100 series web in ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-40596 (A Stack-based buffer overflow vulnerability in the SMA100 series web i ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-36117 (IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36116 (IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site W ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33077 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vul ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33076 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vul ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33020 (IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transm ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-31701 (A vulnerability has been found in Dahua products. Attackers could exp ...)
TODO: check
CVE-2025-31700 (A vulnerability has been found in Dahua products. Attackers could exp ...)
TODO: check
CVE-2025-2634 (Out of bounds read vulnerability due to improper bounds checking in NI ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2025-2633 (Out of bounds read vulnerability due to improper bounds checking in NI ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2025-27930 (Zohocorp ManageEngine Applications Manager versions176600 and prior ar ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2024-53288 (Improper neutralization of input during web page generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-53287 (Improper neutralization of input during web page generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-53286 (Improper neutralization of special elements used in an OS command ('OS ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-41751 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-41750 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-40686 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-40682 (IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-12310 (A vulnerability in Imprivata Enterprise Access Management(formerly Imp ...)
TODO: check
CVE-2022-4978 (Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows unauth ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/646aa54b2a1ee2d9ccedbded3a0bdd4411ff1ea1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/646aa54b2a1ee2d9ccedbded3a0bdd4411ff1ea1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250723/8f07c540/attachment.htm>
More information about the debian-security-tracker-commits
mailing list