[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 10 21:14:03 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72f028c5 by security tracker role at 2025-06-10T20:13:56+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,55 +1,55 @@
CVE-2025-5977 (A vulnerability was found in code-projects School Fees Payment System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5976 (A vulnerability has been found in PHPGurukul Rail Pass Management Syst ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5975 (A vulnerability, which was classified as problematic, was found in PHP ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5974 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5973 (A vulnerability classified as problematic was found in PHPGurukul Rest ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5972 (A vulnerability classified as problematic has been found in PHPGurukul ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5971 (A vulnerability was found in code-projects School Fees Payment System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5970 (A vulnerability was found in PHPGurukul Restaurant Table Booking Syste ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5969 (A vulnerability has been found in D-Link DIR-632 FW103B08 and classifi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-5943 (MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerab ...)
TODO: check
CVE-2025-5743 (CWE-78: I Improper Neutralization of Special Elements used in an OS Co ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-5742 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-5741 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-5740 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-5353 (A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-5335 (A maliciously crafted binary file when downloaded could lead to escala ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-4801
REJECTED
CVE-2025-4774 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-4681 (Improper Privilege Management vulnerability in upKeeper Solutions upKe ...)
TODO: check
CVE-2025-4680 (Improper Input Validation vulnerability in upKeeper Solutions upKeeper ...)
TODO: check
CVE-2025-4678 (Improper Neutralization of Special Elements in the chromium_path varia ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2025-4653 (Improper Neutralization of Special Elements in the backup name field m ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2025-4577 (The Smash Balloon Social Post Feed \u2013 Simple Social Feeds for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49511 (Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framewor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49510 (Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49509 (Missing Authorization vulnerability in Roland Beaussant Audio Editor & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49507 (Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay ...)
TODO: check
CVE-2025-49455 (Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt ...)
@@ -115,21 +115,21 @@ CVE-2025-47162 (Heap-based buffer overflow in Microsoft Office allows an unautho
CVE-2025-47160 (Protection mechanism failure in Windows Shell allows an unauthorized a ...)
TODO: check
CVE-2025-47112 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-47111 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-47110 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-47108 (Substance3D - Painter versions 11.0.1 and earlier are affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-47107 (InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-47106 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-47105 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-47104 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46612 (The Panel Designer dashboard in Airleader Master and Easy before 6.36 ...)
TODO: check
CVE-2025-44044 (Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity ...)
@@ -147,37 +147,37 @@ CVE-2025-43698 (Improper Preservation of Permissions vulnerability in Salesforce
CVE-2025-43697 (Improper Preservation of Permissions vulnerability in Salesforce OmniS ...)
TODO: check
CVE-2025-43593 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43590 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43589 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43588 (Substance3D - Sampler versions 5.0 and earlier are affected by an out- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43586 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43585 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43581 (Substance3D - Sampler versions 5.0 and earlier are affected by an out- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43579 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43578 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43577 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43576 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43575 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43574 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43573 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43558 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-43550 (Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-41657 (Due to an undocumented active bluetooth stack on products delivered wi ...)
TODO: check
CVE-2025-40662 (Absolute path disclosure vulnerability in DM Corporative CMS. This vul ...)
@@ -199,47 +199,47 @@ CVE-2025-40655 (A SQL injection vulnerability has been found in DM Corporative C
CVE-2025-40654 (A SQL injection vulnerability has been found in DM Corporative CMS. Th ...)
TODO: check
CVE-2025-40591 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40585 (A vulnerability has been identified in Energy Services (All versions w ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40569 (A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40568 (A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40567 (A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-3905 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-3899 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-3898 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-3117 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-3116 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-3112 (CWE-400: Uncontrolled Resource Consumption vulnerability exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-3052 (An arbitrary write vulnerability in Microsoft signed UEFI firmware all ...)
TODO: check
CVE-2025-37100 (A vulnerability in the APIs of HPE Aruba Networking Private 5G Corecou ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-36852 (A critical security vulnerability exists in remote cache extensions fo ...)
TODO: check
CVE-2025-36580 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Impr ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36578 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Inco ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36577 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Impr ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36576 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36575 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Expo ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36574 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Abso ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-33112 (IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-p ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33075 (Improper link resolution before file access ('link following') in Wind ...)
TODO: check
CVE-2025-33073 (Improper access control in Windows SMB allows an authorized attacker t ...)
@@ -311,19 +311,19 @@ CVE-2025-32712 (Use after free in Windows Win32K - GRFX allows an authorized att
CVE-2025-32710 (Use after free in Windows Remote Desktop Services allows an unauthoriz ...)
TODO: check
CVE-2025-31104 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-30327 (InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Ov ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30321 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30317 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-30220 (GeoServer is an open source server that allows users to share and edit ...)
TODO: check
CVE-2025-30145 (GeoServer is an open source server that allows users to share and edit ...)
TODO: check
CVE-2025-2918 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2884 (TCG TPM2.0 Reference implementation's CryptHmacSign helper function is ...)
TODO: check
CVE-2025-2474 (Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7. ...)
@@ -333,17 +333,17 @@ CVE-2025-29828 (Missing release of memory after effective lifetime in Windows Cr
CVE-2025-27505 (GeoServer is an open source server that allows users to share and edit ...)
TODO: check
CVE-2025-27207 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-27206 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-26395 (SolarWinds Observability Self-Hosted was susceptible to a cross-site ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-26394 (SolarWinds Observability Self-Hosted is susceptible to an open redir ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-25250 (An Exposure of Sensitive Information to an Unauthorized Actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-24471 (AnImproper Certificate Validation vulnerability [CWE-295] in FortiOS v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-24069 (Out-of-bounds read in Windows Storage Management Provider allows an au ...)
TODO: check
CVE-2025-24068 (Buffer over-read in Windows Storage Management Provider allows an auth ...)
@@ -351,19 +351,19 @@ CVE-2025-24068 (Buffer over-read in Windows Storage Management Provider allows a
CVE-2025-24065 (Out-of-bounds read in Windows Storage Management Provider allows an au ...)
TODO: check
CVE-2025-22463 (A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22455 (A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 a ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-22256 (A improper handling of insufficient permissions or privileges in Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-22254 (An Improper Privilege Management vulnerability [CWE-269] affecting For ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-22251 (An improper restriction of communication channel to intended endpoints ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-0052 (Improper input validation performed during the authentication process ...)
- TODO: check
+ NOT-FOR-US: Pure Storage
CVE-2025-0051 (Improper input validation performed during the authentication process ...)
- TODO: check
+ NOT-FOR-US: Pure Storage
CVE-2024-57190 (Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker ca ...)
TODO: check
CVE-2024-57189 (In Erxes <1.6.2, an authenticated attacker can write to arbitrary file ...)
@@ -371,17 +371,17 @@ CVE-2024-57189 (In Erxes <1.6.2, an authenticated attacker can write to arbitrar
CVE-2024-57186 (In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files ...)
TODO: check
CVE-2024-54019 (A improper validation of certificate with host mismatch in Fortinet Fo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-50568 (A channel accessible by non-endpoint vulnerability [CWE-300] in Fortin ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-50562 (An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-45329 (A authorization bypass through user-controlled key in Fortinet FortiPo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-43706 (Improper authorization in Kibana can lead to privilege abuse via a dir ...)
TODO: check
CVE-2024-41797 (A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-41505 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site ...)
TODO: check
CVE-2024-41504 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site ...)
@@ -403,7 +403,7 @@ CVE-2024-37394 (A stored cross-site scripting (XSS) vulnerability in the Project
CVE-2024-34711 (GeoServer is an open source server that allows users to share and edit ...)
TODO: check
CVE-2024-32119 (An improper authentication vulnerability [CWE-287] in Fortinet FortiCl ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-29198 (GeoServer is an open source software server written in Java that allow ...)
TODO: check
CVE-2024-13090 (A privilege escalation vulnerability may enable a service account to e ...)
@@ -411,7 +411,7 @@ CVE-2024-13090 (A privilege escalation vulnerability may enable a service accoun
CVE-2024-13089 (An OS command injection vulnerability within the update functionality ...)
TODO: check
CVE-2023-48786 (A server-side request forgery vulnerability [CWE-918] in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-49133 (Libtpms is a library that targets the integration of TPM functionality ...)
- libtpms <unfixed> (bug #1107617)
NOTE: Fixed by: https://github.com/stefanberger/libtpms/commit/9f9baccdba9cd3fc32f1355613abd094b21f7ba0 (v0.9.7)
@@ -195559,7 +195559,7 @@ CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757,
CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, ...)
NOT-FOR-US: SAP
CVE-2023-29184 (An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-29183 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: FortiGuard
CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in Fortinet Forti ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f028c50c487df9adb4fbe19011b424f7d8b101
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f028c50c487df9adb4fbe19011b424f7d8b101
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250610/ce8546fb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list