[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 11 08:12:56 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
52eac0d5 by security tracker role at 2025-11-11T08:12:48+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2025-9524 (The VAPIX API port.cgi did not have sufficient input validation, which ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-9055 (The VAPIX Edge storage API that allowed a privilege escalation, enabli ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-8998 (It was possible to upload files with a specific name to a temporary di ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-8108 (An ACAP configuration file has improper permissions and lacks input va ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-7429 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-6779 (An ACAP configuration file has improper permissions, which could allow ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-6571 (A 3rd-party componentexposed its password in process arguments, allowi ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-6298 (ACAP applications can gain elevated privileges due to improper input v ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-64529 (SpiceDB is an open source database system for creating and managing se ...)
TODO: check
CVE-2025-64522 (Soft Serve is a self-hostable Git server for the command line. Version ...)
@@ -59,13 +59,13 @@ CVE-2025-63296 (KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.5
CVE-2025-62780 (changedetection.io is a free open source web page change detection too ...)
TODO: check
CVE-2025-5718 (The ACAP Application framework could allow privilege escalation throug ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-5454 (An ACAP configuration file lacked sufficient input validation, which c ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-5452 (A malicious ACAP application can gain access to admin-level service ac ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-4645 (An ACAP configuration file lacked sufficient input validation, which c ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-49145 (Combodo iTop is a web based IT service management tool. In versions pr ...)
TODO: check
CVE-2025-48878 (Combodo iTop is a web based IT service management tool. In versions on ...)
@@ -75,173 +75,173 @@ CVE-2025-48065 (Combodo iTop is a web based IT service management tool. Versions
CVE-2025-48055 (Combodo iTop is a web based IT service management tool. In versions pr ...)
TODO: check
CVE-2025-42940 (SAP CommonCryptoLib does not perform necessary boundary checks during ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42924 (SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated a ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42919 (Due to an Information Disclosure vulnerability in SAP NetWeaver Applic ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42899 (SAP S4CORE (Manage journal entries) does not perform necessary authori ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42897 (Due to information disclosure vulnerability in anonymous API provided ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42895 (Due to insufficient validation of connection property values, the SAP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42894 (Due to a Path Traversal vulnerability in SAP Business Connector, an at ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42893 (Due to an Open Redirect vulnerability in SAP Business Connector, an un ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42892 (Due to an OS Command Injection vulnerability in SAP Business Connector ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42890 (SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposin ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42889 (SAP Starter Solution allows an authenticated attacker to execute craft ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42888 (SAP GUI for Windows may allow a highly privileged user on the affected ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42887 (Due to missing input sanitation, SAP Solution Manager allows an authen ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42886 (Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Bus ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42885 (Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthe ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42884 (SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42883 (Migration Workbench (DX Workbench) in SAP NetWeaver Application Server ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-42882 (Due to a missing authorization check in SAP NetWeaver Application Serv ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-31719 (In TEE EcDSA algorithm, there is a possible memory consistency issue. ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2025-12880 (The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12813 (The Holiday class post calendar plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12754 (The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12753 (The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12711 (The Share to Google Classroom plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12672 (The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12671 (The WP-Iconics plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12668 (The WP Count Down Timer plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12667 (The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12665 (The Ninja Countdown | Fastest Countdown Builder plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12663 (The Jeba Cute forkit plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12662 (The Coon Google Maps plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12658 (The Preload Current Images plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12652 (The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12651 (The Live Photos on WordPress plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12644 (The Nonaki \u2013 Drag and Drop Email Template builder and Newsletter ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12637 (The Elastic Theme Editor plugin for WordPress is vulnerable to arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12632 (The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12631 (The Squirrels Auto Inventory plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12590 (The YSlider plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12589 (The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12588 (The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12542
REJECTED
CVE-2025-12538 (The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12526 (The Private Google Calendars plugin for WordPress is vulnerable to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12132 (The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12126 (The The Total Book Project plugin for WordPress is vulnerable to Insec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12021 (The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12020 (The Double the Donation \u2013 A workplace giving tool to help your fu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12019 (The Featured Image plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12010 (The Authors List plugin for WordPress is vulnerable to Sensitive Infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11999 (The Add Multiple Marker plugin for WordPress is vulnerable to unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11997 (The Document Pro Elementor \u2013 Documentation & Knowledge Base plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11996 (The Find Unused Images plugin for WordPress is vulnerable to unauthori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11988 (The Crypto plugin for WordPress is vulnerable to unauthorized manipula ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11986 (The Crypto plugin for WordPress is vulnerable to Information exposure ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11894 (The Shelf Planner plugin for WordPress is vulnerable to unauthorized m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11892 (An improper neutralization of input vulnerability was identified in Gi ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2025-11891 (The Shelf Planner plugin for WordPress is vulnerable to Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11886 (The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11882 (The Simple Donate plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11874 (The Slippy Slider \u2013 Responsive Touch Navigation Slider plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11873 (The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11869 (The Precise Columns plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11863 (The My Geo Posts Free plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11860 (The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11859 (The Paypal Donation Shortcode plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11856 (The Eventbee Ticketing Widget plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11855 (The age-restriction WordPress plugin through 3.0.2 does not have autho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11829 (The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11828 (The Magazine Companion plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11822 (The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11821 (The Woocommerce \u2013 Products By Custom Tax plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11805 (The Skip to Timestamp plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11578 (A privilege escalation vulnerability was identified in GitHub Enterpri ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2025-11532 (The Wisly plugin for WordPress is vulnerable to Insecure Direct Object ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11521 (The Astra Security Suite \u2013 Firewall & Malware Scan plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11457 (The EasyCommerce \u2013 AI-Powered, Fast & Beautiful WordPress Ecommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11451 (The Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11307 (The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11237 (The Make Email Customizer for WooCommerce WordPress plugin through 1.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11170 (The WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3 for CPI p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11168 (The Mementor Core plugin for WordPress is vulnerable to Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11129 (The Include Fussball.de Widgets plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10714 (AXIS Optimizer was vulnerable to an unquoted search path vulnerability ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2021-4462 (Employee Records System version 1.0 contains an unrestricted file uplo ...)
TODO: check
CVE-2018-25124 (PacsOne Server version 6.6.2 (prior versions are likely affected) cont ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52eac0d57e205ff91ac13116d71a39caac95b8c0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52eac0d57e205ff91ac13116d71a39caac95b8c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251111/df8e0da9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list