[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 12 20:13:51 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2587261c by security tracker role at 2025-11-12T20:13:43+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2025-9316 (N-central < 2025.4 can generate sessionIDs for unauthenticated users ...)
TODO: check
CVE-2025-8485 (An improper permissions vulnerability was reported in Lenovo App Store ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-8421 (An improper default permission vulnerability was reported in Lenovo Do ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-65002 (Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if ...)
TODO: check
CVE-2025-65001 (Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially ...)
TODO: check
CVE-2025-64407 (Apache OpenOffice documents can contain links. A missing Authorization ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64406 (An out-of-bounds Write vulnerability in Apache OpenOffice could allow ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64405 (Apache OpenOffice documents can contain links. A missing Authorization ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64404 (Apache OpenOffice documents can contain links to other files. A missin ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64403 (Apache OpenOffice Calc spreadsheet can contain links to other files, i ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64402 (Apache OpenOffice documents can contain links. A missing Authorization ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64401 (Apache OpenOffice documents can contain links. A missing Authorization ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-64293 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64281 (An Authentication Bypass issue in CentralSquare Community Development ...)
TODO: check
CVE-2025-64280 (A SQL Injection Vulnerability in CentralSquare Community Development 1 ...)
TODO: check
CVE-2025-64117 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-64099 (Open Access Management (OpenAM) is an access management solution. In v ...)
TODO: check
CVE-2025-63929 (A null pointer dereference vulnerability exists in airpig2011 IEC104 t ...)
@@ -43,7 +43,7 @@ CVE-2025-63679 (free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When
CVE-2025-63667 (Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92 ...)
TODO: check
CVE-2025-63666 (Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that ex ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-63419 (Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The We ...)
TODO: check
CVE-2025-63353 (A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the devic ...)
@@ -55,7 +55,7 @@ CVE-2025-62876 (A Execution with Unnecessary Privileges vulnerability in lightdm
CVE-2025-61667 (The Datadog Agent collects events and metrics from hosts and sends the ...)
TODO: check
CVE-2025-61623 (Reflected cross-site scripting vulnerability in Apache OFBiz. This is ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-60646 (A stored cross-site scripting (XSS) in the Business Line Management mo ...)
TODO: check
CVE-2025-60645 (A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers ...)
@@ -63,7 +63,7 @@ CVE-2025-60645 (A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows att
CVE-2025-59491 (Cross Site Scripting vulnerability in CentralSquare Community Developm ...)
TODO: check
CVE-2025-59118 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-59089 (If an attacker causes kdcproxy to connect to an attacker-controlled KD ...)
TODO: check
CVE-2025-59088 (If kdcproxy receives a request for a realm which does not have server ...)
@@ -77,27 +77,27 @@ CVE-2025-56385 (A SQL injection vulnerability exists in the login functionality
CVE-2025-52331 (Cross-site scripting (XSS) vulnerability in the generate report functi ...)
TODO: check
CVE-2025-46428 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain a ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-37734 (Origin Validation Error in Kibana can lead to Server-Side Request Forg ...)
TODO: check
CVE-2025-27368 (IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-25236 (Omnissa Workspace ONE UEM contains an observable response discrepancy ...)
TODO: check
CVE-2025-20379 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20378 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-13058 (A security flaw has been discovered in soerennb eXtplorer up to 2.1.15 ...)
TODO: check
CVE-2025-13057 (A vulnerability was identified in Campcodes School Fees Payment Manage ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-12998 (Improper Authentication vulnerability in TYPO3 Extension "Modules" cod ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2025-12903 (The Payment Plugins Braintree For WooCommerce plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12732 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12382 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-12152
@@ -105,35 +105,35 @@ CVE-2025-12152
CVE-2025-12068
REJECTED
CVE-2025-12048 (An arbitrary file upload vulnerability was reported in the Lenovo Scan ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-12047 (A vulnerability was reported in the Lenovo Scanner pro application dur ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-11994 (The Easy Email Subscription plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11962 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-11797 (A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-11795 (A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to an XML External Entities ...)
TODO: check
CVE-2025-11567 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-11566 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-11565 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-11454 (The Specific Content For Mobile \u2013 Customize the mobile version wi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11367 (The N-central Software Probe < 2025.4 is vulnerable to Remote Code Exe ...)
TODO: check
CVE-2025-11366 (N-central < 2025.4 is vulnerable to authentication bypass via path tra ...)
TODO: check
CVE-2025-10495 (A potential vulnerability was reported in the Lenovo PC Manager, Lenov ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-48829 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-47866 (Ceph is a distributed object, block, and file storage platform. In ver ...)
TODO: check
CVE-2024-45301 (Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2587261c094c8a257d27a843d2fb7e6665aadeef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2587261c094c8a257d27a843d2fb7e6665aadeef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251112/79584b95/attachment.htm>
More information about the debian-security-tracker-commits
mailing list