[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 13 20:13:52 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
82013326 by security tracker role at 2025-11-13T20:13:43+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2025-8397 (The Save as PDF Button plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7704 (Supermicro BMC Insyde SMASH shell program has a stacked-based overflo ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2025-64741 (Improper authorization handling in Zoom Workplace for Android before v ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-64740 (Improper verification of cryptographic signature in the installer for ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-64739 (External control of file name or path in certain Zoom Clients may allo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-64738 (External control of file name or path in Zoom Workplace for macOS befo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-64726 (Socket Firewall is an HTTP/HTTPS proxy server that intercepts package ...)
TODO: check
CVE-2025-64718 (js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and b ...)
@@ -41,55 +41,55 @@ CVE-2025-64523 (File Browser provides a file managing interface within a specifi
CVE-2025-64511 (MaxKB is an open-source AI assistant for enterprise. In versions prior ...)
TODO: check
CVE-2025-64482 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-64429 (DuckDB is a SQL database management system. DuckDB implemented block-b ...)
TODO: check
CVE-2025-64384 (Missing Authorization vulnerability in jetmonsters JetFormBuilder jetf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64383 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64382 (Missing Authorization vulnerability in WebToffee Order Export & Order ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64381 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64380 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64379 (Missing Authorization vulnerability in Pluggabl Booster for WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64370 (Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64369 (Missing Authorization vulnerability in codepeople Contact Form Email c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64345 (Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3 ...)
TODO: check
CVE-2025-64292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64277 (Missing Authorization vulnerability in QuantumCloud ChatBot chatbot al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64276 (Missing Authorization vulnerability in Ays Pro Survey Maker survey-mak ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64275 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64274 (Missing Authorization vulnerability in wpkoithemes WPKoi Templates for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64271 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64269 (Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64267 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64265 (Missing Authorization vulnerability in N-Media Frontend File Manager n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64264 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64263 (Missing Authorization vulnerability in PluginEver WP Content Pilot wp- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64262 (Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64261 (Missing Authorization vulnerability in codepeople Appointment Booking ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64259 (Missing Authorization vulnerability in Jeroen Schmit Theater for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64186 (Evervault is a payment security solution. A vulnerability was identifi ...)
TODO: check
CVE-2025-63645 (A stored cross-site scripting (XSS) vulnerability exists in pH7Softwar ...)
@@ -99,125 +99,125 @@ CVE-2025-63406 (An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47
CVE-2025-63396 (An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profil ...)
TODO: check
CVE-2025-62484 (Inefficient regular expression complexity in certain Zoom Workplace Cl ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-62483 (Improper removal of sensitive information in certain Zoom Clients befo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-62482 (Cross-site scripting in Zoom Workplace for Windows before version 6.5. ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-60702 (A command injection vulnerability exists in the TOTOLINK A950RG Router ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60701 (A command injection vulnerability exists in the D-Link DIR-882 Router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60700 (A command injection vulnerability exists in the D-Link DIR-882 Router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60699 (A buffer overflow vulnerability exists in the TOTOLINK A950RG Router f ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60698 (A command injection vulnerability exists in the D-Link DIR-882 Router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60697 (A command injection vulnerability exists in the D-Link DIR-882 Router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60696 (A stack-based buffer overflow vulnerability exists in the makeRequest. ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60695 (A stack-based buffer overflow vulnerability exists in the mtk_dut bina ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60694 (A stack-based buffer overflow exists in the validate_static_route func ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60693 (A stack-based buffer overflow exists in the get_merge_mac function of ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60692 (A stack-based buffer overflow vulnerability exists in the libshared.so ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60691 (A stack-based buffer overflow exists in the httpd binary of Linksys E1 ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60690 (A stack-based buffer overflow exists in the get_merge_ipaddr function ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60689 (An unauthenticated command injection vulnerability exists in the Start ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-60688 (A stack buffer overflow vulnerability exists in the ToToLink LR1200GB ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60687 (An unauthenticated command injection vulnerability exists in the ToToL ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60686 (A local stack-based buffer overflow vulnerability exists in the infost ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60685 (A stack buffer overflow exists in the ToToLink A720R Router firmware V ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60684 (A stack buffer overflow vulnerability exists in the ToToLink LR1200GB ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60683 (A command injection vulnerability exists in the ToToLink A720R Router ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60682 (A command injection vulnerability exists in the ToToLink A720R Router ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60679 (A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 r ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60676 (An unauthenticated command injection vulnerability exists in the D-Lin ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60675 (A command injection vulnerability exists in the D-Link DIR-823G router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60674 (A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 r ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60673 (An unauthenticated command injection vulnerability exists in the D-Lin ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60672 (An unauthenticated command injection vulnerability exists in the D-Lin ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60671 (A command injection vulnerability exists in the D-Link DIR-823G router ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-59840 (Vega is a visualization grammar, a declarative format for creating, sa ...)
TODO: check
CVE-2025-59480 (Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redir ...)
TODO: check
CVE-2025-59367 (An authentication bypass vulnerability has been identified in certain ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-55810 (A vulnerability was found in Alaga Home Security WiFi Camera 3K (model ...)
TODO: check
CVE-2025-52186 (Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2 ...)
TODO: check
CVE-2025-46608 (Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46427 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46370 (Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46369 (Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46368 (Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46367 (Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46362 (Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-43515 (The issue was addressed by refusing external connections by default. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-41069 (Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of ...)
TODO: check
CVE-2025-40681 (Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnicha ...)
TODO: check
CVE-2025-36223 (IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caus ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33119 (IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in conf ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-30669 (Improper certificate validation in certain Zoom Clients may allow an u ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-30662 (Symlink following in the installer for the Zoom Workplace VDI Plugin m ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-20355 (A vulnerability in the web-based management interface of Cisco Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20353 (A vulnerability in the web-based management interface of Cisco Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20349 (A vulnerability in the REST API of Cisco Catalyst Center could allow a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20346 (A vulnerability in Cisco Catalyst Center could allow an authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20341 (A vulnerability in Cisco Catalyst Center Virtual Appliance could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-13123 (A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Th ...)
TODO: check
CVE-2025-13122 (A vulnerability was detected in SourceCodester Patients Waiting Area Q ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13121 (A security vulnerability has been detected in cameasy Liketea 1.0.0. I ...)
TODO: check
CVE-2025-13120 (A vulnerability has been found in mruby up to 3.4.0. This vulnerabilit ...)
TODO: check
CVE-2025-13119 (A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13118 (A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Aff ...)
TODO: check
CVE-2025-13117 (A security vulnerability has been detected in macrozheng mall-swarm up ...)
@@ -229,29 +229,29 @@ CVE-2025-13115 (A security flaw has been discovered in macrozheng mall-swarm up
CVE-2025-13114 (A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. T ...)
TODO: check
CVE-2025-13076 (A flaw has been found in code-projects Responsive Hotel Site 1.0. The ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-13075 (A vulnerability was detected in code-projects Responsive Hotel Site 1. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-13063 (A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an ...)
TODO: check
CVE-2025-13061 (A vulnerability was detected in itsourcecode Online Voting System 1.0. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-13060 (A security vulnerability has been detected in SourceCodester Survey Ap ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13059 (A weakness has been identified in SourceCodester Alumni Management Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-12979 (The Welcart e-Commerce plugin for WordPress is vulnerable to unauthori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12892 (The Survey Maker plugin for WordPress is vulnerable to unauthorized mo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12891 (The Survey Maker plugin for WordPress is vulnerable to unauthorized ac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12844 (The AI Engine plugin for WordPress is vulnerable to PHP Object Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12785 (Certain HP LaserJet Pro printers may be vulnerable to information disc ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-12784 (Certain HP LaserJet Pro printers may be vulnerable to information disc ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-12765 (pgAdmin <= 9.9 is affected by avulnerability in the LDAP authenticatio ...)
TODO: check
CVE-2025-12764 (pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the L ...)
@@ -261,35 +261,35 @@ CVE-2025-12763 (pgAdmin 4 versions up to 9.9 are affected by a command injection
CVE-2025-12762 (pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RC ...)
TODO: check
CVE-2025-12733 (The Import any XML, CSV or Excel File to WordPress (WP All Import) plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12703
REJECTED
CVE-2025-12681 (The Comment Edit Core \u2013 Simple Comment Editing plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12620 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12536 (The SureForms plugin for WordPress is vulnerable to Sensitive Informat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12377 (The Gallery Plugin for WordPress \u2013 Envira Photo Gallery plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12366 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12089 (The Data Tables Generator by Supsystic plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12015 (The Convert WebP & AVIF | Quicq | Best image optimizer and compression ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11923 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11777 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to prop ...)
TODO: check
CVE-2025-11769 (The WordPress Content Flipper plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11538 (A vulnerability exists in Keycloak's server distribution where enablin ...)
TODO: check
CVE-2025-11260 (The WP Headless CMS Framework plugin for WordPress is vulnerable to pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10295 (The Angel \u2013 Fashion Model Agency WordPress CMS Theme theme for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7329 (Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (har ...)
TODO: check
CVE-2023-7327 (Ozeki SMS Gateway versions up to and including 10.3.208 contain a path ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/820133267c367ed1ead11a8e92975f0a4b6a0204
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/820133267c367ed1ead11a8e92975f0a4b6a0204
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251113/1595940b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list