[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 14 20:13:20 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12542dc9 by security tracker role at 2025-11-14T20:13:05+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-9982 (A vulnerability exists in QuickCMS version 6.8 where sensitive admin c ...)
TODO: check
CVE-2025-8870 (On affected platforms running Arista EOS, certain serial console input ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-8855 (Authorization Bypass Through User-Controlled Key, Weak Password Recove ...)
TODO: check
CVE-2025-64446 (A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 thr ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-63830 (CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File ...)
TODO: check
CVE-2025-63725 (Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A ...)
@@ -13,7 +13,7 @@ CVE-2025-63725 (Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal
CVE-2025-63724 (SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POS ...)
TODO: check
CVE-2025-63701 (A heap corruption vulnerability exists in the Advantech TP-3250 printe ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-63680 (Nero BackItUp in the Nero Productline is vulnerable to a path parsing/ ...)
TODO: check
CVE-2025-63291 (When processing API requests, the Alteryx server 2022.1.1.42654 and 20 ...)
@@ -41,11 +41,11 @@ CVE-2025-54340 (A vulnerability was found in the Application Server of Desktop A
CVE-2025-54339 (An Incorrect Access Control vulnerability was found in the Application ...)
TODO: check
CVE-2025-4618 (A sensitive information disclosure vulnerability in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-4617 (An insufficient policy enforcement vulnerability in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-4616 (An insufficient validation of an untrusted input vulnerability in Palo ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-13204 (npm package `expr-eval` is vulnerable to Prototype Pollution. An attac ...)
TODO: check
CVE-2025-13180 (A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Con ...)
@@ -59,13 +59,13 @@ CVE-2025-13177 (A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to
CVE-2025-13174 (A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7 ...)
TODO: check
CVE-2025-13172 (A security flaw has been discovered in CodeAstro Gym Management System ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-13171 (A vulnerability was identified in ZZCMS 2023. This impacts an unknown ...)
TODO: check
CVE-2025-13170 (A vulnerability was detected in code-projects Simple Online Hotel Rese ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-13169 (A security vulnerability has been detected in code-projects Simple Onl ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-13168 (A weakness has been identified in ury-erp ury up to 0.2.0. This affect ...)
TODO: check
CVE-2025-13033 (A vulnerability was identified in the email parsing library due to imp ...)
@@ -77,29 +77,29 @@ CVE-2025-12187
CVE-2025-12149 (In Search Guard FLX versions 3.1.2 and earlier, while Document-Level S ...)
TODO: check
CVE-2025-11981 (The School Management System \u2013 WPSchoolPress plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11918 (Rockwell Automation Arena\xae suffers from a stack-based buffer overfl ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11794 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= ...)
TODO: check
CVE-2025-10018 (QuickCMS is vulnerable to multiple Stored XSS in language editor funct ...)
TODO: check
CVE-2024-55016 (PHPGurukul Student Record Management System 3.20 is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44640 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44639 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44636 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44635 (PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scri ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44633 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44632 (PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection v ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-44630 (Multiple parameters in register.php in PHPGurukul Student Record Syste ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-42749 (Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local ...)
TODO: check
CVE-2024-21635 (Memos is a privacy-first, lightweight note-taking service that uses Ac ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12542dc93125d181cdbff3262c9f50de846c6791
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12542dc93125d181cdbff3262c9f50de846c6791
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251114/94619d8d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list