[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 1 21:29:15 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
201f6aa0 by security tracker role at 2025-10-01T20:29:08+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-9512 (The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9075 (The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8679 (In ExtremeGuest Essentials before 25.5.0, captive-portal may permit un ...)
TODO: check
CVE-2025-61792 (Quadient DS-700 iQ devices through 2025-09-30 might have a race condit ...)
@@ -33,9 +33,9 @@ CVE-2025-61189 (Jeecgboot versions 3.8.2 and earlier are affected by a path trav
CVE-2025-61188 (Jeecgboot versions 3.8.2 and earlier are affected by a path traversal ...)
TODO: check
CVE-2025-61045 (TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a comma ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-61044 (TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a comma ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-60991 (A reflected cross-site scripted (XSS) vulnerability in Codazon Magento ...)
TODO: check
CVE-2025-59687 (IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference att ...)
@@ -55,9 +55,9 @@ CVE-2025-59147 (Suricata is a network IDS, IPS and NSM engine developed by the O
CVE-2025-58769 (auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In v ...)
TODO: check
CVE-2025-58055 (Discourse is an open-source community discussion platform. In versions ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-58054 (Discourse is an open-source community discussion platform. Versions 3. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-57444 (An authenticated cross-site scripting (XSS) vulnerability in the Admin ...)
TODO: check
CVE-2025-57393 (A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow ...)
@@ -71,7 +71,7 @@ CVE-2025-56515 (File upload vulnerability in Fiora chat application 1.0.0 throug
CVE-2025-56514 (Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0 ...)
TODO: check
CVE-2025-55191 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2025-52042 (In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() ...)
TODO: check
CVE-2025-52041 (In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erp ...)
@@ -83,11 +83,11 @@ CVE-2025-52039 (In Frappe ERPNext 15.57.5, the function get_material_requests_ba
CVE-2025-46205 (A heap-use-after free in the PdfTokenizer::ReadDictionary function of ...)
TODO: check
CVE-2025-43826 (Stored cross-site scripting (XSS) vulnerabilities in Web Content trans ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43718 (Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption a ...)
TODO: check
CVE-2025-41421 (Improper handling of symbolic links in the TeamViewer Full Client and ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2025-40648 (Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, con ...)
TODO: check
CVE-2025-40647 (Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, con ...)
@@ -99,19 +99,19 @@ CVE-2025-28357 (A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.3
CVE-2025-24525 (Keysight Ixia Vision has an issue with hardcoded cryptographic materia ...)
TODO: check
CVE-2025-20371 (In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20370 (In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20369 (In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splun ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20368 (In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splun ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20367 (In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20366 (In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splun ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20361 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20357 (A vulnerability in the web-based management interface of Cisco Cyber V ...)
TODO: check
CVE-2025-20356 (A vulnerability in the web-based management interface of Cisco Cyber V ...)
@@ -121,13 +121,13 @@ CVE-2025-11233 (Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cyg
CVE-2025-11226 (ACE vulnerability in conditional configuration file processing by QOS ...)
TODO: check
CVE-2025-10847 (DX Unified Infrastructure Management (Nimsoft/UIM) and below contains ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2025-10744 (The File Manager, Code Editor, and Backup by Managefy plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10735 (The Block For Mailchimp \u2013 Easy Mailchimp Form Integration plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10578 (A potential security vulnerability has been identified in the HP Suppo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-10538 (An authentication bypass vulnerability exists in LG Innotek camera mod ...)
TODO: check
CVE-2024-57494 (Cross Site Scripting vulnerability in Neto E-Commerce CMS v.6.313.0 th ...)
@@ -223,13 +223,13 @@ CVE-2023-53489 (In the Linux kernel, the following vulnerability has been resolv
CVE-2023-53488 (In the Linux kernel, the following vulnerability has been resolved: I ...)
TODO: check
CVE-2023-50301 (IBM Transformation Extender Advanced 10.0.1 stores potentially sensiti ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-50300 (IBM Transformation Extender Advanced 10.0.1 could allow a local us ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-49883 (IBM Transformation Extender Advanced 10.0.1 does not require tha ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-49881 (IBM Transformation Extender Advanced 10.0.1 does not invalidate sess ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-50469 (In the Linux kernel, the following vulnerability has been resolved: s ...)
TODO: check
CVE-2022-50468 (In the Linux kernel, the following vulnerability has been resolved: p ...)
@@ -283,7 +283,7 @@ CVE-2022-50445 (In the Linux kernel, the following vulnerability has been resolv
CVE-2021-4460 (In the Linux kernel, the following vulnerability has been resolved: d ...)
TODO: check
CVE-2020-36852 (The Custom Searchable Data Entry System plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11219
- chromium 141.0.7390.54-1
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/201f6aa01b388fc5cef8f0638f677936e6862b79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/201f6aa01b388fc5cef8f0638f677936e6862b79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251001/3a2daf67/attachment.htm>
More information about the debian-security-tracker-commits
mailing list