[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 10 21:13:49 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c277cefd by security tracker role at 2025-10-10T20:13:42+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,17 +3,17 @@ CVE-2025-8887 (Authorization Bypass Through User-Controlled Key, Missing Authori
CVE-2025-8886 (Incorrect Permission Assignment for Critical Resource, Exposure of Sen ...)
TODO: check
CVE-2025-7781 (The WP JobHunt plugin for WordPress, used by the JobCareer theme, is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7374 (The WP JobHunt plugin for WordPress, used by the JobCareer theme, is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-62245 (Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62239 (Cross-site scripting (XSS) vulnerability in workflow process builder i ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62238 (Stored cross-site scripting (XSS) vulnerability on the Membership page ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62237 (Stored cross-site scripting (XSS) vulnerability in Commerce\u2019s vie ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-61929 (Cherry Studio is a desktop client that supports for multiple LLM provi ...)
TODO: check
CVE-2025-61927 (Happy DOM is a JavaScript implementation of a web browser without its ...)
@@ -65,13 +65,13 @@ CVE-2025-60838 (An arbitrary file upload vulnerability in MCMS v6.0.1 allows att
CVE-2025-60378 (Stored HTML injection in RISE Ultimate Project Manager & CRM allows au ...)
TODO: check
CVE-2025-60308 (code-projects Simple Online Hotel Reservation System 1.0 has a Cross S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-60307 (code-projects Computer Laboratory System 1.0 has a SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-60306 (code-projects Simple Car Rental System 1.0 has a permission bypass iss ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-60305 (SourceCodester Online Student Clearance System 1.0 is vulnerable to In ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-60269 (JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls functi ...)
TODO: check
CVE-2025-60268 (An arbitrary file upload vulnerability exists in JeeWMS 20250820, whic ...)
@@ -81,21 +81,21 @@ CVE-2025-59530 (quic-go is an implementation of the QUIC protocol in Go. In vers
CVE-2025-55903 (A HTML injection vulnerability exists in Perfex CRM v3.3.1. The applic ...)
TODO: check
CVE-2025-52655 (Inclusion of Functionality from Untrusted Control Sphere vulnerability ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52650 (Inline script execution allowed in CSP vulnerability has been identifi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52635 (A rusted types in scripts not enforced in CSP vulnerability has been ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52634 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52632 (A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerabi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52630 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52625 (A vulnerability Cacheable SSL Page Found vulnerability has been ident ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52624 (A vulnerabilityBypass of the script allowlist configuration in HCL AIO ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-48043 (Incorrect Authorization vulnerability in ash-project ash allows Authen ...)
TODO: check
CVE-2025-41089 (Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from Xibo Sign ...)
@@ -107,7 +107,7 @@ CVE-2025-40640 (Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2
CVE-2025-37727 (Insertion of sensitive information in log file in Elasticsearch can le ...)
TODO: check
CVE-2025-30001 (Incorrect Execution-Assigned Permissions vulnerability in Apache Strea ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-25018 (Improper Neutralization of Input During Web Page Generation in Kibana ...)
TODO: check
CVE-2025-25017 (Improper Neutralization of Input During Web Page Generation in Kibana ...)
@@ -119,11 +119,11 @@ CVE-2025-23282 (NVIDIA Display Driver for Linux contains a vulnerability where a
CVE-2025-23280 (NVIDIA Display Driver for Linux contains a vulnerability where an atta ...)
TODO: check
CVE-2025-11618 (A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet proc ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-11617 (A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processi ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-11616 (A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet proces ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-11581 (A security vulnerability has been detected in PowerJob up to 5.1.2. Th ...)
TODO: check
CVE-2025-11580 (A weakness has been identified in PowerJob up to 5.1.2. This affects t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c277cefda6ced9bb646f53ec15233cdbde515417
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c277cefda6ced9bb646f53ec15233cdbde515417
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251010/71a3ca28/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list