[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 15 21:13:47 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4372ec42 by security tracker role at 2025-10-15T20:13:40+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-9967 (The Orion SMS OTP Verification plugin for WordPress is vulnerable to p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9548 (A potential null pointer dereference vulnerability was reported in the ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-8486 (A potential vulnerability was reported in PC Manager that could allow ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-6026 (An improper certificate validation vulnerability was reported in the L ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-62410 (In versions before 20.0.2, it was found that --disallow-code-generatio ...)
TODO: check
CVE-2025-62382 (Frigate is a network video recorder (NVR) with realtime local object d ...)
@@ -29,55 +29,55 @@ CVE-2025-61990 (When using a multi-bladed platform with more than one blade, und
CVE-2025-61974 (When a client SSL profile is configured on a virtual server, undisclos ...)
TODO: check
CVE-2025-61960 (When a per-request policy is configured on a BIG-IP APM portal access ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61958 (A vulnerability exists in the iHealth command that may allow an authen ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61955 (A vulnerability exists in F5OS-A and F5OS-C systems that may allow an ...)
TODO: check
CVE-2025-61951 (Undisclosed traffic can cause the Traffic Management Microkernel (TMM) ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61938 (When a BIG-IP Advanced WAF or ASM security policy is configured with a ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61935 (When a BIG IP Advanced WAF or ASM security policy is configured on a v ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-61933 (A reflected cross-site scripting (XSS) vulnerability exists in an undi ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-60016 (When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brain ...)
TODO: check
CVE-2025-60015 (An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that ...)
TODO: check
CVE-2025-60013 (When a user attempts to initialize the rSeries FIPS module using a pas ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59781 (When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual se ...)
TODO: check
CVE-2025-59778 (When the Allowed IP Addresses feature is configured on the F5OS-C part ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59483 (A validation vulnerability exists in an undisclosed URL in the Configu ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59481 (A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59478 (When a BIG-IP AFM denial-of-service (DoS) protection profile is config ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59419 (Netty is an asynchronous, event-driven network application framework. ...)
TODO: check
CVE-2025-59269 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-59268 (On the BIG-IP system, undisclosed endpoints that contain static non-se ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-58474 (When BIG-IP Advanced WAF is configured on a virtual server with Server ...)
TODO: check
CVE-2025-58424 (On BIG-IP systems, undisclosed traffic can cause data corruption and u ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-58153 (Under undisclosed traffic conditions along with conditions beyond the ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-58133 (Authentication bypass in some Zoom Rooms Clients before version 6.5.1 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-58132 (Command injection in some Zoom Clients for Windows may allow an authen ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-58120 (When HTTP/2 Ingress is configured, undisclosed traffic can cause the T ...)
TODO: check
CVE-2025-58096 (When the database variable tm.tcpudptxchecksumis configured as non-def ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-58071 (When IPsec is configured on the BIG-IP system, undisclosed traffic can ...)
TODO: check
CVE-2025-57780 (A vulnerability exists in F5OS-A and F5OS-C system that may allow an a ...)
@@ -91,7 +91,7 @@ CVE-2025-56746 (Creativeitem Academy LMS up to and including 5.13 does not regen
CVE-2025-55670 (On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes sy ...)
TODO: check
CVE-2025-55669 (When the BIG-IP Advanced WAF and ASM security policy and a server-side ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-55083 (In NetX Duo version before 6.4.4, the component of Eclipse Foundation ...)
TODO: check
CVE-2025-55082 (In NetX Duo version before 6.4.4, the component of Eclipse Foundation ...)
@@ -99,41 +99,41 @@ CVE-2025-55082 (In NetX Duo version before 6.4.4, the component of Eclipse Found
CVE-2025-55081 (In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the ...)
TODO: check
CVE-2025-55036 (When BIG-IP SSL Orchestrator explicit forward proxy is configured on a ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-54858 (When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-54854 (When a BIG-IP APM OAuth access profile (Resource Server or Resource Cl ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-54805 (When an iRule is configured on a virtual server via the declarative AP ...)
TODO: check
CVE-2025-54755 (A directory traversal vulnerability exists in TMUI that allows an auth ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-54479 (When a classification profile is configured on a virtual server withou ...)
TODO: check
CVE-2025-54271 (Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-53868 (When running in Appliance mode, a highly privileged authenticated atta ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-53860 (A vulnerability exists in F5OS-A software that allows a highly privile ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-53856 (When a virtual server, network address translation (NAT) object, or se ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-53521 (When a BIG-IP APM Access Policy is configured on a virtual server, und ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-53474 (When an iRule using an ILX::callcommand is configured on a virtual ser ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-48008 (When a TCP profile with Multipath TCP (MPTCP) enabled is configured on ...)
TODO: check
CVE-2025-47150 (When SNMP is configured on F5OS Appliance and Chassis systems, undiscl ...)
TODO: check
CVE-2025-47148 (When the BIG-IP system is configured as both a Security Assertion Mark ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2025-46706 (When an iRule containing the HTTP::respond command is configured on a ...)
TODO: check
CVE-2025-41430 (When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause ...)
TODO: check
CVE-2025-2529 (Applications using affected versions of Ehcache 3.x can experience deg ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-20360 (Multiple Cisco products are affected by a vulnerability in the Snort 3 ...)
TODO: check
CVE-2025-20359 (Multiple Cisco products are affected by a vulnerability in the Snort 3 ...)
@@ -147,93 +147,93 @@ CVE-2025-20329 (A vulnerability in the logging component of Cisco TelePresence C
CVE-2025-11832 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
TODO: check
CVE-2025-11728 (The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11722 (The Woocommerce Category and Products Accordion Panel plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11701 (The Zip Attachments plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11692 (The Zip Attachments plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11619 (Improper certificate validation when connecting to gateways in Devolut ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-11568 (A data corruption vulnerability has been identified in the luksmeta ut ...)
TODO: check
CVE-2025-11365 (The WP Google Map Plugin plugin for WordPress is vulnerable to blind S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11196 (The External Login plugin for WordPress is vulnerable to sensitive inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11177 (The External Login plugin for WordPress is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10869 (Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnera ...)
TODO: check
CVE-2025-10754 (The DocoDoco Store Locator plugin for WordPress is vulnerable to arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10743 (The Outdoor plugin for WordPress is vulnerable to SQL Injection via th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10730 (The Wp tabber widget plugin for WordPress is vulnerable to SQL Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10699 (A vulnerability was reported in the Lenovo LeCloud client application ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-10682 (The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10660 (The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10648 (The YourMembership Single Sign On \u2013 YM SSO Login plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10581 (A potential DLL hijacking vulnerability was discovered in the Lenovo P ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2025-10577 (Potential vulnerabilities have been identified in the audio package fo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-10576 (Potential vulnerabilities have been identified in the audio package fo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-10575 (The WP jQuery Pager plugin for WordPress is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10486 (The Content Writer plugin for WordPress is vulnerable to Sensitive Inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10313 (The Find And Replace content for WordPress plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10312 (The Theme Importer plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10310 (The Rich Snippet Site Report plugin for WordPress is vulnerable to SQ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10303 (The Library Management System plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10301 (The FunKItools plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10300 (The TopBar plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10299 (The WPBifr\xf6st \u2013 Instant Passwordless Temporary Login Links plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10294 (The OwnID Passwordless Login plugin for WordPress is vulnerable to Aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10293 (The Keyy Two Factor Authentication (like Clef) plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10194 (The Shortcode Button plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10186 (The WhyDonate \u2013 FREE Donate button \u2013 Crowdfunding \u2013 Fun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10141 (The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10140 (The Quick Social Login plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10139 (The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10135 (The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10133 (The URLYar URL Shortner plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10132 (The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10056 (The Task Scheduler plugin for WordPress is vulnerable to Server-Side R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10051 (The Demo Import Kit plugin for WordPress is vulnerable to arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10045 (The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10041 (The Flex QR Code Generator plugin for WordPress is vulnerable to arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10038 (The Binary MLM Plan plugin for WordPress is vulnerable to limited Priv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9640 (A flaw was found in Samba, in the vfs_streams_xattr module, where unin ...)
- samba 2:4.23.2+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2025-9640.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4372ec42d0ee0f116f598a070f01d95d04c112b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4372ec42d0ee0f116f598a070f01d95d04c112b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251015/1a40fedf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list