[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 21 21:13:51 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
564feb3d by security tracker role at 2025-10-21T20:13:41+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2025-9428 (Zohocorp ManageEngine Analytics Plus versions6171 and prior are vulner ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-9339 (SQL injection vulnerability in the fields of warehouse document filter ...)
TODO: check
CVE-2025-8050 (External Control of File Name or Path vulnerability in opentext Flippe ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-7473 (Zohocorp ManageEngine EndPoint Central versions11.4.2516.1 and prior a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-6239 (Zohocorp ManageEngine Applications Manager versions 176800 and below a ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-62763 (Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the c ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2025-62661 (Incorrect Default Permissions vulnerability in The Wikimedia Foundatio ...)
TODO: check
CVE-2025-62641 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -17,9 +17,9 @@ CVE-2025-62641 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2025-62605 (Mastodon is a free, open-source social network server based on Activit ...)
TODO: check
CVE-2025-62598 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-62597 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-62595 (Koa is expressive middleware for Node.js using ES2017 async functions. ...)
TODO: check
CVE-2025-62592 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -59,15 +59,15 @@ CVE-2025-62288 (Vulnerability in the Oracle Health Sciences Data Management Work
CVE-2025-62287 (Vulnerability in the Oracle Life Sciences InForm product of Oracle Hea ...)
TODO: check
CVE-2025-62250 (Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62249 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-61885 (Vulnerability in the Oracle Life Sciences InForm product of Oracle Hea ...)
TODO: check
CVE-2025-61881 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-61764 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-61763 (Vulnerability in Oracle Essbase (component: Essbase Web Platform). T ...)
TODO: check
CVE-2025-61762 (Vulnerability in the PeopleSoft Enterprise FIN Payables product of Ora ...)
@@ -85,23 +85,23 @@ CVE-2025-61757 (Vulnerability in the Identity Manager product of Oracle Fusion M
CVE-2025-61755 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE ...)
TODO: check
CVE-2025-61754 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-61753 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-61752 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-61751 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-61750 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-61749 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-61748 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
TODO: check
CVE-2025-61457 (code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Fo ...)
TODO: check
CVE-2025-61255 (Bank Locker Management System by PHPGurukul is affected by a Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-61220 (The incomplete verification mechanism in the AutoBizLine com.mysecondl ...)
TODO: check
CVE-2025-61194 (daicuocms V1.3.13 contains a SQL injection vulnerability in the file l ...)
@@ -131,11 +131,11 @@ CVE-2025-60500 (QDocs Smart School Management System 7.1 allows authenticated us
CVE-2025-60427 (LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken ...)
TODO: check
CVE-2025-60344 (An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60280 (Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allo ...)
TODO: check
CVE-2025-5496 (ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508 ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-59438 (Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.)
TODO: check
CVE-2025-57521 (Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that ...)
@@ -153,39 +153,39 @@ CVE-2025-56450 (Log2Space Subscriber Management Software 1.1 is vulnerable to un
CVE-2025-53072 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
TODO: check
CVE-2025-53071 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53070 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53069 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-53068 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53067 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-53066 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
TODO: check
CVE-2025-53065 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53064 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53063 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53062 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-53061 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53060 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53059 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53058 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
TODO: check
CVE-2025-53057 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
TODO: check
CVE-2025-53056 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53055 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53054 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-53053 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -193,15 +193,15 @@ CVE-2025-53053 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-53052 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
TODO: check
CVE-2025-53051 (Vulnerability in the RDBMS Functional Index component of Oracle Databa ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53050 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53049 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53048 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53047 (Vulnerability in the Portable Clusterware component of Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53046 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
TODO: check
CVE-2025-53045 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -213,25 +213,25 @@ CVE-2025-53043 (Vulnerability in the Oracle Product Hub product of Oracle E-Busi
CVE-2025-53042 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-53041 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53040 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2025-53037 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53036 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53035 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-53034 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-52079 (The administrator password setting of the D-Link DIR-820L 1.06B02 is h ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-50075 (Vulnerability in the Oracle Financial Services Revenue Management and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-50074 (Vulnerability in the Oracle Financial Services Revenue Management and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2025-22166 (This High severity DoS (Denial of Service) vulnerability was introduce ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2025-12031 (HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute ...)
TODO: check
CVE-2025-12024
@@ -255,7 +255,7 @@ CVE-2025-10639 (The WorkExaminer Professional server installation comes with an
CVE-2025-10612 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-10020 (Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerabl ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2022-4981 (A vulnerability was detected in DCMTK up to 3.6.7. The impacted elemen ...)
TODO: check
CVE-2020-36855 (A security vulnerability has been detected in DCMTK up to 3.6.5. The a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564feb3dd3d68dc78d48c505912af1f2964553d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564feb3dd3d68dc78d48c505912af1f2964553d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/b3968091/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list