[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 23 21:13:51 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
82022e58 by security tracker role at 2025-10-23T20:13:45+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,13 +3,13 @@ CVE-2025-9981 (QuickCMS is vulnerable to multiple Stored XSS in slider editor fu
CVE-2025-9980 (QuickCMS is vulnerable to multiple Stored XSS in page editor functiona ...)
TODO: check
CVE-2025-8427 (The Beaver Builder Plugin (Starter Version) plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6980 (Captive Portal can expose sensitive information)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-6979 (Captive Portal can allow authentication bypass)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-6978 (Diagnostics command injection vulnerability)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-62820 (Slack Nebula before 1.9.7 mishandles CIDR in some configurations and t ...)
TODO: check
CVE-2025-62813 (LZ4 through 1.10.0 allows attackers to cause a denial of service (appl ...)
@@ -75,9 +75,9 @@ CVE-2025-62394 (Moodle failed to verify enrolment status correctly when sending
CVE-2025-62393 (A flaw was found in the course overview output function where user acc ...)
TODO: check
CVE-2025-62256 (Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 thro ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62255 (Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Ba ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62236 (The Frontier Airlines website has a publicly available endpoint that v ...)
TODO: check
CVE-2025-62169 (OctoPrint-SpoolManager is a plugin for managing spools and all their u ...)
@@ -133,19 +133,19 @@ CVE-2025-50950 (Audiofile v0.3.7 was discovered to contain a NULL pointer derefe
CVE-2025-50949 (FontForge v20230101 was discovered to contain a memory leak via the co ...)
TODO: check
CVE-2025-48430 (Uncaught Exception (CWE-248) in the Command Centre Server allows an Au ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2025-48428 (Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2025-47699 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2025-41402 (Client-Side Enforcement of Server-Side Security (CWE-602) in the Comma ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2025-41073 (Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Inte ...)
TODO: check
CVE-2025-40643 (Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by ...)
TODO: check
CVE-2025-35981 (Exposure of Private Personal Information to an Unauthorized Actor (CWE ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2025-34156 (Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system inf ...)
TODO: check
CVE-2025-34155 (Tibbo AggreGate Network Manager < 6.40.05 contains an observable respo ...)
@@ -155,17 +155,17 @@ CVE-2025-23352 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU
CVE-2025-23347 (NVIDIA Project G-Assist contains a vulnerability where an attacker mig ...)
TODO: check
CVE-2025-1680 (An acceptance of extraneous untrusted data with trusted data vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2025-1679 (Cross-site Scripting has been identified in Moxa\u2019s Ethernet switc ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2025-12114 (Enabledserial console could potentially leak information that might he ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12110 (A flaw was found in Keycloak. An offline session continues to be valid ...)
TODO: check
CVE-2025-12105 (A flaw was found in the asynchronous message queue handling of the lib ...)
TODO: check
CVE-2025-12104 (Outdated and Vulnerable UI Dependencies might potentially lead to expl ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12044 (Vault and Vault Enterprise (\u201cVault\u201d) are vulnerable to an un ...)
TODO: check
CVE-2025-11621 (Vault and Vault Enterprise\u2019s (\u201cVault\u201d) AWS Auth method ...)
@@ -173,7 +173,7 @@ CVE-2025-11621 (Vault and Vault Enterprise\u2019s (\u201cVault\u201d) AWS Auth m
CVE-2025-11575 (Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC ...)
TODO: check
CVE-2025-11128 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11023 (Inclusion of Functionality from Untrusted Control Sphere, Improper Con ...)
TODO: check
CVE-2025-10937 (Oxford Nanopore Technologies' MinKNOW software at or prior to version ...)
@@ -183,7 +183,7 @@ CVE-2025-10914 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2025-10727 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-10705 (The MxChat \u2013 AI Chatbot for WordPress plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10355 (Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnera ...)
TODO: check
CVE-2024-14011
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82022e58db68621741c76b6b6fd2a13ecbe3989c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82022e58db68621741c76b6b6fd2a13ecbe3989c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251023/884c6032/attachment.htm>
More information about the debian-security-tracker-commits
mailing list