[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 29 20:15:50 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d1558b7 by security tracker role at 2025-10-29T20:14:49+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,99 +5,99 @@ CVE-2025-9870 (Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Pri
CVE-2025-9869 (Razer Synapse 3 Macro Module Link Following Local Privilege Escalation ...)
TODO: check
CVE-2025-64291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64290 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64288 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64286 (Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64285 (Missing Authorization vulnerability in Premmerce Premmerce Wholesale P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64284 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64283 (Authorization Bypass Through User-Controlled Key vulnerability in Rome ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64234 (Missing Authorization vulnerability in Evergreen Content Poster Evergr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64229 (Missing Authorization vulnerability in BoldGrid Client Invoicing by Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64228 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64226 (Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64220 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64219 (Missing Authorization vulnerability in Strategy11 Team Business Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64216 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64212 (Missing Authorization vulnerability in StylemixThemes MasterStudy LMS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64211 (Missing Authorization vulnerability in StylemixThemes Masterstudy Elem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64210 (Missing Authorization vulnerability in StylemixThemes Masterstudy Elem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64208 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64204 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64202 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64201 (Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64200 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64199 (Missing Authorization vulnerability in WpEstate wpresidence wpresidenc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64195 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64150 (A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64149 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish t ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64148 (A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64147 (Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys display ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64146 (Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64145 (Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens di ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64144 (Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypt ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64143 (Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorizat ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64142 (A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64141 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Tas ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64140 (Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which comma ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64139 (A missing permission check in Jenkins Start Windocks Containers Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64138 (A cross-site request forgery (CSRF) vulnerability in Jenkins Start Win ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64137 (A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64136 (A cross-site request forgery (CSRF) vulnerability in Jenkins Themis Pl ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64135 (Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier se ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64134 (Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64133 (A cross-site request forgery (CSRF) vulnerability in Jenkins Extensibl ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64132 (Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not per ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64131 (Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implemen ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-64104 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
TODO: check
CVE-2025-64103 (Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi ...)
@@ -109,7 +109,7 @@ CVE-2025-64101 (Zitadel is open-source identity infrastructure software. Prior t
CVE-2025-64100 (CKAN is an open-source DMS (data management system) for powering data ...)
TODO: check
CVE-2025-63622 (A vulnerability was found in code-projects Online Complaint Site 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-62797 (FluxCP is a web-based Control Panel for rAthena servers written in PHP ...)
TODO: check
CVE-2025-62792 (Wazuh is a free and open source platform used for threat prevention, d ...)
@@ -147,11 +147,11 @@ CVE-2025-60542 (SQL Injection vulnerability in TypeORM before 0.3.26 via crafted
CVE-2025-60320 (memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service pat ...)
TODO: check
CVE-2025-60075 (Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing h ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58939 (Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58711 (Missing Authorization vulnerability in solwin Blog Designer PRO blog-d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-57227 (An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8 ...)
TODO: check
CVE-2025-56558 (An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticat ...)
@@ -161,31 +161,31 @@ CVE-2025-54384 (CKAN is an open-source DMS (data management system) for powering
CVE-2025-35980
REJECTED
CVE-2025-1549 (A local privilege escalation vulnerability in the WatchGuard Mobile VP ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-12479 (Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementatio ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12478 (Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1. ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12477 (Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12476 (Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12461 (This vulnerability allows an attacker to access parts of the applicati ...)
TODO: check
CVE-2025-12450 (The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12148 (In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules a ...)
TODO: check
CVE-2025-12147 (In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security ( ...)
TODO: check
CVE-2025-12142 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-12058 (The Keras.Model.load_model method, including when executed with the in ...)
TODO: check
CVE-2025-11632 (The Call Now Button \u2013 The #1 Click to Call Button for WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11587 (The Call Now Button \u2013 The #1 Click to Call Button for WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11466 (Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vu ...)
TODO: check
CVE-2025-11465 (Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execut ...)
@@ -205,9 +205,9 @@ CVE-2025-11200 (MLflow Weak Password Requirements Authentication Bypass Vulnerab
CVE-2025-10934 (GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
TODO: check
CVE-2025-10932 (Uncontrolled Resource Consumption vulnerability in Progress MOVEit Tra ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2024-58269 (A vulnerability has been identified in Rancher Manager, where sensitiv ...)
- TODO: check
+ NOT-FOR-US: SUSE
CVE-2024-45162 (A stack-based buffer overflow issue was discovered in the phddns clien ...)
TODO: check
CVE-2024-45161 (A CSRF issue was discovered in the administrative web GUI in Blu-Castl ...)
@@ -219,13 +219,13 @@ CVE-2023-39178
CVE-2023-39177
REJECTED
CVE-2023-32199 (A vulnerability has been identified within Rancher Manager, where aft ...)
- TODO: check
+ NOT-FOR-US: SUSE
CVE-2018-25120 (D-Link DNS-343 ShareCenter devices running firmware versions up to and ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2015-10147 (The Easy Testimonial Slider and Form plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10146 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11232 (To trigger the issue, three configuration parameters must have specifi ...)
- isc-kea <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2025-11232
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d1558b742c966f78c4fa98fd895befb4d6ae554
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d1558b742c966f78c4fa98fd895befb4d6ae554
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251029/b8073b8c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list