[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 30 21:13:30 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
93c520ae by security tracker role at 2025-09-30T20:13:23+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-8877 (The AffiliateWP plugin for WordPress is vulnerable to SQL Injection vi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8122 (Improper neutralization of input provided by an authorized user in art ...)
TODO: check
CVE-2025-8121 (Improper neutralization of input provided by an authorized user in art ...)
@@ -15,15 +15,15 @@ CVE-2025-8117 (PAD CMS improperly initializes parameter used for password recove
CVE-2025-8116 (PAD CMS is vulnerable to Reflected XSS in printing and save to PDF fun ...)
TODO: check
CVE-2025-7779 (Local privilege escalation due to insecure XPC service configuration. ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-7065 (Due to client-controlled permission check parameter, PAD CMS's photo u ...)
TODO: check
CVE-2025-7063 (Due to client-controlled permission check parameter, PAD CMS's file up ...)
TODO: check
CVE-2025-6034 (There is a memory corruption vulnerability due to an out of bounds rea ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2025-6033 (There is a memory corruption vulnerability due to an out of bounds wri ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2025-57852 (A container privilege escalation flaw was found in KServe ModelMesh co ...)
TODO: check
CVE-2025-57254 (An SQL injection vulnerability in user-login.php and index.php of Kart ...)
@@ -51,13 +51,13 @@ CVE-2025-56200 (A URL validation bypass vulnerability exists in validator.js thr
CVE-2025-56132 (LiquidFiles filetransfer server is vulnerable to a user enumeration is ...)
TODO: check
CVE-2025-56018 (SourceCodester Web-based Pharmacy Product Management System V1.0 is vu ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-55797 (An improper access control vulnerability in FormCms v0.5.4 in the /api ...)
TODO: check
CVE-2025-54477 (Improper handling of authentication requests lead to a user enumeratio ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-54476 (Improper handling of input could lead to an XSS vector in the checkAtt ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2025-52050 (In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_wi ...)
TODO: check
CVE-2025-52049 (In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() a ...)
@@ -67,7 +67,7 @@ CVE-2025-52047 (In Frappe ErpNext v15.57.5, the function get_income_account() at
CVE-2025-52043 (In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accou ...)
TODO: check
CVE-2025-43827 (Insecure Direct Object Reference (IDOR) vulnerability with audit event ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-41099 (Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplan ...)
TODO: check
CVE-2025-41098 (Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplan ...)
@@ -87,13 +87,13 @@ CVE-2025-41092 (Insecure Direct Object Reference (IDOR) vulnerability in BOLD Wo
CVE-2025-41091 (Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplan ...)
TODO: check
CVE-2025-36262 (IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36132 (IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34217 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
TODO: check
CVE-2025-28016 (A Reflected Cross-Site Scripting (XSS) vulnerability was found in logi ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-23293 (NVIDIA Delegated Licensing Service for all appliance platforms contain ...)
TODO: check
CVE-2025-23292 (NVIDIA Delegated Licensing Service for all appliance platforms contain ...)
@@ -103,7 +103,7 @@ CVE-2025-23291 (NVIDIA Delegated Licensing Service for all appliance platforms c
CVE-2025-11195 (Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name ...)
TODO: check
CVE-2025-11178 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-11153 (This vulnerability affects Firefox < 143.0.3.)
TODO: check
CVE-2025-11152 (This vulnerability affects Firefox < 143.0.3.)
@@ -113,7 +113,7 @@ CVE-2025-10859 (Cookie storage for non-HTML temporary documents was being shared
CVE-2025-10659 (The Telenium Online Web Application is vulnerable due to a PHP endpoin ...)
TODO: check
CVE-2025-10217 (A vulnerability exists in Asset Suite for an authenticated user to man ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2024-55017 (Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an ...)
TODO: check
CVE-2025-10725 (A flaw was found in Red Hat Openshift AI Service. A low-privileged att ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93c520aecb44ba118f709ffa9142f918793a759a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93c520aecb44ba118f709ffa9142f918793a759a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250930/7232d7b1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list