Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cce065d7 by security tracker role at 2025-07-03T20:13:43+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-6587 (System environment variables are recorded in Docker Desktop
diagnostic ...)
TODO: check
CVE-2025-6563 (A cross-site scripting vulnerability is present in the hotspot
of Mikr ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2025-6074 (Use of Hard-coded Cryptographic Key vulnerability in ABB
RMC-100, ABB ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-6073 (Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB
RMC-100 ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-6072 (Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB
RMC-100 ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-6071 (Use of Hard-coded Cryptographic Key vulnerability in ABB
RMC-100, ABB ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-5961 (The Migration, Backup, Staging \u2013 WPvivid Backup &
Migration plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53502 (Improper Input Validation vulnerability in Wikimedia
Foundation Mediaw ...)
TODO: check
CVE-2025-53501 (Improper Access Control vulnerability in Wikimedia Foundation
Mediawik ...)
@@ -29,13 +29,13 @@ CVE-2025-53369 (Short Description is a MediaWiki extension
that provides local s
CVE-2025-53368 (Citizen is a MediaWiki skin that makes extensions part of the
cohesive ...)
TODO: check
CVE-2025-50263 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow
in the f ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-50262 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow
in the f ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-50260 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow
in the f ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-50258 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow
in the S ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-49846 (wire-ios is an iOS client for the Wire secure messaging
application. F ...)
TODO: check
CVE-2025-49618 (In Plesk Obsidian 18.0.69, unauthenticated requests to
/login_up.php c ...)
@@ -43,7 +43,7 @@ CVE-2025-49618 (In Plesk Obsidian 18.0.69, unauthenticated
requests to /login_up
CVE-2025-49595 (n8n is a workflow automation platform. Prior to version
1.99.0, there ...)
TODO: check
CVE-2025-49032 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48939 (tarteaucitron.js is a compliant and accessible cookie banner.
Prior to ...)
TODO: check
CVE-2025-45938 (Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to
Cross S ...)
@@ -57,7 +57,7 @@ CVE-2025-40723 (Stored Cross-Site Scripting (XSS)
vulnerability in versions prio
CVE-2025-40722 (Stored Cross-Site Scripting (XSS) vulnerability in versions
prior to F ...)
TODO: check
CVE-2025-3702 (Missing Authorization vulnerability in Melapress Melapress File
Monito ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-34089 (An unauthenticated remote code execution vulnerability exists
in Remot ...)
TODO: check
CVE-2025-34088 (An authenticated remote code execution vulnerability exists in
Pandora ...)
@@ -71,55 +71,55 @@ CVE-2025-34082 (A command injection vulnerability exists in
IGEL OS versions pri
CVE-2025-34061 (A backdoor in PHPStudy versions 2016 through 2018 allows
unauthenticat ...)
TODO: check
CVE-2025-2932 (The JKDEVKIT plugin for WordPress is vulnerable to arbitrary
file dele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2540 (Multiple plugins for WordPress are vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2537 (Multiple plugins for WordPress are vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27461 (During startup, the device automatically logs in the EPC2
Windows user ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27460 (The hard drives of the device are not encrypted using a full
volume en ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27459 (The VNC application stores its passwords encrypted within the
registry ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27458 (The VNC authentication mechanism bases on a challenge-response
system ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27457 (All communication between the VNC server and client(s) is
unencrypted. ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27456 (The SMB server's login mechanism does not implement sufficient
measure ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27455 (The web application is vulnerable to clickjacking attacks. The
site ca ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27454 (The application is vulnerable to cross-site request forgery.
An attack ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27453 (The HttpOnly flag is set to false on the PHPSESSION cookie.
Therefore, ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27452 (The configuration of the Apache httpd webserver which serves
the MEAC3 ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27451 (For failed login attempts, the application returns different
error mes ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27450 (The Secure attribute is missing on multiple cookies provided
by the ME ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27449 (The MEAC300-FNADE4 does not implement sufficient measures to
prevent m ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27448 (The web application is susceptible to cross-site-scripting
attacks. An ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-27447 (The web application is susceptible to cross-site-scripting
attacks. An ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-23968 (Unrestricted Upload of File with Dangerous Type vulnerability
in WPCen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-1711 (Multiple services of the DUT as well as different scopes of the
same s ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-1710 (The maxView Storage Manager does not implement sufficient
measures to ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-1709 (Several credentials for the local PostgreSQL database are
stored in pl ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-1708 (The application is vulnerable to SQL injection attacks. An
attacker is ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2025-0885 (Incorrect Authorization vulnerability in OpenText\u2122
GroupWise allo ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-5647 (Multiple plugins for WordPress are vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-38173 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.12.35-1
NOTE:
https://git.kernel.org/linus/8a4e047c6cc07676f637608a9dd675349b5de0a7 (6.16-rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce065d701750adb365d0f5a91257acc9c6c9c6b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce065d701750adb365d0f5a91257acc9c6c9c6b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
