Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef62227a by security tracker role at 2025-07-10T20:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,19 +3,19 @@ CVE-2025-7425 (A flaw was found in libxslt where the
attribute type, atype, flag
CVE-2025-7424 (A flaw was found in the libxslt library. The same memory field,
psvi, ...)
TODO: check
CVE-2025-7413 (A vulnerability classified as critical has been found in
code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7412 (A vulnerability was found in code-projects Library System 1.0.
It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7411 (A vulnerability was found in code-projects LifeStyle Store 1.0.
It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7410 (A vulnerability was found in code-projects LifeStyle Store 1.0.
It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-7409 (A vulnerability was found in code-projects Mobile Shop 1.0 and
classif ...)
TODO: check
CVE-2025-7408 (A vulnerability has been found in SourceCodester Zoo Management
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-7407 (A vulnerability, which was classified as critical, was found in
Netgea ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-7021 (Fullscreen API Spoofing and UI Redressing in the handling of
Fullscree ...)
TODO: check
CVE-2025-6948 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
@@ -25,13 +25,13 @@ CVE-2025-6211 (A vulnerability in the DocugamiReader class
of the run-llama/llam
CVE-2025-6168 (An issue has been discovered in GitLab EE affecting all
versions from ...)
TODO: check
CVE-2025-5040 (A maliciously crafted RTE file, when parsed through Autodesk
Revit, ca ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-5037 (A maliciously crafted RFA file, when parsed through Autodesk
Revit, ca ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-5023 (Use of Hard-coded Credentials vulnerability in Mitsubishi
Electric Cor ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2025-5022 (Weak Password Requirements vulnerability in Mitsubishi Electric
Corpor ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2025-53709 (Secure-upload is a data submission service that validates
single-use t ...)
TODO: check
CVE-2025-53634 (Chall-Manager is a platform-agnostic system able to start
Challenges o ...)
@@ -57,9 +57,9 @@ CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI.
A command injection
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache
Tomcat if an ...)
TODO: check
CVE-2025-53503 (Trend Micro Cleaner One Pro is vulnerable to a Privilege
Escalation vu ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-53378 (A missing authentication vulnerability in Trend Micro
Worry-Free Busin ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-53371 (DiscordNotifications is an extension for MediaWiki that sends
notifica ...)
TODO: check
CVE-2025-53364 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -67,9 +67,9 @@ CVE-2025-53364 (Parse Server is an open source backend that
can be deployed to a
CVE-2025-53020 (Late Release of Memory after Effective Lifetime vulnerability
in Apach ...)
TODO: check
CVE-2025-52837 (Trend Micro Password Manager (Consumer) version 5.8.0.1327 and
below i ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link
following ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-52520 (For some unlikely configurations of multipart upload, an
Integer Overf ...)
TODO: check
CVE-2025-52473 (liboqs is a C-language cryptographic library that provides
implementat ...)
@@ -83,11 +83,11 @@ CVE-2025-49812 (In some mod_ssl configurations on Apache
HTTP Server versions th
CVE-2025-49630 (In certain proxy configurations, a denial of service attack
againstApa ...)
TODO: check
CVE-2025-49464 (Classic buffer overflow in certain Zoom Clients for Windows
may allow ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-49463 (Insufficient control flow management in certain Zoom Clients
for iOS b ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-49462 (Cross-site scripting in certain Zoom Clients before version
6.4.5 may ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-47813 (loginok.html in Wing FTP Server before 7.4.4 discloses the
full local ...)
TODO: check
CVE-2025-47812 (In Wing FTP Server before 7.4.4. the user and admin web
interfaces mis ...)
@@ -95,9 +95,9 @@ CVE-2025-47812 (In Wing FTP Server before 7.4.4. the user and
admin web interfac
CVE-2025-47811 (In Wing FTP Server through 7.4.4, the administrative web
interface (li ...)
TODO: check
CVE-2025-46789 (Classic buffer overflow in certain Zoom Clients for Windows
may allow ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-46788 (Improper certificate validation in Zoom Workplace for Linux
before ver ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2025-45662 (A cross-site scripting (XSS) vulnerability in the component
/master/lo ...)
TODO: check
CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in
cleartext duri ...)
@@ -105,7 +105,7 @@ CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi
credentials in cleartex
CVE-2025-3396 (An issue has been discovered in GitLab EE affecting all
versions from ...)
TODO: check
CVE-2025-36090 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34102 (A remote code execution vulnerability exists in CryptoLog (PHP
version ...)
TODO: check
CVE-2025-34101 (An unauthenticated command injection vulnerability exists in
Serviio M ...)
@@ -125,7 +125,7 @@ CVE-2025-34095 (An OS command injection vulnerability
exists in Mako Server vers
CVE-2025-34093 (An authenticated command injection vulnerability exists in the
Polycom ...)
TODO: check
CVE-2025-2520 (The Honeywell Experion PKS contains an Uninitialized Variable
in the c ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2025-28245 (Cross-site scripting (XSS) vulnerability in Alteryx Server
2023.1.1.46 ...)
TODO: check
CVE-2025-28244 (Insecure Permissions vulnerability in the Local Storage in
Alteryx Ser ...)
@@ -137,7 +137,7 @@ CVE-2025-27889 (Wing FTP Server before 7.4.4 does not
properly validate and sani
CVE-2025-23048 (In some mod_ssl configurations on Apache HTTP Server 2.4.35
through to ...)
TODO: check
CVE-2024-7650 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-47252 (Insufficient escaping of user-supplied data in mod_ssl in
Apache HTTP ...)
TODO: check
CVE-2024-43394 (Server-Side Request Forgery (SSRF)in Apache HTTP Server on
Windows all ...)
@@ -147,11 +147,11 @@ CVE-2024-43204 (SSRF in Apache HTTP Server with mod_proxy
loaded allows an attac
CVE-2024-42516 (HTTP response splitting in the core of Apache HTTP Server
allows an at ...)
TODO: check
CVE-2024-39752 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-38327 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable
to info ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-37524 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-36697 (A cross-site scripting (XSS) vulnerability in the Admin Login
page of ...)
TODO: check
CVE-2025-38348 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef62227a4b16c9d6c41570dde4c55aceb2750981
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef62227a4b16c9d6c41570dde4c55aceb2750981
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
