Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ce3b239 by Salvatore Bonaccorso at 2025-10-08T22:23:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -120,23 +120,23 @@ CVE-2025-43822 (Multiple stored cross-site scripting
(XSS) vulnerabilities in Li
CVE-2025-43727 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
NOT-FOR-US: Dell / EMC
CVE-2025-40889 (A path traversal vulnerability was discovered in the Time
Machine func ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2025-40888 (A SQL Injection vulnerability was discovered in the CLI
functionality ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2025-40887 (A SQL Injection vulnerability was discovered in the Alert
functionalit ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2025-40886 (A SQL Injection vulnerability was discovered in the Alert
functionalit ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2025-40885 (A SQL Injection vulnerability was discovered in the Smart
Polling func ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2025-40676 (Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2
from Bio ...)
- TODO: check
+ NOT-FOR-US: Negotiator from Biobanking and Biomolecular Resources -
European Research Infrastructure (BBMRI-ERIC)
CVE-2025-40649 (Stored Cross-Site Scripting (XSS) in Biobanking and
Biomolecular Resou ...)
- TODO: check
+ NOT-FOR-US: Negotiator from Biobanking and Biomolecular Resources -
European Research Infrastructure (BBMRI-ERIC)
CVE-2025-3719 (An access control vulnerability was discovered in the CLI
functionalit ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2025-3718 (A client-side path traversal vulnerability was discovered in
the web m ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2025-3450 (Improper Resource Locking vulnerability in B&R Industrial
Automation A ...)
NOT-FOR-US: ABB group
CVE-2025-3449 (Generation of Predictable Numbers or Identifiers vulnerability
in B&R ...)
@@ -144,7 +144,7 @@ CVE-2025-3449 (Generation of Predictable Numbers or
Identifiers vulnerability in
CVE-2025-3448 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: ABB group
CVE-2025-37728 (Insufficiently Protected Credentials in the Crowdstrike
connector can ...)
- TODO: check
+ NOT-FOR-US: Crowdstrike connector
CVE-2025-36569 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
NOT-FOR-US: Dell / EMC
CVE-2025-36567 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
@@ -156,7 +156,7 @@ CVE-2025-36565 (Dell PowerProtect Data Domain with Data
Domain Operating System
CVE-2025-36156 (IBM InfoSphere Data Replication VSAM for z/OS Remote Source
11.4 is vu ...)
NOT-FOR-US: IBM
CVE-2025-34252 (NetSarang Xmanager Enterprise 5.0 Build 1232,Xmanager 5.0
Build 1045,X ...)
- TODO: check
+ NOT-FOR-US: NetSarang Xmanager
CVE-2025-1826 (IBM Engineering Requirements Management DOORS Next (IBM Jazz
Foundatio ...)
NOT-FOR-US: IBM
CVE-2025-11462 (Improper Link Resolution Before File Access in the AWS VPN
Client for ...)
@@ -260,13 +260,13 @@ CVE-2025-11386 (A vulnerability was found in Tenda AC15
15.03.05.18. The impacte
CVE-2025-11385 (A vulnerability has been found in Tenda AC20 up to
16.03.08.12. The af ...)
NOT-FOR-US: Tenda
CVE-2025-11360 (A vulnerability was detected in jakowenko double-take up to
1.13.1. Th ...)
- TODO: check
+ NOT-FOR-US: jakowenko double-take
CVE-2025-11359 (A security vulnerability has been detected in code-projects
Simple Ban ...)
NOT-FOR-US: code-projects
CVE-2025-11204 (The RegistrationMagic \u2013 Custom Registration Forms, User
Registrat ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11192 (A vulnerability in Extreme Networks\u2019 Fabric Engine (VOSS)
before ...)
- TODO: check
+ NOT-FOR-US: Extreme Networks
CVE-2025-11171 (The Chartify \u2013 WordPress Chart Plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10904
@@ -280,7 +280,7 @@ CVE-2025-10587 (The Community Events plugin for WordPress
is vulnerable to SQL I
CVE-2025-10494 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0603 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Callvision Emergency Code
CVE-2023-6215 (A potential security vulnerability has been identified in HP
Sure Star ...)
NOT-FOR-US: HP
CVE-2025-11460
@@ -836,7 +836,7 @@ CVE-2025-43824 (The Profile widget in Liferay Portal 7.4.0
through 7.4.3.111, an
CVE-2025-34251 (Tesla Telematics Control Unit (TCU) firmware prior to v2025.14
contain ...)
NOT-FOR-US: Tesla
CVE-2025-11362 (Versions of the package pdfmake before 0.3.0-beta.17 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: pdfmake
CVE-2025-11358 (A weakness has been identified in code-projects Simple Banking
System ...)
NOT-FOR-US: code-projects
CVE-2025-11357 (A security flaw has been discovered in code-projects Simple
Banking Sy ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce3b2396282402b288b0b005d186103c9fe807a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce3b2396282402b288b0b005d186103c9fe807a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
