Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ded4be8 by security tracker role at 2025-10-10T08:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-62292 (In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA,
authent ...)
TODO: check
CVE-2025-62240 (Multiple cross-site scripting (XSS) vulnerabilities with
Calendar even ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-61928 (Better Auth is an authentication and authorization library for
TypeScr ...)
TODO: check
CVE-2025-61926 (Allstar is a GitHub App to set and enforce security policies.
In versi ...)
@@ -35,9 +35,9 @@ CVE-2025-59246 (Azure Entra ID Elevation of Privilege
Vulnerability)
CVE-2025-59218 (Azure Entra ID Elevation of Privilege Vulnerability)
TODO: check
CVE-2025-55321 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-43296 (A logic issue was addressed with improved validation. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-35062 (Newforma Info Exchange (NIX) before version 2023.1 by default
allows a ...)
TODO: check
CVE-2025-35061 (Newforma Info Exchange (NIX)
'/NPCSRemoteWeb/LegacyIntegrationServices ...)
@@ -65,59 +65,59 @@ CVE-2025-35051 (Newforma Project Center Server (NPCS)
accepts serialized .NET da
CVE-2025-35050 (Newforma Info Exchange (NIX) accepts serialized .NET data via
the '/re ...)
TODO: check
CVE-2025-34248 (D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a
directory ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-21070 (Out-of-bounds write in the SPI decoder in Samsung Notes prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21069 (Out-of-bounds read in the parsing of image data in Samsung
Notes prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21068 (Out-of-bounds read in the reading of image data in Samsung
Notes prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21067 (Out-of-bounds read in the allocation of image buffer in
Samsung Notes ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21066 (Out-of-bounds read in the SPI decoder in Samsung Notes prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21065 (Improper input validation in Retail Mode prior to version
5.59.11 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21064 (Improper authentication in Smart Switch prior to version
3.7.66.6 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21063 (Improper access control in Samsung Voice Recorder prior to
version 21. ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21062 (Use of a broken or risky cryptographic algorithm in Smart
Switch prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21061 (Cleartext storage of sensitive information in Smart Switch
prior to ve ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21060 (Cleartext storage of sensitive information in Smart Switch
prior to ve ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21059 (Improper authorization in Samsung Health prior to version
6.30.5.105 a ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21058 (Improper access control in Routines prior to version 4.8.7.1
in Androi ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21057 (Use of implicit intent for sensitive communication in Samsung
Notes pr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21055 (Out-of-bounds read and write in libimagecodec.quram.so prior
to SMR Oc ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21054 (Out-of-bounds read in the parsing header for JPEG decoding in
libpadm. ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21053 (Out-of-bounds write in the parsing header for JPEG decoding in
libpadm ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21052 (Out-of-bounds write under specific condition in the
pre-processing of ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21051 (Out-of-bounds write in the pre-processing of JPEG decoding in
libpadm. ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21050 (Improper input validiation in Contacts prior to SMR Oct-2025
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21049 (Improper access control in SecSettings prior to SMR Oct-2025
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21048 (Relative path traversal in Knox Enterprise prior to SMR
Oct-2025 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21047 (Improper access control in KnoxGuard prior to SMR Oct-2025
Release 1 a ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21046 (Improper access control in WindowManager in Samsung DeX prior
to SMR O ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21045 (Insecure storage of sensitive information in Galaxy Watch
prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-21044 (Out-of-bounds write in fingerprint trustlet prior to SMR
Oct-2025 Rele ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2025-11570 (Versions of the package
drupal-pattern-lab/unified-twig-extensions fro ...)
TODO: check
CVE-2025-11569 (All versions of the package cross-zip are vulnerable to
Directory Trav ...)
@@ -125,17 +125,17 @@ CVE-2025-11569 (All versions of the package cross-zip are
vulnerable to Director
CVE-2025-11558 (A vulnerability was found in code-projects E-Commerce Website
1.0. Imp ...)
TODO: check
CVE-2025-11557 (A vulnerability has been found in projectworlds Gate Pass
Management S ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2025-11556 (A flaw has been found in code-projects Simple Leave Manager
1.0. This ...)
TODO: check
CVE-2025-11555 (A vulnerability was detected in Campcodes Online Learning
Management S ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-11450 (ServiceNow has addressed a reflected cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2025-11449 (ServiceNow has addressed a reflected cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2025-10124 (The Booking Manager WordPress plugin before 2.1.15 registers
a shortc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15047 (AVTECH devices that include the CloudSetup.cgi management
endpoint are ...)
TODO: check
CVE-2025-61724 [net/textproto: excessive CPU consumption in
Reader.ReadResponse]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ded4be8d12ebfd2efd5195b0860ecd15d8d63d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ded4be8d12ebfd2efd5195b0860ecd15d8d63d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
