[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Thu, 04 Sep 2025 13:30:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fe0fd6da by security tracker role at 2025-09-04T20:14:22+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-9636 (pgAdmin <= 9.7 is affected by a  Cross-Origin Opener Policy 
(COOP) vul ...)
        TODO: check
 CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site 
Request For ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-8311 (dotCMS versions24.03.22 and after, identified a Boolean-based 
blind SQ ...)
        TODO: check
 CVE-2025-7388 (It was possible to perform Remote Command Execution (RCE) via 
Java RMI ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2025-7385 (Input from search query parameter in GOV CMS is not sanitized 
properly ...)
        TODO: check
 CVE-2025-6984 (The langchain-ai/langchain project, specifically the 
EverNoteLoader co ...)
@@ -13,13 +13,13 @@ CVE-2025-6984 (The langchain-ai/langchain project, 
specifically the EverNoteLoad
 CVE-2025-6785 (Securing externally available CAN wires can easily allow 
physical acce ...)
        TODO: check
 CVE-2025-6085 (The Make Connector plugin for WordPress is vulnerable to 
arbitrary fil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-58361 (Promptcraft Forge Studio is a toolkit for evaluating, 
optimizing, and  ...)
        TODO: check
 CVE-2025-58353 (Promptcraft Forge Studio is a toolkit for evaluating, 
optimizing, and  ...)
        TODO: check
 CVE-2025-57576 (PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross 
Site Scri ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul
 CVE-2025-57263 (An authenticated SQL injection vulnerability in VX Guestbook 
1.07 allo ...)
        TODO: check
 CVE-2025-48581 (In VerifyNoOverlapInSessions of apexd.cpp, there is a possible 
way to  ...)
@@ -199,9 +199,9 @@ CVE-2025-32321 (In isSafeIntent of 
AccountTypePreferenceLoader.java, there is a
 CVE-2025-32312 (In createIntentsList of PackageParser.java , there is a 
possible way t ...)
        TODO: check
 CVE-2025-2694 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 
6.2.0.0 thro ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-2667 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 
6.2.0.0 thro ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-2411 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
        TODO: check
 CVE-2025-26464 (In executeAppFunction of AppSearchManagerService.java, there 
is a poss ...)
@@ -279,7 +279,7 @@ CVE-2025-26420 (In multiple functions of 
GrantPermissionsActivity.java , there i
 CVE-2025-26419 (In initPhoneSwitch of SystemSettingsFragment.java, there is a 
possible ...)
        TODO: check
 CVE-2025-25048 (IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 
7.0.3 i ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-23302 (NVIDIA HGX and DGX contain a vulnerability where a 
misconfiguration of ...)
        TODO: check
 CVE-2025-23301 (NVIDIA HGX and DGX contain a vulnerability where a 
misconfiguration of ...)
@@ -319,11 +319,11 @@ CVE-2024-49731 (In apk-versions.txt, there is a possible 
corruption of telemetry
 CVE-2024-49714 (In avrc_vendor_msg of avrc_opt.cc, there is a possible out of 
bounds w ...)
        TODO: check
 CVE-2024-43184 (IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 
7.0.3 i ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-40664 (In setupAccessibilityServices of AccessibilityFragment.java , 
there is ...)
        TODO: check
 CVE-2024-34598 (Improper export of component in GoodLock prior to version 
2.2.04.95 al ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2024-13073 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        TODO: check
 CVE-2023-35657 (In bta_av_config_ind of bta_av_aact.cc, there is a possible 
out of bou ...)
@@ -272243,7 +272243,7 @@ CVE-2022-39890 (Improper Authorization in Samsung 
Billing prior to version 5.0.5
 CVE-2022-39889 (Improper access control vulnerability in GalaxyWatch4Plugin 
prior to v ...)
        NOT-FOR-US: Samsung
 CVE-2022-39888 (Improper access control vulnerability in retrieveExternalProxy 
in Misc ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2022-39887 (Improper access control vulnerability in clearAllGlobalProxy 
in MiscPo ...)
        NOT-FOR-US: Samsung
 CVE-2022-39886 (Improper access control vulnerability in 
IpcRxServiceModeBigDataInfo i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe0fd6da4e02402d166a61f54f2b94615f7c541e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe0fd6da4e02402d166a61f54f2b94615f7c541e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to