[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Fri, 19 Sep 2025 13:13:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
82f2b408 by security tracker role at 2025-09-19T20:13:18+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,23 +13,23 @@ CVE-2025-8664 (Improper Neutralization of Input During Web 
Page Generation (XSS
 CVE-2025-8532 (Authorization Bypass Through User-Controlled Key, CWE - 862 - 
Missing  ...)
        TODO: check
 CVE-2025-8531 (Improper Handling of Length Parameter Inconsistency 
vulnerability in M ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2025-8487 (The Kubio AI Page Builder plugin for WordPress is vulnerable to 
unauth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-7937 (There is a vulnerability in the Supermicro BMC firmware 
validation log ...)
        TODO: check
 CVE-2025-7702 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in P ...)
        TODO: check
 CVE-2025-7665 (The Miniorange OTP Verification with Firebase plugin for 
WordPress is  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-7403 (Unsafe handling in bt_conn_tx_processor causes a 
use-after-free, resul ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-6198 (There is a vulnerability in the Supermicro BMC firmware 
validation log ...)
        TODO: check
 CVE-2025-5955 (The Service Finder SMS System plugin for WordPress is 
vulnerable to au ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-5948 (The Service Finder Bookings plugin for WordPress is vulnerable 
to priv ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-59717 (In the @digitalocean/do-markdownit package through 1.16.1 (in 
npm), th ...)
        TODO: check
 CVE-2025-59715 (SMSEagle before 6.11 allows reflected XSS via a username or 
contact ph ...)
@@ -81,11 +81,11 @@ CVE-2025-57880 (Improper Encoding or Escaping of Output 
vulnerability in Hallo W
 CVE-2025-57644 (Accela Automation Platform 22.2.3.0.230103 contains multiple 
vulnerabi ...)
        TODO: check
 CVE-2025-57528 (An issue was discovered in Tenda AC6 
US_AC6V1.0BR_V15.03.05.16_multi_T ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-57396 (Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is 
vulnerable t ...)
        TODO: check
 CVE-2025-57296 (Tenda AC6 router firmware 15.03.05.19 contains a command 
injection vul ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-57295 (H3C devices running firmware version NX15V100R015 are 
vulnerable to un ...)
        TODO: check
 CVE-2025-57293 (A command injection vulnerability in COMFAST CF-XR11 (firmware 
V2.7.2) ...)
@@ -131,11 +131,11 @@ CVE-2025-47698 (An adjacent attacker without 
authentication can exploit this vul
 CVE-2025-46703 (Improper Encoding or Escaping of Output vulnerability in Hallo 
Welt! G ...)
        TODO: check
 CVE-2025-43809 (Cross-Site Request Forgery (CSRF) vulnerability in the server 
(license ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-43803 (Insecure direct object reference (IDOR) vulnerability in the 
Contacts  ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-36248 (IBM Copy Services Manager 6.3.13 is vulnerable to cross-site 
scripting ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-34206 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
and Applic ...)
        TODO: check
 CVE-2025-34205 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host 
versions p ...)
@@ -177,13 +177,13 @@ CVE-2025-30755 (OpenGrok 1.14.1 has a reflected 
Cross-Site Scripting (XSS) issue
 CVE-2025-30519 (Dover Fueling Solutions ProGauge MagLink LX4 Deviceshave 
default root  ...)
        TODO: check
 CVE-2025-26517 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 
11.8.0. ...)
-       TODO: check
+       NOT-FOR-US: NetApp
 CVE-2025-26516 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 
11.8.0. ...)
-       TODO: check
+       NOT-FOR-US: NetApp
 CVE-2025-26515 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 
11.8.0. ...)
-       TODO: check
+       NOT-FOR-US: NetApp
 CVE-2025-26514 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 
11.8.0. ...)
-       TODO: check
+       NOT-FOR-US: NetApp
 CVE-2025-10722 (A vulnerability was detected in SKTLab Mukbee App 1.01.196 on 
Android. ...)
        TODO: check
 CVE-2025-10721 (A vulnerability was determined in Webull Investing & Trading 
App 11.2. ...)
@@ -211,27 +211,27 @@ CVE-2025-10708 (A security vulnerability has been 
detected in Four-Faith Water C
 CVE-2025-10707 (A weakness has been identified in JeecgBoot up to 3.8.2. 
Affected is a ...)
        TODO: check
 CVE-2025-10690 (The Goza - Nonprofit Charity WordPress Theme theme for 
WordPress is vu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-10689 (A vulnerability was identified in D-Link DIR-645 105B01. This 
issue af ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-10647 (The Embed PDF for WPForms plugin for WordPress is vulnerable 
to arbitr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-10630 (Grafana is an open-source platform for monitoring and 
observability.Gr ...)
        TODO: check
 CVE-2025-10568 (HyperX NGENUITY software is potentially vulnerable to 
arbitrary code e ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2025-10468 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        TODO: check
 CVE-2025-10458 (Parameters are not validated or sanitized, and are later used 
in vario ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-10457 (The function responsible for handling BLE connection responses 
does no ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-10456 (A vulnerability was identified in the handling of Bluetooth 
Low Energy ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-10146 (The Download Manager plugin for WordPress is vulnerable to 
Reflected C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-10035 (A deserialization vulnerability in the License Servlet of 
Fortra's GoA ...)
-       TODO: check
+       NOT-FOR-US: Fortra
 CVE-2024-13990 (MicroWorld eScan AV's update mechanism failed to ensure 
authenticity a ...)
        TODO: check
 CVE-2022-4980 (General Bytes Crypto Application Server (CAS) beginning with 
version 2 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82f2b4088c628f8e49324596e4ea0c14cecacd6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82f2b4088c628f8e49324596e4ea0c14cecacd6d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to