[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Fri, 12 Dec 2025 12:15:10 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9cebb50f by security tracker role at 2025-12-12T20:14:52+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,19 +23,19 @@ CVE-2025-65530 (An eval injection in the malware 
de-obfuscation routines of Clou
 CVE-2025-64011 (Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct 
Object Ref ...)
        TODO: check
 CVE-2025-58770 (APTIOV contains a vulnerability in BIOS where a user may cause 
\u201cI ...)
-       TODO: check
+       NOT-FOR-US: AMI
 CVE-2025-58137 (Authorization Bypass Through User-Controlled Key vulnerability 
in Apac ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-58130 (Insufficiently Protected Credentials vulnerability in Apache 
Fineract. ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-54981 (Weak Encryption Algorithm in StreamPark,The use of an AES 
cipher in EC ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-54947 (In Apache StreamPark versions 2.0.0 through 2.1.7, a security 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-53960 (When encrypting sensitive data, weak encryption keys that are 
fixed or ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-40829 (A vulnerability has been identified in Simcenter Femap (All 
versions < ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2025-36755 (The CleverDisplay BlueOne hardware player is designed with its 
USB int ...)
        TODO: check
 CVE-2025-36746 (SolarEdge monitoring platform contains a Cross\u2011Site 
Scripting (XS ...)
@@ -49,15 +49,15 @@ CVE-2025-36743 (SolarEdge SE3680H has an exposed debug/test 
interface accessible
 CVE-2025-26866 (A remote code execution vulnerability exists where a malicious 
Raft no ...)
        TODO: check
 CVE-2025-23408 (Weak Password Requirements vulnerability in Apache Fineract.  
This iss ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-14578 (A weakness has been identified in itsourcecode Student 
Management Syst ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2025-14572 (A vulnerability was found in UTT \u8fdb\u53d6 512W up to 
1.7.7-171114. ...)
        TODO: check
 CVE-2025-14571 (A vulnerability has been found in projectworlds Advanced 
Library Manag ...)
-       TODO: check
+       NOT-FOR-US: Project Worlds
 CVE-2025-14570 (A flaw has been found in projectworlds Advanced Library 
Management Sys ...)
-       TODO: check
+       NOT-FOR-US: Project Worlds
 CVE-2025-14569 (A vulnerability was detected in ggml-org whisper.cpp up to 
1.8.2. Affe ...)
        TODO: check
 CVE-2025-14568 (A security vulnerability has been detected in haxxorsid 
Stock-Manageme ...)
@@ -69,39 +69,39 @@ CVE-2025-14566 (A security flaw has been discovered in 
kidaze CourseSelectionSys
 CVE-2025-14565 (A vulnerability was identified in kidaze CourseSelectionSystem 
up to 4 ...)
        TODO: check
 CVE-2025-14442 (The Secure Copy Content Protection and Content Locking plugin 
for Word ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14174 (Out of bounds memory access in ANGLE in Google Chrome on Mac 
prior to  ...)
        TODO: check
 CVE-2025-14159 (The Secure Copy Content Protection and Content Locking plugin 
for Word ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14074 (The PDF for Contact Form 7 + Drag and Drop Template Builder 
plugin for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14065 (The Simple Bike Rental plugin for WordPress is vulnerable to 
unauthori ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14030 (The AI Feeds plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13993 (The MailerLite \u2013 Signup forms (official) plugin for 
WordPress is  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13733 (BuhoNTFS contains an insecure XPC service that allows local, 
unprivile ...)
        TODO: check
 CVE-2025-13506 (Execution with Unnecessary Privileges vulnerability in Nebim 
Neyir Com ...)
        TODO: check
 CVE-2025-12965 (The Magical Posts Display plugin for WordPress is vulnerable 
to Stored ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-12960 (The Simple CSV Table plugin for WordPress is vulnerable to 
Directory T ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-12843 (Code Injection using Electron Fuses in waveterm on MacOS 
allows TCC By ...)
        TODO: check
 CVE-2025-12841 (The Bookit WordPress plugin before 2.5.1 has a publicly 
accessible RES ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-12835 (The WooMulti WordPress plugin through 17 does not validate a 
file para ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-12408 (The Events Manager \u2013 Calendar, Bookings, Tickets, and 
more! plugi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-12407 (The Events Manager \u2013 Calendar, Bookings, Tickets, and 
more! plugi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-12348 (The Icegram Express - Email Subscribers, Newsletters and 
Marketing Aut ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-58314 (Atcom 100M IP Phones firmware version 2.7.x.x contains an 
authenticate ...)
        TODO: check
 CVE-2024-58311 (Dormakaba Saflok System 6000 contains a predictable key 
generation alg ...)
@@ -109,7 +109,7 @@ CVE-2024-58311 (Dormakaba Saflok System 6000 contains a 
predictable key generati
 CVE-2024-58305 (WonderCMS 4.3.2 contains a cross-site scripting vulnerability 
that all ...)
        TODO: check
 CVE-2024-58299 (PCMan FTP Server 2.0 contains a buffer overflow vulnerability 
in the ' ...)
-       TODO: check
+       NOT-FOR-US: PCMan FTP Server
 CVE-2024-14010 (Typora 1.7.4 contains a command injection vulnerability in the 
PDF exp ...)
        TODO: check
 CVE-2025-40345 (In the Linux kernel, the following vulnerability has been 
resolved:  u ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cebb50f61606ad1e4b9f0a795a4122b684a6b0c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cebb50f61606ad1e4b9f0a795a4122b684a6b0c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to