[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Thu, 18 Dec 2025 12:14:09 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eca0f422 by security tracker role at 2025-12-18T20:13:49+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9787 (Zohocorp ManageEngine Applications Manager versions 177400 and 
below a ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2025-7358 (Use of Hard-coded Credentials vulnerability in Utarit 
Informatics Serv ...)
        TODO: check
 CVE-2025-7047 (Missing Authorization vulnerability in Utarit Informatics 
Services Inc ...)
@@ -11,7 +11,7 @@ CVE-2025-68278 (Tina is a headless content management system. 
In tinacms prior t
 CVE-2025-67745 (MyHoard is a daemon for creating, managing and restoring MySQL 
backups ...)
        TODO: check
 CVE-2025-66058 (Missing Authorization vulnerability in PickPlugins Post Grid 
and Guten ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-65568 (A denial-of-service vulnerability exists in the omec-project 
UPF (pfcp ...)
        TODO: check
 CVE-2025-65567 (A denial-of-service vulnerability exists in the omec-project 
UPF (pfcp ...)
@@ -49,33 +49,33 @@ CVE-2025-64724 (Arduino IDE is an integrated development 
environment. Prior to v
 CVE-2025-64723 (Arduino IDE is an integrated development environment. Prior to 
version ...)
        TODO: check
 CVE-2025-64469 (There is a stack-based buffer overflow vulnerability in NI 
LabVIEW in  ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64468 (There is a use-after-free vulnerability in 
sentry!sentry_span_set_data ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64467 (There is an out of bounds read vulnerability in NI LabVIEW in 
LVResFil ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64466 (There is an out of bounds read vulnerability in NI LabVIEW in 
lvre!Exe ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64465 (There is an out of bounds read vulnerability in NI LabVIEW in 
lvre!Dat ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64464 (There is an out of bounds read vulnerability in NI LabVIEW in 
lvre!Vis ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64463 (There is an out of bounds read vulnerability in NI LabVIEW in 
LVResour ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64462 (There is an out of bounds read vulnerability in NI LabVIEW in 
LVResFil ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64461 (There is an out of bounds write vulnerability in NI LabVIEW in 
mgocre_ ...)
-       TODO: check
+       NOT-FOR-US: National Instruments
 CVE-2025-64400 (Control Panel provides an API for pre-registering  into an 
enrollment  ...)
-       TODO: check
+       NOT-FOR-US: Palantir
 CVE-2025-64355 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64282 (Authorization Bypass Through User-Controlled Key vulnerability 
in Radi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64236 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64235 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template 
function i ...)
        TODO: check
 CVE-2025-63391 (An authentication bypass vulnerability exists in Open-WebUI 
<=0.6.32 i ...)
@@ -91,15 +91,15 @@ CVE-2025-63387 (Dify v1.9.1 is vulnerable to Insecure 
Permissions. An unauthenti
 CVE-2025-63386 (A Cross-Origin Resource Sharing (CORS) misconfiguration 
vulnerability  ...)
        TODO: check
 CVE-2025-63043 (Authorization Bypass Through User-Controlled Key vulnerability 
in Pick ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63002 (Missing Authorization vulnerability in wpforchurch Sermon 
Manager allo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-62998 (Insertion of Sensitive Information Into Sent Data 
vulnerability in WP  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-62961 (Missing Authorization vulnerability in Sparkle WP Sparkle FSE 
allows E ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-62960 (Missing Authorization vulnerability in Sparkle WP Construction 
Light a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-59949 (FreshRSS is a free, self-hostable RSS aggregator. Versions 
prior to 1. ...)
        TODO: check
 CVE-2025-56157 (Default credentials in Dify thru 1.5.1. PostgreSQL username 
and passwo ...)
@@ -113,7 +113,7 @@ CVE-2025-40892 (A Stored Cross-Site Scripting vulnerability 
was discovered in th
 CVE-2025-40891 (A Stored HTML Injection vulnerability was discovered in the 
Time Machi ...)
        TODO: check
 CVE-2025-40602 (A local privilege escalation vulnerability due to insufficient 
authori ...)
-       TODO: check
+       NOT-FOR-US: SonicWall
 CVE-2025-1031 (Authorization Bypass Through User-Controlled Key vulnerability 
in Utar ...)
        TODO: check
 CVE-2025-1030 (Exposure of Private Personal Information to an Unauthorized 
Actor vuln ...)
@@ -123,17 +123,17 @@ CVE-2025-1029 (Use of Hard-coded Credentials 
vulnerability in Utarit Information
 CVE-2025-14896 (due to insufficient sanitazation in Vega\u2019s `convert()` 
function w ...)
        TODO: check
 CVE-2025-14889 (A security flaw has been discovered in Campcodes Advanced 
Voting Manag ...)
-       TODO: check
+       NOT-FOR-US: Campcodes
 CVE-2025-14885 (A flaw has been found in SourceCodester Client Database 
Management Sys ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2025-14884 (A vulnerability was detected in D-Link DIR-605 202WWB03. 
Affected by t ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-14879 (A weakness has been identified in Tenda WH450 1.0.0.18. 
Affected is an ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-14878 (A security flaw has been discovered in Tenda WH450 1.0.0.18. 
This impa ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-14877 (A vulnerability was identified in Campcodes Supplier 
Management System ...)
-       TODO: check
+       NOT-FOR-US: Campcodes
 CVE-2025-14874 (A flaw was found in Nodemailer. This vulnerability allows a 
denial of  ...)
        TODO: check
 CVE-2025-14861 (Memory safety bugs present in Firefox 146. Some of these bugs 
showed e ...)
@@ -145,25 +145,25 @@ CVE-2025-14823 (In deployments using the 
ScreenConnect\u2122 Certificate Signing
 CVE-2025-14744 (Unicode RTLO characters could allow malicious websites to 
spoof filena ...)
        TODO: check
 CVE-2025-14739 (Access of Uninitialized Pointer vulnerability in TP-Link 
WR940N and WR ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2025-14738 (Improper authentication vulnerability in TP-Link WA850RE 
(httpd module ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2025-14737 (Command Injection vulnerability in TP-Link WA850RE (httpd 
modules) all ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2025-14618 (The Sweet Energy Efficiency plugin for WordPress is vulnerable 
to unau ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14437 (The Hummingbird Performance plugin for WordPress is vulnerable 
to Sens ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14364 (The Demo Importer Plus plugin for WordPress is vulnerable to 
unauthori ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14277 (The Prime Slider \u2013 Addons for Elementor plugin for 
WordPress is v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13730 (The OpenID Connect Generic Client plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13641 (The Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN 
Gallery ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13110 (The HUSKY \u2013 Products Filter Professional for WooCommerce 
plugin f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-10910 (A flaw in the binding process of Govee\u2019s cloud platform 
and devic ...)
        TODO: check
 CVE-2024-58323 (A stored cross-site scripting vulnerability in Kentico 
Xperience allow ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca0f4227ea732f390a5dc0f85001a7002143fee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca0f4227ea732f390a5dc0f85001a7002143fee
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to