[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 22 Apr 2025 01:13:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a1d237ca by security tracker role at 2025-04-22T08:12:47+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2025-3843 (A vulnerability was found in panhainan 
DS-Java 1.0. It has been c
 CVE-2025-3842 (A vulnerability was found in panhainan DS-Java 1.0 and 
classified as c ...)
        TODO: check
 CVE-2025-3814 (The Tax Switch for WooCommerce plugin for WordPress is 
vulnerable to S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3616 (The Greenshift \u2013 animation and page builder blocks plugin 
for Wor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3577 (**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in 
the we ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2025-32958 (Adept is a language for general purpose programming. Prior to 
commit a ...)
        TODO: check
 CVE-2025-32956 (ManageWiki is a MediaWiki extension allowing users to manage 
wikis. Ve ...)
@@ -31,21 +31,21 @@ CVE-2025-32956 (ManageWiki is a MediaWiki extension 
allowing users to manage wik
 CVE-2025-32955 (Harden-Runner is a CI/CD security agent that works like an EDR 
for Git ...)
        TODO: check
 CVE-2025-2987 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to 
server-side reque ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-2839 (The WP Import Export Lite plugin for WordPress is vulnerable to 
Stored ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2594 (The User Registration & Membership  WordPress plugin before 
4.1.3 does ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-2300 (Hitachi Ops Center Common Services within Hitachi Ops Center 
OVA conta ...)
        TODO: check
 CVE-2025-1732 (An improper privilege management vulnerability in the recovery 
functio ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2025-1731 (An incorrect permission assignment vulnerability in the 
PostgreSQL com ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2024-46899 (Hitachi Ops Center Common Services within Hitachi Ops Center 
Analyzer  ...)
        TODO: check
 CVE-2024-13569 (The Front End Users WordPress plugin through 3.2.32 does not 
sanitise  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-58250 (The passprompt plugin in pppd in ppp before 2.5.2 mishandles 
privilege ...)
        - ppp 2.5.2-1+1
        NOTE: Fixed by: 
https://github.com/ppp-project/ppp/commit/0a66ad22e54c72690ec2a29a019767c55c5281fc
 (v2.5.2)
@@ -63,11 +63,11 @@ CVE-2025-3857 (When reading binary Ion data through 
Amazon.IonDotnet using the R
 CVE-2025-3841 (A vulnerability, which was classified as problematic, was found 
in wix ...)
        NOT-FOR-US: wix-incubator jam
 CVE-2025-3840 (An improper neutralization of input vulnerability was 
identified in th ...)
-       TODO: check
+       NOT-FOR-US: Saviynt
 CVE-2025-3838 (An Improper Authorization vulnerability was identified in the 
EOL OVA  ...)
-       TODO: check
+       NOT-FOR-US: Saviynt
 CVE-2025-3837 (An improper input validation vulnerability is identified in the 
End of ...)
-       TODO: check
+       NOT-FOR-US: Saviynt
 CVE-2025-32793 (Cilium is a networking, observability, and security solution 
with an e ...)
        - cilium <itp> (bug #858303)
 CVE-2025-32431 (Traefik (pronounced traffic) is an HTTP reverse proxy and load 
balance ...)
@@ -77,7 +77,7 @@ CVE-2025-32408 (In Soffid Console 3.6.31 before 3.6.32, 
authorization to use the
 CVE-2025-2517 (Reference to Expired Domain Vulnerability in OpenText\u2122 
ArcSight E ...)
        NOT-FOR-US: OpenText
 CVE-2025-2298 (An improper authorization vulnerability in Dremio Software 
allows auth ...)
-       TODO: check
+       NOT-FOR-US: Dremio
 CVE-2025-29660 (A vulnerability exists in the daemon process of the Yi IOT 
XY-3820 v6. ...)
        NOT-FOR-US: Yi IOT XY-3820
 CVE-2025-29659 (Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command 
Execution via ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d237ca0d1542f30b12cd3aaef25050bbeefe89

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d237ca0d1542f30b12cd3aaef25050bbeefe89
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to