[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Thu, 15 May 2025 01:13:15 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d5bf93e7 by security tracker role at 2025-05-15T08:13:01+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
 CVE-2025-4737 (Insufficient encryption vulnerability in the mobile application 
(com.t ...)
        TODO: check
 CVE-2025-4591 (The Weluka Lite plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-4589 (The Bon Toolkit plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-4579 (The WP Content Security Plugin plugin for WordPress is 
vulnerable to S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-4126 (The EG-Series plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-48027 (The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows 
authenticati ...)
        TODO: check
 CVE-2025-48024 (In BlueWave Checkmate before 2.1, an authenticated regular 
user can ac ...)
        TODO: check
 CVE-2025-47889 (In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication 
claims ar ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47888 (Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally 
disables SSL ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47887 (Missing permission checks in Jenkins Cadence vManager Plugin 
4.0.1-286 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47886 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Cadence v ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47885 (Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 
and earl ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47884 (In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47783 (Label Studio is a multi-type data labeling and annotation 
tool. A vuln ...)
        TODO: check
 CVE-2025-44879 (WS-WN572HP3 V230525 was discovered to contain a buffer 
overflow in the ...)
@@ -31,11 +31,11 @@ CVE-2025-44879 (WS-WN572HP3 V230525 was discovered to 
contain a buffer overflow
 CVE-2025-44024 (Cross-Site Scripting (XSS) vulnerability was discovered in the 
Pichome ...)
        TODO: check
 CVE-2025-3917 (The 
\u767e\u5ea6\u7ad9\u957fSEO\u5408\u96c6(\u652f\u6301\u767e\u5ea6/\ ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3742 (The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 
does n ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3053 (The UiPress lite | Effortless custom dashboards, admin themes 
and page ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-32421 (Next.js is a React framework for building full-stack web 
applications. ...)
        TODO: check
 CVE-2025-29691 (A cross-site scripting (XSS) vulnerability in OA System before 
v2025.0 ...)
@@ -51,11 +51,11 @@ CVE-2025-29686 (A cross-site scripting (XSS) vulnerability 
in OA System before v
 CVE-2025-27891 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
        TODO: check
 CVE-2025-27525 (Information Exposure vulnerability in Hitachi JP1/IT Desktop 
Managemen ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2025-27524 (Weak encryption vulnerability in Hitachi JP1/IT Desktop 
Management 2 - ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2025-27523 (XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - 
Smart Devic ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2025-26783 (An issue was discovered in RRC in Samsung Mobile Processor, 
Wearable P ...)
        TODO: check
 CVE-2024-56427 (An issue was discovered in Samsung Mobile Processor and 
Wearable Proce ...)
@@ -65,7 +65,7 @@ CVE-2024-55569 (An issue was discovered in Samsung Mobile 
Processor, Wearable Pr
 CVE-2024-45067 (Incorrect default permissions in some Intel(R) Gaudi(R) 
software insta ...)
        TODO: check
 CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for 
WordPress is  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-4478
        - gnome-remote-desktop <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365232



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5bf93e77156465fbf27eb3ede9463e12d6eb1aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5bf93e77156465fbf27eb3ede9463e12d6eb1aa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to