[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 29 Jul 2025 13:13:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5edf0c46 by security tracker role at 2025-07-29T20:13:06+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2025-8216 (The Sky Addons for Elementor plugin for WordPress is vulnerable 
to Sto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-8196 (The Magical Addons For Elementor plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-7689 (The Hydra Booking plugin for WordPress is vulnerable to 
Privilege Esca ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-7675 (A maliciously crafted 3DM file, when parsed through certain 
Autodesk p ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-7497 (A maliciously crafted PRT file, when parsed through certain 
Autodesk p ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-7458 (An integer overflow in the sqlite3KeyInfoFromExprList function 
in SQLi ...)
        TODO: check
 CVE-2025-6730 (The Bonanza \u2013 WooCommerce Free Gifts Lite plugin for 
WordPress is ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-6692 (The YouTube Embed plugin for WordPress is vulnerable to Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-6681 (The Fan Page plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-6637 (A maliciously crafted PRT file, when parsed through certain 
Autodesk p ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-6636 (A maliciously crafted PRT file, when parsed through certain 
Autodesk p ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-6635 (A maliciously crafted PRT file, when linked or imported into 
certain A ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-6631 (A maliciously crafted PRT file, when parsed through certain 
Autodesk p ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-6505 (Unauthorized access and impersonation can occur in 
versions4.6.2.3226a ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2025-6504 (In HDP Server versions below 4.6.2.2978 on Linux, unauthorized 
access  ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2025-6175 (Improper Neutralization of CRLF Sequences ('CRLF Injection') 
vulnerabi ...)
        TODO: check
 CVE-2025-6060 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
@@ -35,13 +35,13 @@ CVE-2025-6060 (Improper Neutralization of Input During Web 
Page Generation (XSS
 CVE-2025-5922 (Access to TSplus Remote Access Admin Toolis restricted to 
administrato ...)
        TODO: check
 CVE-2025-5684 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form 
Builder f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-5587 (The Appzend theme for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-5043 (A maliciously crafted 3DM file, when linked or imported into 
certain A ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-5038 (A maliciously crafted X_T file, when parsed through certain 
Autodesk p ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-54432
        REJECTED
 CVE-2025-54422 (Sandboxie is a sandbox-based isolation software for 32-bit and 
64-bit  ...)
@@ -49,35 +49,35 @@ CVE-2025-54422 (Sandboxie is a sandbox-based isolation 
software for 32-bit and 6
 CVE-2025-54420
        REJECTED
 CVE-2025-53902 (Tuleap is an Open Source Suite created to facilitate 
management of sof ...)
-       TODO: check
+       NOT-FOR-US: Tuleap
 CVE-2025-53715 (A vulnerability has been found in TP-Link TL-WR841N V11. The 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2025-53714 (A vulnerability has been found in TP-Link TL-WR841N V11. The 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2025-53713 (A vulnerability has been found in TP-Link TL-WR841N V11. The 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2025-53712 (A vulnerability has been found in TP-Link TL-WR841N V11. The 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2025-53711 (A vulnerability has been found in TP-Link TL-WR841N V11. The 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2025-53541 (Tuleap is an Open Source Suite created to facilitate 
management of sof ...)
-       TODO: check
+       NOT-FOR-US: Tuleap
 CVE-2025-53102 (Discourse is an open-source community discussion platform. 
Prior to ve ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2025-52899 (Tuleap is an Open Source Suite created to facilitate 
management of sof ...)
-       TODO: check
+       NOT-FOR-US: Tuleap
 CVE-2025-52490 (An issue was discovered in Couchbase Sync Gateway before 
3.2.6. In sgc ...)
        TODO: check
 CVE-2025-52358 (A cross-site scripting vulnerability in Vivaldi United Group 
iCONTROL+ ...)
        TODO: check
 CVE-2025-52284 (Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-51970 (A SQL Injection vulnerability exists in the action.php 
endpoint of Pun ...)
        TODO: check
 CVE-2025-51045 (Phpgurukul Pre-School Enrollment System 1.0 contains a SQL 
injection v ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul
 CVE-2025-51044 (phpgurukul Nipah virus (NiV) Testing Management System 1.0 
contains a  ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul
 CVE-2025-50738 (The Memos application, up to version v0.24.3, allows for the 
embedding ...)
        TODO: check
 CVE-2025-46059 (langchain-ai v0.3.51 was discovered to contain an indirect 
prompt inje ...)
@@ -101,21 +101,21 @@ CVE-2025-40683 (Reflected Cross-Site Scripting (XSS) in 
Human Resource Managemen
 CVE-2025-40682 (SQL injection vulnerability in Human Resource Management 
System versio ...)
        TODO: check
 CVE-2025-36071 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 11.5 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36010 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2   could allow an 
unauthen ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-33114 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2     is vulnerable 
to deni ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-33092 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2   is vulnerable 
to a stac ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-31965 (Improper access restrictions in HCL BigFix Remote Control 
Server WebUI ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2025-2928 (SQL Injection affecting the Archiver role.)
        TODO: check
 CVE-2025-2533 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a 
denial ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-2179 (An incorrect privilege assignment vulnerability in the Palo 
Alto Netwo ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2025-28172 (Grandstream Networks UCM6510 v1.0.20.52 and before is 
vulnerable to Im ...)
        TODO: check
 CVE-2025-28171 (An issue in Grandstream UCM6510 v.1.0.20.52 and before allows 
a remote ...)
@@ -125,13 +125,13 @@ CVE-2025-28170 (Grandstream Networks GXP1628 <=1.0.4.130 
is vulnerable to Incorr
 CVE-2025-27514 (GLPI is a Free Asset and IT Management Software package, Data 
center m ...)
        TODO: check
 CVE-2025-26400 (SolarWinds Web Help Desk was reported to be affected by an XML 
Externa ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2024-52894 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-51473 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-49828 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-43018 (Piwigo 13.8.0 and below is vulnerable to SQL Injection in the 
paramete ...)
        TODO: check
 CVE-2024-42655 (An access control issue in NanoMQ v0.21.10 allows attackers to 
bypass  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5edf0c4604e8f3e104b5664fbf652f431fe14dd1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5edf0c4604e8f3e104b5664fbf652f431fe14dd1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to