[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Wed Apr 23 21:13:12 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2248162c by security tracker role at 2025-04-23T20:13:05+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have filenam
 CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before 7.1.1-44, ...)
 	TODO: check
 CVE-2025-45429 (In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there i ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-45428 (In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime par ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security param ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image depth i ...)
 	TODO: check
 CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk Managemen ...)
@@ -25,17 +25,17 @@ CVE-2025-42601 (This vulnerability exists in Meon KYC solutions due to insuffici
 CVE-2025-42600 (This vulnerability exists in Meon KYC solutions due to missing restric ...)
 	TODO: check
 CVE-2025-3907 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API S ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-3904 (Vulnerability in Drupal Sportsleague.This issue affects Sportsleague:  ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-3903 (Vulnerability in Drupal UEditor - \u767e\u5ea6\u7f16\u8f91\u5668.This  ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-3902 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-3901 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-3900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-3673
 	REJECTED
 CVE-2025-32969 (XWiki is a generic wiki platform. In versions starting from 1.8 and pr ...)
@@ -45,7 +45,7 @@ CVE-2025-32968 (XWiki is a generic wiki platform. In versions starting from 1.6-
 CVE-2025-32966 (DataEase is an open-source BI tool alternative to Tableau. Prior to ve ...)
 	TODO: check
 CVE-2025-32818 (A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2025-2773 (BEC Technologies Multiple Routers sys ping Command Injection Remote Co ...)
 	TODO: check
 CVE-2025-2772 (BEC Technologies Multiple Routers Insufficiently Protected Credentials ...)
@@ -99,7 +99,7 @@ CVE-2025-1521 (PostHog slack_incoming_webhook Server-Side Request Forgery Inform
 CVE-2025-1520 (PostHog ClickHouse Table Functions SQL Injection Remote Code Execution ...)
 	TODO: check
 CVE-2025-1054 (The UiCore Elements \u2013 Free Elementor widgets and templates plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1050 (Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. ...)
 	TODO: check
 CVE-2025-1049 (Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2248162c586f7638208ee5ee2307b947e0c862ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2248162c586f7638208ee5ee2307b947e0c862ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250423/dc09dc3c/attachment-0001.htm>
