[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 30 21:14:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dca108f3 by security tracker role at 2025-04-30T20:14:00+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
 CVE-2025-4136 (A vulnerability was found in Weitong Mall 1.0.0. It has been classifie ...)
 	TODO: check
 CVE-2025-4135 (A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classifie ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4125 (Delta Electronics ISPSoft version 3.20 is vulnerable to anOut-Of-Bound ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2025-4124 (Delta Electronics ISPSoft version 3.20 is vulnerable to anOut-Of-Bound ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2025-4122 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4121 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4120 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4119 (A vulnerability classified as critical was found in Weitong Mall 1.0.0 ...)
 	TODO: check
 CVE-2025-4118 (A vulnerability classified as critical has been found in Weitong Mall  ...)
 	TODO: check
 CVE-2025-4117 (A vulnerability, which was classified as critical, was found in Netgea ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4116 (A vulnerability, which was classified as critical, has been found in N ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4115 (A vulnerability classified as critical was found in Netgear JWNR2000v2 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4114 (A vulnerability classified as critical has been found in Netgear JWNR2 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4113 (A vulnerability was found in PHPGurukul Curfew e-Pass Management Syste ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4112 (A vulnerability was found in PHPGurukul Student Record System 3.20. It ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4111 (A vulnerability was found in PHPGurukul Pre-School Enrollment System 1 ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4110 (A vulnerability was found in PHPGurukul Pre-School Enrollment System 1 ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4109 (A vulnerability has been found in PHPGurukul Pre-School Enrollment Sys ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4108 (A vulnerability, which was classified as critical, was found in PHPGur ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-46619 (A security issue has been discovered in Couchbase Server before 7.6.4  ...)
 	TODO: check
 CVE-2025-46558 (XWiki Contrib's Syntax Markdown allows importing Markdown content into ...)
@@ -49,43 +49,43 @@ CVE-2025-46342 (Kyverno is a policy engine designed for cloud native platform en
 CVE-2025-46331 (OpenFGA is a high-performance and flexible authorization/permission en ...)
 	TODO: check
 CVE-2025-45021 (A SQL Injection vulnerability was identified in the admin/edit-directo ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45020 (A SQL Injection vulnerability was discovered in the normal-bwdates-rep ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45019 (A SQL injection vulnerability was discovered in /add-foreigners-ticket ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45018 (A SQL Injection vulnerability was discovered in the foreigner-bwdates- ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45017 (A SQL injection vulnerability was discovered in edit-ticket.php of PHP ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45015 (A Cross-Site Scripting (XSS) vulnerability was discovered in the forei ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45011 (A HTML Injection vulnerability was discovered in the foreigner-search. ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45010 (A HTML Injection vulnerability was discovered in the normal-bwdates-re ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45009 (A HTML Injection vulnerability was discovered in the normal-search.php ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-45007 (A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-44194 (SourceCodester Simple Barangay Management System v1.0 has a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-44193 (SourceCodester Simple Barangay Management System v1.0 has a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-44192 (SourceCodester Simple Barangay Management System v1.0 has a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-3859 (Websites directing users to long URLs that caused eliding to occur in  ...)
 	TODO: check
 CVE-2025-3599 (Symantec Endpoint Protection Windows Agent, running an ERASER Engine p ...)
 	TODO: check
 CVE-2025-3395 (Incorrect Permission Assignment for Critical Resource, Cleartext Stora ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-3394 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-3269
 	REJECTED
 CVE-2025-39413 (Missing Authorization vulnerability in David Gwyer Simple Sitemap \u20 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-33074 (Improper verification of cryptographic signature in Microsoft Azure Fu ...)
 	TODO: check
 CVE-2025-32974 (XWiki is a generic wiki platform. In versions starting from 15.9-rc-1  ...)
@@ -111,9 +111,9 @@ CVE-2025-30390 (Improper authorization in Azure allows an authorized attacker to
 CVE-2025-30389 (Improper authorization in Azure Bot Framework SDK allows an unauthoriz ...)
 	TODO: check
 CVE-2025-2890 (The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-b ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2170 (A Server-side request forgery (SSRF) vulnerability has been identified ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2025-2156
 	REJECTED
 CVE-2025-2082 (Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerabili ...)
@@ -157,13 +157,13 @@ CVE-2025-24339 (A vulnerability in the web application of ctrlX OS allows a remo
 CVE-2025-24338 (A vulnerability in the \u201cManages app data\u201d functionality of t ...)
 	TODO: check
 CVE-2025-24091 (An app could impersonate system notifications. Sensitive notifications ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-21416 (Missing authorization in Azure Virtual Desktop allows an authorized at ...)
 	TODO: check
 CVE-2024-9877 (: Use of GET Request Method With Sensitive Query Strings vulnerability ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2024-9876 (: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB A ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2024-6032 (Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vul ...)
 	TODO: check
 CVE-2024-6031 (Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Executi ...)
@@ -173,7 +173,7 @@ CVE-2024-6030 (Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnera
 CVE-2024-6029 (Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. ...)
 	TODO: check
 CVE-2024-47784 (Unverified Password Change for ANC software that allows an authenticat ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2024-13943 (Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Valida ...)
 	TODO: check
 CVE-2025-4096



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dca108f3dc4c68528d9de6c304e2077b9c614667

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dca108f3dc4c68528d9de6c304e2077b9c614667
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/24c29af8/attachment.htm>

More information about the debian-security-tracker-commits mailing list