[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Fri Aug 8 21:13:08 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ab21b42 by security tracker role at 2025-08-08T20:13:02+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,17 +17,17 @@ CVE-2025-8733 (A vulnerability was found in GNU Bison up to 3.8.2. It has been r
 CVE-2025-8732 (A vulnerability was found in libxml2 up to 2.14.5. It has been declare ...)
 	TODO: check
 CVE-2025-8731 (A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430A ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2025-8730 (A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.0 ...)
-	TODO: check
+	NOT-FOR-US: Belkin
 CVE-2025-8729 (A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classifie ...)
 	TODO: check
 CVE-2025-8393 (A TLS vulnerability exists in the phone application used to manage a   ...)
 	TODO: check
 CVE-2025-8356 (In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path T ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2025-8355 (In Xerox FreeFlow Core version 8.0.4, improper handling of XML input a ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2025-8284 (By default, the Packet Power Monitoring and Control Web Interface do n ...)
 	TODO: check
 CVE-2025-8088 (A path traversal vulnerability affecting the Windows version of WinRAR ...)
@@ -57,19 +57,19 @@ CVE-2025-50466 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker
 CVE-2025-50465 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
 	TODO: check
 CVE-2025-4796 (The Eventin plugin for WordPress is vulnerable to privilege escalation ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4576 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-48913 (If untrusted users are allowed to configure JMS for Apache CXF, previo ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-47872 (The public-facing product registration endpoint server responds  diffe ...)
 	TODO: check
 CVE-2025-46414 (The affected product does not limit the number of attempts for inputti ...)
 	TODO: check
 CVE-2025-36119 (IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obta ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36023 (IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2012-10053 (Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulne ...)
 	TODO: check
 CVE-2012-10052 (EGallery version 1.2 contains an unauthenticated arbitrary file upload ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab21b42bbd9a1cc1e9fa32ee7e10818d526ad67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab21b42bbd9a1cc1e9fa32ee7e10818d526ad67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250808/dc05204a/attachment-0001.htm>
