[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 25 21:14:32 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
009eb43b by security tracker role at 2025-08-25T20:14:25+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9417 (A weakness has been identified in itsourcecode Apartment Management Sy ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-9416 (A security flaw has been discovered in oitcode samarium up to 0.9.6. T ...)
 	TODO: check
 CVE-2025-9415 (A vulnerability was identified in GreenCMS up to 2.3.0603. This affect ...)
@@ -19,7 +19,7 @@ CVE-2025-9409 (A security flaw has been discovered in lostvip-com ruoyi-go up to
 CVE-2025-9407 (A flaw has been found in mtons mblog up to 3.5.0. Affected by this vul ...)
 	TODO: check
 CVE-2025-8562 (The Custom Query Shortcode plugin for WordPress is vulnerable to Path  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7426 (Information disclosure and exposure of authentication FTP credentials  ...)
 	TODO: check
 CVE-2025-6737 (Securden\u2019s Unified PAM Remote Vendor Gateway access portal shares ...)
@@ -31,19 +31,19 @@ CVE-2025-57811 (Craft is a platform for creating digital experiences. From versi
 CVE-2025-57802 (Airlink's Daemon interfaces with Docker and the Panel to provide secur ...)
 	TODO: check
 CVE-2025-57773 (DataEase is an open source business intelligence and data visualizatio ...)
-	TODO: check
+	NOT-FOR-US: DataEase
 CVE-2025-57772 (DataEase is an open source business intelligence and data visualizatio ...)
-	TODO: check
+	NOT-FOR-US: DataEase
 CVE-2025-57760 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
 	TODO: check
 CVE-2025-56216 (phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-56215 (phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-56214 (phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-56212 (phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-55575 (SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers ...)
 	TODO: check
 CVE-2025-55574 (Cross Site Scripting vulnerability in docmost v.0.21.0 and before allo ...)
@@ -97,7 +97,7 @@ CVE-2025-52456 (A memory corruption vulnerability exists in the WebP Image Decod
 CVE-2025-52130 (File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controll ...)
 	TODO: check
 CVE-2025-51281 (D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en` ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-50900 (An issue was discovered in getrebuild/rebuild 4.0.4. The affected sour ...)
 	TODO: check
 CVE-2025-50722 (Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remot ...)
@@ -107,7 +107,7 @@ CVE-2025-50383 (alextselegidis Easy!Appointments v1.5.1 was discovered to contai
 CVE-2025-50129 (A memory corruption vulnerability exists in the PCX Image Decoding fun ...)
 	TODO: check
 CVE-2025-48303 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46407 (A memory corruption vulnerability exists in the BMPv3 Palette Decoding ...)
 	TODO: check
 CVE-2025-45968 (An issue in System PDV v1.0 allows a remote attacker to obtain sensiti ...)
@@ -119,9 +119,9 @@ CVE-2025-44178 (DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper a
 CVE-2025-43960 (Adminer 4.8.1, when using Monolog for logging, allows a Denial of Serv ...)
 	TODO: check
 CVE-2025-3478 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified  ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-3456 (On affected platforms running Arista EOS, the global common encryption ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2025-35984 (A memory corruption vulnerability exists in the PCX Image Decoding fun ...)
 	TODO: check
 CVE-2025-32468 (A memory corruption vulnerability exists in the BMPv3 Image Decoding f ...)
@@ -131,23 +131,23 @@ CVE-2025-29525 (DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version
 CVE-2025-29524 (Incorrect access control in the component /cgi-bin/system_diagnostic_m ...)
 	TODO: check
 CVE-2025-29523 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discover ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29522 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discover ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29521 (Insecure default credentials for the Adminsitrator account of D-Link D ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29520 (Incorrect access control in the Maintenance module of D-Link DSL-7740C ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29519 (A command injection vulnerability in the EXE parameter of D-Link DSL-7 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29517 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discover ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29516 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discover ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29515 (Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29514 (Incorrect access control in the config.xgi function of D-Link DSL-7740 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-29421 (PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the ge ...)
 	TODO: check
 CVE-2025-29420 (PerfreeBlog v4.0.11 has a directory traversal vulnerability in the get ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/009eb43b69dcc92a7c8b4b497668907c4791b350

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/009eb43b69dcc92a7c8b4b497668907c4791b350
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250825/c0865c45/attachment.htm>

More information about the debian-security-tracker-commits mailing list