[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 2 08:13:56 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5c3bed1 by security tracker role at 2025-12-02T08:13:48+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65,133 +65,133 @@ CVE-2025-65622 (Snipe-IT before 8.3.4 allows stored XSS via the Locations "Count
 CVE-2025-65621 (Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged aut ...)
 	TODO: check
 CVE-2025-58488 (Improper verification of source of a communication channel in SmartTou ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58487 (Improper authorization in Samsung Account prior to version 15.5.01.1 a ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58486 (Improper input validation in Samsung Account prior to version 15.5.01. ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58485 (Improper input validation in Samsung Internet prior to version 29.0.0. ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58484 (Incorrect default permissions in Samsung Cloud Assistant prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58483 (Improper export of android application components in Galaxy Store for  ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58482 (Improper access control in MPLocalService of MotionPhoto prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58481 (Improper access control in MPRemoteService of MotionPhoto prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58480 (Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec- ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58479 (Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Rel ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58478 (Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58477 (Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58476 (Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 R ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58475 (Improper input validation in libsec-ril.so prior to SMR Dec-2025 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-58044 (JumpServer is an open source bastion host and an operation and mainten ...)
 	TODO: check
 CVE-2025-55749 (XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.1 ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-55129 (HackerOne community member Kassem S.(kassem_s94) has reported that use ...)
 	TODO: check
 CVE-2025-21080 (Improper export of android application components in Dynamic Lockscree ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-21072 (Out-of-bounds write in decoding metadata in fingerprint trustlet prior ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20792 (In Modem, there is a possible system crash due to improper input valid ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20791 (In Modem, there is a possible system crash due to incorrect error hand ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20790 (In Modem, there is a possible system crash due to improper input valid ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20789 (In GPU pdma, there is a possible information disclosure due to a missi ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20788 (In GPU pdma, there is a possible memory corruption due to a missing pe ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20777 (In display, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20776 (In display, there is a possible out of bounds read due to a missing bo ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20775 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20774 (In display, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20773 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20772 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20771 (In display, there is a possible escalation of privilege due to imprope ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20770 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20769 (In display, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20768 (In display, there is a possible out of bounds read due to a missing bo ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20767 (In display, there is a possible out of bounds write due to an integer  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20766 (In display, there is a possible memory corruption due to improper inpu ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20765 (In aee daemon, there is a possible system crash due to a race conditio ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20764 (In smi, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20763 (In mmdvfs, there is a possible out of bounds write due to a missing bo ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20759 (In Modem, there is a possible out of bounds read due to a missing boun ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20758 (In Modem, there is a possible system crash due to an uncaught exceptio ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20757 (In Modem, there is a possible system crash due to improper input valid ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20756 (In Modem, there is a possible system crash due to a logic error. This  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20755 (In Modem, there is a possible application crash due to improper input  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20754 (In Modem, there is a possible system crash due to an incorrect bounds  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20753 (In Modem, there is a possible system crash due to an uncaught exceptio ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20752 (In Modem, there is a possible system crash due to a missing bounds che ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20751 (In Modem, there is a possible system crash due to a missing bounds che ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20750 (In Modem, there is a possible system crash due to improper input valid ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-13697 (The BlockArt Blocks \u2013 Gutenberg Blocks, Page Builder Blocks ,Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13696 (The Zigaform plugin for WordPress is vulnerable to Sensitive Informati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13685 (The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13606 (The Export All Posts, Products, Orders, Refunds & Users plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13387 (The Kadence WooCommerce Email Designer plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13140 (The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13007 (The WP Social Ninja \u2013 Embed Social Feeds, Customer Reviews, Chat  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13001 (The donation WordPress plugin through 1.0 does not sanitize and escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13000 (The db-access WordPress plugin through 0.8.7 does not have authorizati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12529 (The Cost Calculator Builder plugin for WordPress is vulnerable to arbi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12483 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11726 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10971 (Insecure Storage of Sensitive Information vulnerability in MeetMe on i ...)
 	TODO: check
 CVE-2024-51999 (Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22. ...)
 	TODO: check
 CVE-2024-45675 (IBM Informix Dynamic Server 14.10 could allow a local user on the syst ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-8351 (Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast  ...)
 	NOT-FOR-US: Avast Antivirus on MacOS
 CVE-2025-8045 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5c3bed1c1b14433e02f84ef26a488861586449e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5c3bed1c1b14433e02f84ef26a488861586449e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/a3071679/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list