[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 3 20:13:26 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d9bac3b by security tracker role at 2025-12-03T20:13:16+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,33 +79,33 @@ CVE-2025-50360 (A heap buffer overflow in compiler.c and compiler.h in Pepper la
 CVE-2025-39665 (User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.4 ...)
 	TODO: check
 CVE-2025-34319 (TOTOLINK N300RT wireless router firmware versions prior toV3.4.0-B2025 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-33211 (NVIDIA Triton Server for Linux contains a vulnerability where an attac ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33208 (NVIDIA TAO contains a vulnerability where an attacker may cause a reso ...)
 	TODO: check
 CVE-2025-33201 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-29864 (Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows ...)
 	TODO: check
 CVE-2025-20389 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20388 (In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20387 (In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20386 (In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20385 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20384 (In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20383 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20382 (In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20381 (In Splunk MCP Server app versions below 0.2.4, a user with access to t ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-13992 (Side-channel information leakage in Navigation and Loading in Google C ...)
 	TODO: check
 CVE-2025-13949 (A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impac ...)
@@ -115,27 +115,27 @@ CVE-2025-13948 (A vulnerability was determined in opsre go-ldap-admin up to 2025
 CVE-2025-13947 (A flaw was found in WebKitGTK. This vulnerability allows remote, user- ...)
 	TODO: check
 CVE-2025-13756 (The Fluent Booking plugin for WordPress is vulnerable to unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13751 (Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on  ...)
 	TODO: check
 CVE-2025-13492 (A potential security vulnerability has been identified in HP Image Ass ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2025-13472 (A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow user ...)
 	TODO: check
 CVE-2025-13401 (The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13390 (The WP Directory Kit plugin for WordPress is vulnerable to authenticat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13359 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13354 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13342 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13109 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12887 (The Post SMTP plugin for WordPress is vulnerable to authorization bypa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12819 (Untrusted search path in auth_query connection handler in PgBouncer be ...)
 	TODO: check
 CVE-2025-12744 (A flaw was found in the ABRT daemon\u2019s handling of user-supplied m ...)
@@ -143,7 +143,7 @@ CVE-2025-12744 (A flaw was found in the ABRT daemon\u2019s handling of user-supp
 CVE-2025-12385 (Allocation of Resources Without Limits or Throttling, Improper Validat ...)
 	TODO: check
 CVE-2025-12358 (The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12084 (When building nested elements using xml.dom.minidom methods such as ap ...)
 	TODO: check
 CVE-2024-3884 (A flaw was found in Undertow that can cause remote denial of service a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d9bac3bba715c8651968b20fdb4bf9654e23392

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d9bac3bba715c8651968b20fdb4bf9654e23392
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/187a6856/attachment.htm>

More information about the debian-security-tracker-commits mailing list