[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 11 08:15:34 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22817c1c by security tracker role at 2025-12-11T08:14:52+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9436 (The Widgets for Google Reviews plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8405 (GitLab has remediated a security issue in GitLab CE/EE affecting all v ...)
 	TODO: check
 CVE-2025-67738 (squid/cachemgr.cgi in Webmin before 2.600 does not properly quote argu ...)
@@ -13,7 +13,7 @@ CVE-2025-67718 (Form.io is a combined Form and API platform for Serverless appli
 CVE-2025-67717 (ZITADEL is an open-source identity infrastructure tool. Versions 2.44. ...)
 	TODO: check
 CVE-2025-67716 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-67713 (Miniflux 2 is an open source feed reader. Versions 2.2.14 and below tr ...)
 	TODO: check
 CVE-2025-67694
@@ -55,19 +55,19 @@ CVE-2025-67509 (Neuron is a PHP framework for creating and orchestrating AI Agen
 CVE-2025-67505 (Okta Java Management SDK facilitates interactions with the Okta manage ...)
 	TODO: check
 CVE-2025-67490 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-67461 (External control of file name or path in Zoom Rooms for macOS before v ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-67460 (Protection Mechanism Failure of Software Downgrade in Zoom Rooms for W ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-66628 (ImageMagick is a software suite to create, edit, compose, or convert b ...)
 	TODO: check
 CVE-2025-66474 (XWiki Rendering is a generic rendering system that converts textual in ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-66473 (XWiki is an open-source wiki software platform. Versions 16.10.10 and  ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-66472 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-66033 (Okta Java Management SDK facilitates interactions with the Okta manage ...)
 	TODO: check
 CVE-2025-65950 (WBCE CMS is a content management system. In versions 1.6.4 and below,  ...)
@@ -133,7 +133,7 @@ CVE-2025-13978 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
 CVE-2025-13923
 	REJECTED
 CVE-2025-13764 (The WP CarDealer plugin for WordPress is vulnerable to Privilege Escal ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12734 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
 	TODO: check
 CVE-2025-12731
@@ -147,11 +147,11 @@ CVE-2025-12029 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
 CVE-2025-11984 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
 	TODO: check
 CVE-2025-11467 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11247 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
 	TODO: check
 CVE-2025-10163 (The List category posts plugin for WordPress is vulnerable to time-bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-58285 (Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that  ...)
 	TODO: check
 CVE-2024-58284 (PopojiCMS 2.0.1 contains an authenticated remote command execution vul ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22817c1c476cb59cf42d82c6054bc094f01d7af0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22817c1c476cb59cf42d82c6054bc094f01d7af0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251211/e0ec555d/attachment.htm>

More information about the debian-security-tracker-commits mailing list