[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 12 20:15:01 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9cebb50f by security tracker role at 2025-12-12T20:14:52+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,19 +23,19 @@ CVE-2025-65530 (An eval injection in the malware de-obfuscation routines of Clou
 CVE-2025-64011 (Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Ref ...)
 	TODO: check
 CVE-2025-58770 (APTIOV contains a vulnerability in BIOS where a user may cause \u201cI ...)
-	TODO: check
+	NOT-FOR-US: AMI
 CVE-2025-58137 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-58130 (Insufficiently Protected Credentials vulnerability in Apache Fineract. ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-54981 (Weak Encryption Algorithm in StreamPark,The use of an AES cipher in EC ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-54947 (In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-53960 (When encrypting sensitive data, weak encryption keys that are fixed or ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-40829 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2025-36755 (The CleverDisplay BlueOne hardware player is designed with its USB int ...)
 	TODO: check
 CVE-2025-36746 (SolarEdge monitoring platform contains a Cross\u2011Site Scripting (XS ...)
@@ -49,15 +49,15 @@ CVE-2025-36743 (SolarEdge SE3680H has an exposed debug/test interface accessible
 CVE-2025-26866 (A remote code execution vulnerability exists where a malicious Raft no ...)
 	TODO: check
 CVE-2025-23408 (Weak Password Requirements vulnerability in Apache Fineract.  This iss ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-14578 (A weakness has been identified in itsourcecode Student Management Syst ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-14572 (A vulnerability was found in UTT \u8fdb\u53d6 512W up to 1.7.7-171114. ...)
 	TODO: check
 CVE-2025-14571 (A vulnerability has been found in projectworlds Advanced Library Manag ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-14570 (A flaw has been found in projectworlds Advanced Library Management Sys ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-14569 (A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affe ...)
 	TODO: check
 CVE-2025-14568 (A security vulnerability has been detected in haxxorsid Stock-Manageme ...)
@@ -69,39 +69,39 @@ CVE-2025-14566 (A security flaw has been discovered in kidaze CourseSelectionSys
 CVE-2025-14565 (A vulnerability was identified in kidaze CourseSelectionSystem up to 4 ...)
 	TODO: check
 CVE-2025-14442 (The Secure Copy Content Protection and Content Locking plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14174 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to  ...)
 	TODO: check
 CVE-2025-14159 (The Secure Copy Content Protection and Content Locking plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14074 (The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14065 (The Simple Bike Rental plugin for WordPress is vulnerable to unauthori ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14030 (The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13993 (The MailerLite \u2013 Signup forms (official) plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13733 (BuhoNTFS contains an insecure XPC service that allows local, unprivile ...)
 	TODO: check
 CVE-2025-13506 (Execution with Unnecessary Privileges vulnerability in Nebim Neyir Com ...)
 	TODO: check
 CVE-2025-12965 (The Magical Posts Display plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12960 (The Simple CSV Table plugin for WordPress is vulnerable to Directory T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12843 (Code Injection using Electron Fuses in waveterm on MacOS allows TCC By ...)
 	TODO: check
 CVE-2025-12841 (The Bookit WordPress plugin before 2.5.1 has a publicly accessible RES ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12835 (The WooMulti WordPress plugin through 17 does not validate a file para ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12408 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12407 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12348 (The Icegram Express - Email Subscribers, Newsletters and Marketing Aut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-58314 (Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticate ...)
 	TODO: check
 CVE-2024-58311 (Dormakaba Saflok System 6000 contains a predictable key generation alg ...)
@@ -109,7 +109,7 @@ CVE-2024-58311 (Dormakaba Saflok System 6000 contains a predictable key generati
 CVE-2024-58305 (WonderCMS 4.3.2 contains a cross-site scripting vulnerability that all ...)
 	TODO: check
 CVE-2024-58299 (PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the ' ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2024-14010 (Typora 1.7.4 contains a command injection vulnerability in the PDF exp ...)
 	TODO: check
 CVE-2025-40345 (In the Linux kernel, the following vulnerability has been resolved:  u ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cebb50f61606ad1e4b9f0a795a4122b684a6b0c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cebb50f61606ad1e4b9f0a795a4122b684a6b0c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251212/005f6023/attachment.htm>

More information about the debian-security-tracker-commits mailing list