[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 15 20:14:20 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17b5bb3c by security tracker role at 2025-12-15T20:14:10+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-67809 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2025-66963 (An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obt ...)
 	TODO: check
 CVE-2025-66844 (In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be  ...)
@@ -45,9 +45,9 @@ CVE-2025-65176 (An issue was discovered in Dynatrace OneAgent before 1.325.47. W
 CVE-2025-60786 (A Zip Slip vulnerability in the import a Project component of iceScrum ...)
 	TODO: check
 CVE-2025-55901 (TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55893 (TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Inject ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55703 (An error-based SQL injection vulnerability exists in the Sunbird Power ...)
 	TODO: check
 CVE-2025-51962 (A HTML Injection vulnerability in the comment section of the project p ...)
@@ -57,7 +57,7 @@ CVE-2025-37732 (Improper neutralization of input during web page generation ('Cr
 CVE-2025-37731 (Improper Authentication in Elasticsearch PKI realm can lead to user im ...)
 	TODO: check
 CVE-2025-36360 (IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-34412 (The Convercent Whistleblowing Platform operated by EQS Group contains  ...)
 	TODO: check
 CVE-2025-34411 (The Convercent Whistleblowing Platform operated by EQS Group exposes a ...)
@@ -73,43 +73,43 @@ CVE-2025-14714 (An Authentication Bypass vulnerability existed where the applica
 CVE-2025-14711 (A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fa ...)
 	TODO: check
 CVE-2025-14503 (An overly-permissive IAM trust policy in the Harmonix on AWS framework ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2025-14387 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14383 (The Booking Calendar plugin for WordPress is vulnerable to time-based  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14156 (The Fox LMS \u2013 WordPress LMS Plugin plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14148 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authent ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-14038 (EDB Hybrid Manager contains a flaw that allows an unauthenticated atta ...)
 	TODO: check
 CVE-2025-14003 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13950 (The OneSignal \u2013 Web Push Notifications plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13888 (A flaw was found in OpenShift GitOps. Namespace admins can create Argo ...)
 	TODO: check
 CVE-2025-13824 (A security issue exists due to improper handling of malformed CIP pack ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-13823 (A security issue was found in the IPv6 stack in the Micro850 and Micro ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-13728 (The FluentAuth \u2013 The Ultimate Authorization & Security Plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13610 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13608 (The CC Child Pages plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13489 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 Deploy transmits data  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-13367 (The User Registration & Membership \u2013 Custom Registration Form Bui ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12900 (The FileBird \u2013 WordPress Media Library Folders & File Manager plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12035 (An integer overflow condition exists in Bluetooth Host stack, within t ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-11670 (Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-11393 (A flaw was found in runtimes-inventory-rhel8-operator. An internal pro ...)
 	TODO: check
 CVE-2024-44599 (FNT Command 13.4.0 is vulnerable to Directory Traversal.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b5bb3cbf6425161e226451eda1dba95dc12da5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b5bb3cbf6425161e226451eda1dba95dc12da5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251215/6f54a1c1/attachment.htm>

More information about the debian-security-tracker-commits mailing list