[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 17 08:13:56 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89d93784 by security tracker role at 2025-12-17T08:13:47+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-64700 (Cross-site request forgery vulnerability exists in GROWI v7.3.3
 CVE-2025-64520 (GLPI is a free asset and IT management software package. Starting in v ...)
 	TODO: check
 CVE-2025-59374 ("UNSUPPORTED WHEN ASSIGNED"Certain versions of the ASUS Live Update cl ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2025-53619 (An out-of-bounds read vulnerability exists in the JPEGBITSCodec::Inter ...)
 	TODO: check
 CVE-2025-53618 (An out-of-bounds read vulnerability exists in the JPEGBITSCodec::Inter ...)
@@ -19,7 +19,7 @@ CVE-2025-48429 (An out-of-bounds read vulnerability exists in the RLECodec::Deco
 CVE-2025-34288 (Nagios XI versions prior to 2026R1.1 arevulnerable to local privilege  ...)
 	TODO: check
 CVE-2025-14817 (The component com.transsion.tranfacmode.entrance.main.MainActivity in  ...)
-	TODO: check
+	NOT-FOR-US: TECNO Mobile
 CVE-2025-14801 (A security vulnerability has been detected in xiweicheng TMS up to 2.2 ...)
 	TODO: check
 CVE-2025-14701 (An input neutralization vulnerability in the Server MOTD component of  ...)
@@ -29,9 +29,9 @@ CVE-2025-14700 (An input neutralization vulnerability in the Webhook Template co
 CVE-2025-14466 (A vulnerability in the web interface of the G\xfcralp Fortimus Series, ...)
 	TODO: check
 CVE-2025-14399 (The Download Plugins and Themes in ZIP from Dashboard plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14385 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14305 (ListCheck.exe developed by Acer has a Local Privilege Escalation vulne ...)
 	TODO: check
 CVE-2025-14304 (Certain motherboard models developed by ASRock and its subsidiaries, A ...)
@@ -41,29 +41,29 @@ CVE-2025-14303 (Certain motherboard models developed by MSI has a Protection Mec
 CVE-2025-14302 (Certain motherboard models developed by GIGABYTE has a Protection Mech ...)
 	TODO: check
 CVE-2025-14154 (The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14061 (The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13977 (The Essential Addons for Elementor \u2013 Popular Elementor Templates  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13880 (The WP Social Ninja \u2013 Embed Social Feeds, Customer Reviews, Chat  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13861 (The HTML Forms \u2013 Simple WordPress Forms Plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13750 (The Converter for Media \u2013 Optimize images | Convert WebP & AVIF p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12496 (The Zephyr Project Manager plugin for WordPress is vulnerable to Direc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11924 (The Ninja Forms \u2013 The Contact Form Builder That Grows With You pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11901 (An uncontrolled resource consumption vulnerability affects certain ASU ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2025-11775 (An out-of-bounds read vulnerability has been identified in the asComSv ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2025-11369 (The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Block ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11009 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2025-0852
 	REJECTED
 CVE-2025-XXXX [backups: Set proper permissions for backups-data directory]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d93784cc93e086cfc8b03f98fdc74551c5b072

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d93784cc93e086cfc8b03f98fdc74551c5b072
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/4277d5b5/attachment.htm>

More information about the debian-security-tracker-commits mailing list