[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 18 20:13:58 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eca0f422 by security tracker role at 2025-12-18T20:13:49+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9787 (Zohocorp ManageEngine Applications Manager versions 177400 and below a ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-7358 (Use of Hard-coded Credentials vulnerability in Utarit Informatics Serv ...)
 	TODO: check
 CVE-2025-7047 (Missing Authorization vulnerability in Utarit Informatics Services Inc ...)
@@ -11,7 +11,7 @@ CVE-2025-68278 (Tina is a headless content management system. In tinacms prior t
 CVE-2025-67745 (MyHoard is a daemon for creating, managing and restoring MySQL backups ...)
 	TODO: check
 CVE-2025-66058 (Missing Authorization vulnerability in PickPlugins Post Grid and Guten ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-65568 (A denial-of-service vulnerability exists in the omec-project UPF (pfcp ...)
 	TODO: check
 CVE-2025-65567 (A denial-of-service vulnerability exists in the omec-project UPF (pfcp ...)
@@ -49,33 +49,33 @@ CVE-2025-64724 (Arduino IDE is an integrated development environment. Prior to v
 CVE-2025-64723 (Arduino IDE is an integrated development environment. Prior to version ...)
 	TODO: check
 CVE-2025-64469 (There is a stack-based buffer overflow vulnerability in NI LabVIEW in  ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64468 (There is a use-after-free vulnerability in sentry!sentry_span_set_data ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64467 (There is an out of bounds read vulnerability in NI LabVIEW in LVResFil ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64466 (There is an out of bounds read vulnerability in NI LabVIEW in lvre!Exe ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64465 (There is an out of bounds read vulnerability in NI LabVIEW in lvre!Dat ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64464 (There is an out of bounds read vulnerability in NI LabVIEW in lvre!Vis ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64463 (There is an out of bounds read vulnerability in NI LabVIEW in LVResour ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64462 (There is an out of bounds read vulnerability in NI LabVIEW in LVResFil ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64461 (There is an out of bounds write vulnerability in NI LabVIEW in mgocre_ ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-64400 (Control Panel provides an API for pre-registering  into an enrollment  ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2025-64355 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64282 (Authorization Bypass Through User-Controlled Key vulnerability in Radi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64236 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64235 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template function i ...)
 	TODO: check
 CVE-2025-63391 (An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 i ...)
@@ -91,15 +91,15 @@ CVE-2025-63387 (Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenti
 CVE-2025-63386 (A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability  ...)
 	TODO: check
 CVE-2025-63043 (Authorization Bypass Through User-Controlled Key vulnerability in Pick ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63002 (Missing Authorization vulnerability in wpforchurch Sermon Manager allo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-62998 (Insertion of Sensitive Information Into Sent Data vulnerability in WP  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-62961 (Missing Authorization vulnerability in Sparkle WP Sparkle FSE allows E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-62960 (Missing Authorization vulnerability in Sparkle WP Construction Light a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-59949 (FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1. ...)
 	TODO: check
 CVE-2025-56157 (Default credentials in Dify thru 1.5.1. PostgreSQL username and passwo ...)
@@ -113,7 +113,7 @@ CVE-2025-40892 (A Stored Cross-Site Scripting vulnerability was discovered in th
 CVE-2025-40891 (A Stored HTML Injection vulnerability was discovered in the Time Machi ...)
 	TODO: check
 CVE-2025-40602 (A local privilege escalation vulnerability due to insufficient authori ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2025-1031 (Authorization Bypass Through User-Controlled Key vulnerability in Utar ...)
 	TODO: check
 CVE-2025-1030 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
@@ -123,17 +123,17 @@ CVE-2025-1029 (Use of Hard-coded Credentials vulnerability in Utarit Information
 CVE-2025-14896 (due to insufficient sanitazation in Vega\u2019s `convert()` function w ...)
 	TODO: check
 CVE-2025-14889 (A security flaw has been discovered in Campcodes Advanced Voting Manag ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-14885 (A flaw has been found in SourceCodester Client Database Management Sys ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-14884 (A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by t ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-14879 (A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-14878 (A security flaw has been discovered in Tenda WH450 1.0.0.18. This impa ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-14877 (A vulnerability was identified in Campcodes Supplier Management System ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-14874 (A flaw was found in Nodemailer. This vulnerability allows a denial of  ...)
 	TODO: check
 CVE-2025-14861 (Memory safety bugs present in Firefox 146. Some of these bugs showed e ...)
@@ -145,25 +145,25 @@ CVE-2025-14823 (In deployments using the ScreenConnect\u2122 Certificate Signing
 CVE-2025-14744 (Unicode RTLO characters could allow malicious websites to spoof filena ...)
 	TODO: check
 CVE-2025-14739 (Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-14738 (Improper authentication vulnerability in TP-Link WA850RE (httpd module ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-14737 (Command Injection vulnerability in TP-Link WA850RE (httpd modules) all ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-14618 (The Sweet Energy Efficiency plugin for WordPress is vulnerable to unau ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14437 (The Hummingbird Performance plugin for WordPress is vulnerable to Sens ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14364 (The Demo Importer Plus plugin for WordPress is vulnerable to unauthori ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14277 (The Prime Slider \u2013 Addons for Elementor plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13730 (The OpenID Connect Generic Client plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13641 (The Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13110 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10910 (A flaw in the binding process of Govee\u2019s cloud platform and devic ...)
 	TODO: check
 CVE-2024-58323 (A stored cross-site scripting vulnerability in Kentico Xperience allow ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca0f4227ea732f390a5dc0f85001a7002143fee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca0f4227ea732f390a5dc0f85001a7002143fee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/2ee82d2c/attachment.htm>

More information about the debian-security-tracker-commits mailing list