[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 2 21:13:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38cfbc00 by security tracker role at 2025-07-02T20:12:59+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-6943 (Secret Server version 11.7 and earlier is vulnerable to a SQL rep
 CVE-2025-6942 (The distributed engine versions 8.4.39.0 and earlier of Secret Server  ...)
 	TODO: check
 CVE-2025-6725 (In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2025-53494 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-53493 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -23,7 +23,7 @@ CVE-2025-53108 (HomeBox is a home inventory and organization system. Prior to 0.
 CVE-2025-53106 (Graylog is a free and open log management platform. In versions 6.2.0  ...)
 	TODO: check
 CVE-2025-53006 (DataEase is an open source business intelligence and data visualizatio ...)
-	TODO: check
+	NOT-FOR-US: DataEase
 CVE-2025-52891 (ModSecurity is an open source, cross platform web application firewall ...)
 	TODO: check
 CVE-2025-52886 (Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std ...)
@@ -35,9 +35,9 @@ CVE-2025-52841 (Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Li
 CVE-2025-52559 (Zulip is an open-source team chat application. From versions 2.0.0-rc1 ...)
 	TODO: check
 CVE-2025-4946 (The Vikinger theme for WordPress is vulnerable to arbitrary file delet ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49713 (Access of resource using incompatible type ('type confusion') in Micro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-49588 (Linkwarden is a self-hosted, open-source collaborative bookmark manage ...)
 	TODO: check
 CVE-2025-45814 (Missing authentication checks in the query.fcgi endpoint of NS3000 v8. ...)
@@ -49,9 +49,9 @@ CVE-2025-45424 (Incorrect access control in Xinference before v1.4.0 allows atta
 CVE-2025-45029 (WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via ...)
 	TODO: check
 CVE-2025-43025 (HP Universal Print Driver is potentially vulnerable to denial of servi ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2025-39362 (Missing Authorization vulnerability in Mollie Mollie Payments for WooC ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-34092 (A cookie encryption bypass vulnerability exists in Google Chrome\u2019 ...)
 	TODO: check
 CVE-2025-34091 (A padding oracle vulnerability exists in Google Chrome\u2019s AppBound ...)
@@ -83,7 +83,7 @@ CVE-2025-34067 (An unauthenticated remote command execution vulnerability exists
 CVE-2025-34057 (An information disclosure vulnerability exists in Ruijie NBR series ro ...)
 	TODO: check
 CVE-2025-2330 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27026 (A missing double-check feature in the WebGUI for CLI deactivation in I ...)
 	TODO: check
 CVE-2025-27025 (The target device exposes a service on a specific TCP port with a conf ...)
@@ -97,19 +97,19 @@ CVE-2025-27022 (A path traversal vulnerability of the WebGUI HTTP endpoint in In
 CVE-2025-27021 (The misconfiguration in the sudoers configuration of the operating sys ...)
 	TODO: check
 CVE-2025-24335 (Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 M ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2025-24334 (The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2025-24333 (Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contain ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2025-24332 (Nokia Single RAN AirScale baseband allows an authenticated administrat ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2025-24331 (The Single RAN baseband OAM service is intended to run as an unprivile ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2025-24330 (Sending a crafted SOAP "provision" operation message PlanId field with ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2025-24329 (Sending a crafted SOAP "provision" operation message archive field wit ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2025-20310 (A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) ...)
 	TODO: check
 CVE-2025-20309 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38cfbc0085ea1674ab8921c1a98568a9ac1cf2ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38cfbc0085ea1674ab8921c1a98568a9ac1cf2ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250702/e28b2230/attachment.htm>

More information about the debian-security-tracker-commits mailing list