[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 3 21:13:50 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cce065d7 by security tracker role at 2025-07-03T20:13:43+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2025-6587 (System environment variables are recorded in Docker Desktop diagnostic ...)
 	TODO: check
 CVE-2025-6563 (A cross-site scripting vulnerability is present in the hotspot of Mikr ...)
-	TODO: check
+	NOT-FOR-US: MikroTik
 CVE-2025-6074 (Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB  ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-6073 (Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100  ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-6072 (Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100  ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-6071 (Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB  ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-5961 (The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-53502 (Improper Input Validation vulnerability in Wikimedia Foundation Mediaw ...)
 	TODO: check
 CVE-2025-53501 (Improper Access Control vulnerability in Wikimedia Foundation Mediawik ...)
@@ -29,13 +29,13 @@ CVE-2025-53369 (Short Description is a MediaWiki extension that provides local s
 CVE-2025-53368 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
 	TODO: check
 CVE-2025-50263 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the f ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-50262 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the f ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-50260 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the f ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-50258 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the S ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-49846 (wire-ios is an iOS client for the Wire secure messaging application. F ...)
 	TODO: check
 CVE-2025-49618 (In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php c ...)
@@ -43,7 +43,7 @@ CVE-2025-49618 (In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up
 CVE-2025-49595 (n8n is a workflow automation platform. Prior to version 1.99.0, there  ...)
 	TODO: check
 CVE-2025-49032 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48939 (tarteaucitron.js is a compliant and accessible cookie banner. Prior to ...)
 	TODO: check
 CVE-2025-45938 (Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross S ...)
@@ -57,7 +57,7 @@ CVE-2025-40723 (Stored Cross-Site Scripting (XSS) vulnerability in versions prio
 CVE-2025-40722 (Stored Cross-Site Scripting (XSS) vulnerability in versions prior to F ...)
 	TODO: check
 CVE-2025-3702 (Missing Authorization vulnerability in Melapress Melapress File Monito ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-34089 (An unauthenticated remote code execution vulnerability exists in Remot ...)
 	TODO: check
 CVE-2025-34088 (An authenticated remote code execution vulnerability exists in Pandora ...)
@@ -71,55 +71,55 @@ CVE-2025-34082 (A command injection vulnerability exists in IGEL OS versions pri
 CVE-2025-34061 (A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticat ...)
 	TODO: check
 CVE-2025-2932 (The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file dele ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2540 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2537 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27461 (During startup, the device automatically logs in the EPC2 Windows user ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27460 (The hard drives of the device are not encrypted using a full volume en ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27459 (The VNC application stores its passwords encrypted within the registry ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27458 (The VNC authentication mechanism bases on a challenge-response system  ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27457 (All communication between the VNC server and client(s) is unencrypted. ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27456 (The SMB server's login mechanism does not implement sufficient measure ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27455 (The web application is vulnerable to clickjacking attacks. The site ca ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27454 (The application is vulnerable to cross-site request forgery. An attack ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27453 (The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27452 (The configuration of the Apache httpd webserver which serves the MEAC3 ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27451 (For failed login attempts, the application returns different error mes ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27450 (The Secure attribute is missing on multiple cookies provided by the ME ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27449 (The MEAC300-FNADE4 does not implement sufficient measures to prevent m ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27448 (The web application is susceptible to cross-site-scripting attacks. An ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-27447 (The web application is susceptible to cross-site-scripting attacks. An ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-23968 (Unrestricted Upload of File with Dangerous Type vulnerability in WPCen ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-1711 (Multiple services of the DUT as well as different scopes of the same s ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-1710 (The maxView Storage Manager does not implement sufficient measures to  ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-1709 (Several credentials for the local PostgreSQL database are stored in pl ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-1708 (The application is vulnerable to SQL injection attacks. An attacker is ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-0885 (Incorrect Authorization vulnerability in OpenText\u2122 GroupWise allo ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-5647 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-38173 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.12.35-1
 	NOTE: https://git.kernel.org/linus/8a4e047c6cc07676f637608a9dd675349b5de0a7 (6.16-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce065d701750adb365d0f5a91257acc9c6c9c6b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce065d701750adb365d0f5a91257acc9c6c9c6b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250703/9abbdb06/attachment.htm>

More information about the debian-security-tracker-commits mailing list