[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 10 21:14:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef62227a by security tracker role at 2025-07-10T20:14:09+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,19 +3,19 @@ CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flag
 CVE-2025-7424 (A flaw was found in the libxslt library. The same memory field, psvi,  ...)
 	TODO: check
 CVE-2025-7413 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7412 (A vulnerability was found in code-projects Library System 1.0. It has  ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7411 (A vulnerability was found in code-projects LifeStyle Store 1.0. It has ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7410 (A vulnerability was found in code-projects LifeStyle Store 1.0. It has ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-7409 (A vulnerability was found in code-projects Mobile Shop 1.0 and classif ...)
 	TODO: check
 CVE-2025-7408 (A vulnerability has been found in SourceCodester Zoo Management System ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-7407 (A vulnerability, which was classified as critical, was found in Netgea ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-7021 (Fullscreen API Spoofing and UI Redressing in the handling of Fullscree ...)
 	TODO: check
 CVE-2025-6948 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
@@ -25,13 +25,13 @@ CVE-2025-6211 (A vulnerability in the DocugamiReader class of the run-llama/llam
 CVE-2025-6168 (An issue has been discovered in GitLab EE affecting all versions from  ...)
 	TODO: check
 CVE-2025-5040 (A maliciously crafted RTE file, when parsed through Autodesk Revit, ca ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-5037 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-5023 (Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Cor ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2025-5022 (Weak Password Requirements vulnerability in Mitsubishi Electric Corpor ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2025-53709 (Secure-upload is a data submission service that validates single-use t ...)
 	TODO: check
 CVE-2025-53634 (Chall-Manager is a platform-agnostic system able to start Challenges o ...)
@@ -57,9 +57,9 @@ CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command injection
 CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...)
 	TODO: check
 CVE-2025-53503 (Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vu ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-53378 (A missing authentication vulnerability in Trend Micro Worry-Free Busin ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-53371 (DiscordNotifications is an extension for MediaWiki that sends notifica ...)
 	TODO: check
 CVE-2025-53364 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -67,9 +67,9 @@ CVE-2025-53364 (Parse Server is an open source backend that can be deployed to a
 CVE-2025-53020 (Late Release of Memory after Effective Lifetime vulnerability in Apach ...)
 	TODO: check
 CVE-2025-52837 (Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below i ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-52520 (For some unlikely configurations of multipart upload, an Integer Overf ...)
 	TODO: check
 CVE-2025-52473 (liboqs is a C-language cryptographic library that provides implementat ...)
@@ -83,11 +83,11 @@ CVE-2025-49812 (In some mod_ssl configurations on Apache HTTP Server versions th
 CVE-2025-49630 (In certain proxy configurations, a denial of service attack againstApa ...)
 	TODO: check
 CVE-2025-49464 (Classic buffer overflow in certain Zoom Clients for Windows may allow  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-49463 (Insufficient control flow management in certain Zoom Clients for iOS b ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-49462 (Cross-site scripting in certain Zoom Clients  before version 6.4.5 may ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-47813 (loginok.html in Wing FTP Server before 7.4.4 discloses the full local  ...)
 	TODO: check
 CVE-2025-47812 (In Wing FTP Server before 7.4.4. the user and admin web interfaces mis ...)
@@ -95,9 +95,9 @@ CVE-2025-47812 (In Wing FTP Server before 7.4.4. the user and admin web interfac
 CVE-2025-47811 (In Wing FTP Server through 7.4.4, the administrative web interface (li ...)
 	TODO: check
 CVE-2025-46789 (Classic buffer overflow in certain Zoom Clients for Windows may allow  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-46788 (Improper certificate validation in Zoom Workplace for Linux before ver ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-45662 (A cross-site scripting (XSS) vulnerability in the component /master/lo ...)
 	TODO: check
 CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext duri ...)
@@ -105,7 +105,7 @@ CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartex
 CVE-2025-3396 (An issue has been discovered in GitLab EE affecting all versions from  ...)
 	TODO: check
 CVE-2025-36090 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-34102 (A remote code execution vulnerability exists in CryptoLog (PHP version ...)
 	TODO: check
 CVE-2025-34101 (An unauthenticated command injection vulnerability exists in Serviio M ...)
@@ -125,7 +125,7 @@ CVE-2025-34095 (An OS command injection vulnerability exists in Mako Server vers
 CVE-2025-34093 (An authenticated command injection vulnerability exists in the Polycom ...)
 	TODO: check
 CVE-2025-2520 (The Honeywell Experion PKS contains an Uninitialized Variable in the c ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2025-28245 (Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.46 ...)
 	TODO: check
 CVE-2025-28244 (Insecure Permissions vulnerability in the Local Storage in Alteryx Ser ...)
@@ -137,7 +137,7 @@ CVE-2025-27889 (Wing FTP Server before 7.4.4 does not properly validate and sani
 CVE-2025-23048 (In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to ...)
 	TODO: check
 CVE-2024-7650 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-47252 (Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP  ...)
 	TODO: check
 CVE-2024-43394 (Server-Side Request Forgery (SSRF)in Apache HTTP Server on Windows all ...)
@@ -147,11 +147,11 @@ CVE-2024-43204 (SSRF in Apache HTTP Server with mod_proxy loaded allows an attac
 CVE-2024-42516 (HTTP response splitting in the core of Apache HTTP Server allows an at ...)
 	TODO: check
 CVE-2024-39752 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-38327 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to info ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-37524 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-36697 (A cross-site scripting (XSS) vulnerability in the Admin Login page of  ...)
 	TODO: check
 CVE-2025-38348 (In the Linux kernel, the following vulnerability has been resolved:  w ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef62227a4b16c9d6c41570dde4c55aceb2750981

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef62227a4b16c9d6c41570dde4c55aceb2750981
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250710/a5c05f58/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list