[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 25 09:13:29 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68276762 by security tracker role at 2025-07-25T08:13:22+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2025-8137 (A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-8136 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-8135 (A vulnerability, which was classified as critical, has been found in i ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-8134 (A vulnerability classified as critical was found in PHPGurukul BP Moni ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-8133 (A vulnerability classified as critical has been found in yanyutao0402  ...)
 	TODO: check
 CVE-2025-8132 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has  ...)
 	TODO: check
 CVE-2025-8131 (A vulnerability was found in Tenda AC20 16.03.08.05. It has been decla ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-8129 (A vulnerability, which was classified as problematic, was found in Koa ...)
 	TODO: check
 CVE-2025-8128 (A vulnerability, which was classified as critical, has been found in z ...)
@@ -31,13 +31,13 @@ CVE-2025-7742 (An authentication vulnerability exists in the LG Innotek camera m
 CVE-2025-7404 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
 	TODO: check
 CVE-2025-7022 (The My Reservation System WordPress plugin through 2.3 does not saniti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6260 (The embedded web server on the thermostat listed version ranges contai ...)
 	TODO: check
 CVE-2025-5835 (The Droip plugin for WordPress is vulnerable to unauthorized modificat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5831 (The Droip plugin for WordPress is vulnerable to arbitrary file uploads ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-54568 (Akamai Rate Control alpha before 2025 allows attackers to send request ...)
 	TODO: check
 CVE-2025-54558 (OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution ...)
@@ -49,33 +49,33 @@ CVE-2025-54369
 CVE-2025-53940 (Quiet is an alternative to team chat apps like Slack, Discord, and Ele ...)
 	TODO: check
 CVE-2025-3614 (The ElementsKit Elementor Addons and Templates plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-32429 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-31955 (HCL iAutomate is affected by a sensitive data exposure vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31953 (HCL iAutomate includes hardcoded credentials which may result in poten ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31952 (HCL iAutomate is affected by an insufficient session expiration.  This ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-22165 (This Medium severity ACE (Arbitrary Code Execution) vulnerability was  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2025-0253 (HCL IEM is affected by a cookie attribute not set vulnerability due to ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-0252 (HCL IEM is affected by a password in cleartext vulnerability. Sensitiv ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-0251 (HCL IEM is affected by a concurrent login vulnerability. The applicati ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-0250 (HCL IEM is affected by an authorization token sent in cookie vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-0249 (HCL IEM is affected by an improper invalidation of access or JWT token ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2019-25224 (The WP Database Backup plugin for WordPress is vulnerable to OS Comman ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2015-10144 (The Responsive Thumbnail Slider plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2015-10143 (The Platform theme for WordPress is vulnerable to unauthorized modific ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-54567 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bi ...)
 	- qemu <unfixed>
 	NOTE: https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68276762253c70f8ee24e9cc77fa1515218adc0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68276762253c70f8ee24e9cc77fa1515218adc0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250725/9c0446da/attachment.htm>

More information about the debian-security-tracker-commits mailing list