[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 28 21:13:50 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
588adc5a by security tracker role at 2025-07-28T20:13:44+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-8279 (Insufficient input validation within GitLab Language Server 7.6.0
 CVE-2025-8275 (A vulnerability, which was classified as problematic, has been found i ...)
 	TODO: check
 CVE-2025-8274 (A vulnerability classified as critical was found in Campcodes Online R ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-8273 (A vulnerability classified as critical has been found in code-projects ...)
 	TODO: check
 CVE-2025-8272 (A vulnerability was found in code-projects Exam Form Submission 1.0. I ...)
@@ -27,35 +27,35 @@ CVE-2025-7676 (DLL hijacking of all PE32 executables when run on Windows for ARM
 CVE-2025-6918 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-6250 (Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust
 CVE-2025-5997 (Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro all ...)
 	TODO: check
 CVE-2025-54569 (In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the ...)
 	TODO: check
 CVE-2025-54538 (In JetBrains TeamCity before 2025.07 password exposure was possible vi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54537 (In JetBrains TeamCity before 2025.07 user credentials were stored in p ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54536 (In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL en ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54535 (In JetBrains TeamCity before 2025.07 password reset and email verifica ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54534 (In JetBrains TeamCity before 2025.07 reflected XSS was possible on the ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54533 (In JetBrains TeamCity before 2025.07 improper access control allowed d ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54532 (In JetBrains TeamCity before 2025.07 improper access control allowed d ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54531 (In JetBrains TeamCity before 2025.07 path traversal was possible via p ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54530 (In JetBrains TeamCity before 2025.07 privilege escalation was possible ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54529 (In JetBrains TeamCity before 2025.07 a CSRF was possible in external O ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54528 (In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54527 (In JetBrains YouTrack before 2025.2.86935,  2025.2.87167,  2025.3.8734 ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-54423 (copyparty is a portable file server. In versions up to and including v ...)
 	TODO: check
 CVE-2025-54419 (A SAML library not dependent on any frameworks that runs in Node. In v ...)
@@ -63,35 +63,35 @@ CVE-2025-54419 (A SAML library not dependent on any frameworks that runs in Node
 CVE-2025-54418 (CodeIgniter is a PHP full-stack web framework. A command injection vul ...)
 	TODO: check
 CVE-2025-54299 (A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0 ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-54298 (A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joo ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-53696 (iSTAR Ultra performs a firmware verification on boot, however the veri ...)
 	TODO: check
 CVE-2025-53695 (OS Command Injection in iSTAR Ultra products web application allows an ...)
 	TODO: check
 CVE-2025-50494 (Improper session invalidation in the component /doctor/change-password ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50493 (Improper session invalidation in the component /doctor/change-password ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50492 (Improper session invalidation in the component /edms/change-password.p ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50491 (Improper session invalidation in the component /banker/change-password ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50490 (Improper session invalidation in the component /elms/emp-changepasswor ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50489 (Improper session invalidation in the component /srms/change-password.p ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50488 (Improper session invalidation in the component /library/change-passwor ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50487 (Improper session invalidation in the component /bbdms/change-password. ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50486 (Improper session invalidation in the component /carrental/update-passw ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50485 (Improper session invalidation in the component /crm/change-password.ph ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50484 (Improper session invalidation in the component /crm/change-password.ph ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-43023 (A potential security vulnerability has been identified in the HP Linux ...)
 	TODO: check
 CVE-2025-40730 (HTML injection in Vox Media's Chorus CMS. This vulnerability allows an ...)
@@ -107,7 +107,7 @@ CVE-2025-30125 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 device
 CVE-2025-30124 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Whe ...)
 	TODO: check
 CVE-2025-2297 (Prior to version 25.4.270.0, a local authenticated attacker can manipu ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust
 CVE-2025-29534 (An authenticated remote code execution vulnerability in PowerStick Wav ...)
 	TODO: check
 CVE-2025-27802 (The Episerver Content Management System (CMS) by Optimizely was affect ...)
@@ -123,9 +123,9 @@ CVE-2025-26469 (An incorrect default permissions vulnerability exists in the CSe
 CVE-2025-24485 (A server-side request forgery vulnerability exists in the cecho.php fu ...)
 	TODO: check
 CVE-2024-49343 (IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML inje ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-49342 (IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-38497 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/3014168731b7930300aab656085af784edc861f6 (6.16-rc7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/588adc5a67d55da38fe4993bea172a233b383d2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/588adc5a67d55da38fe4993bea172a233b383d2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250728/d4995812/attachment.htm>

More information about the debian-security-tracker-commits mailing list