[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 3 21:15:11 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84bc6676 by security tracker role at 2025-06-03T20:15:04+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,31 +45,31 @@ CVE-2025-5498 (A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8
 CVE-2025-5497 (A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It  ...)
 	TODO: check
 CVE-2025-5495 (A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has b ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-5493 (A vulnerability was found in Baison Channel Middleware Product 2.0.1 a ...)
 	TODO: check
 CVE-2025-5492 (A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 an ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-5340 (The Music Player for Elementor plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5116 (The WP Plugin Info Card plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5103 (The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4671 (The Profile Builder plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4517 (Allows arbitrary filesystem writes outside the extraction directory du ...)
 	TODO: check
 CVE-2025-4435 (When using a TarFile.errorlevel = 0and extracting with a filter the do ...)
 	TODO: check
 CVE-2025-4420 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4392 (The Shared Files \u2013 Frontend File Upload Form & Secure File Sharin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4330 (Allows the extraction filter to be ignored, allowing symlink targets t ...)
 	TODO: check
 CVE-2025-4205 (The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4138 (Allows the extraction filter to be ignored, allowing symlink targets t ...)
 	TODO: check
 CVE-2025-48998 (DataEase is an open source business intelligence and data visualizatio ...)
@@ -99,7 +99,7 @@ CVE-2025-43923 (An issue was discovered in ReportController in Unicom Focal Poin
 CVE-2025-41428 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
 	TODO: check
 CVE-2025-36564 (Dell Encryption Admin Utilities versions prior to 11.10.2 contain an I ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-35036 (Hibernate Validator before 6.2.0 and 7.0.0, by default and depending h ...)
 	TODO: check
 CVE-2025-32106 (In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST r ...)
@@ -115,13 +115,13 @@ CVE-2025-30359 (webpack-dev-server allows users to use webpack with a developmen
 CVE-2025-30167 (Jupyter Core is a package for the core common functionality of Jupyter ...)
 	TODO: check
 CVE-2025-25022 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-25021 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-25020 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-25019 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-23107 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
 	TODO: check
 CVE-2025-23103 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
@@ -135,15 +135,15 @@ CVE-2025-23098 (An issue was discovered in Samsung Mobile Processor Exynos 980,
 CVE-2025-23097 (An issue was discovered in Samsung Mobile Processor Exynos 1380. The l ...)
 	TODO: check
 CVE-2025-1725 (The Bit File Manager \u2013 100% Free & Open Source File Manager and C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1334 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-54189 (A privilege escalation vulnerability exists in the Snapshot functional ...)
 	TODO: check
 CVE-2024-52561 (A privilege escalation vulnerability exists in the Snapshot functional ...)
 	TODO: check
 CVE-2024-45655 (IBM Application Gateway 19.12 through 24.09 could allow a local privil ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-36486 (A privilege escalation vulnerability exists in the virtual machine arc ...)
 	TODO: check
 CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with filter=" ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bc66761767c6dfc5d9bf38211d286140c9fe59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bc66761767c6dfc5d9bf38211d286140c9fe59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250603/217c6d23/attachment.htm>

More information about the debian-security-tracker-commits mailing list