[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 10 09:12:54 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17956a06 by security tracker role at 2025-06-10T08:12:46+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2025-5952 (A vulnerability, which was classified as critical, has been found in Z ...)
 	TODO: check
 CVE-2025-5945 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Centreon
 CVE-2025-5935 (A vulnerability was found in Open5GS up to 2.7.3. It has been declared ...)
 	TODO: check
 CVE-2025-5934 (A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has bee ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-5925 (The Bunny\u2019s Print CSS plugin for WordPress is vulnerable to Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5913 (A vulnerability was found in PHPGurukul Vehicle Record Management Syst ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-5912 (A vulnerability was found in D-Link DIR-632 FW103B08. It has been decl ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-5911 (A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B2021 ...)
 	TODO: check
 CVE-2025-5910 (A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_ ...)
@@ -23,7 +23,7 @@ CVE-2025-5908 (A vulnerability, which was classified as critical, has been found
 CVE-2025-5907 (A vulnerability classified as critical was found in TOTOLINK EX1200T u ...)
 	TODO: check
 CVE-2025-5906 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-5905 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been ra ...)
 	TODO: check
 CVE-2025-5904 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been de ...)
@@ -35,7 +35,7 @@ CVE-2025-5902 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classi
 CVE-2025-5901 (A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classi ...)
 	TODO: check
 CVE-2025-5900 (A vulnerability, which was classified as problematic, was found in Ten ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-5899 (A vulnerability classified as critical was found in GNU PSPP 82fb509fb ...)
 	TODO: check
 CVE-2025-5898 (A vulnerability classified as critical has been found in GNU PSPP 82fb ...)
@@ -45,13 +45,13 @@ CVE-2025-5897 (A vulnerability was found in vuejs vue-cli up to 5.0.8. It has be
 CVE-2025-5896 (A vulnerability was found in tarojs taro up to 4.1.1. It has been decl ...)
 	TODO: check
 CVE-2025-4954 (The Axle Demo Importer WordPress plugin through 1.0.3 does not validat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4840 (The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4601 (The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4387 (The Abandoned Cart Pro for WooCommerce plugin contains an authenticate ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49141 (HAX CMS PHP allows users to manage their microsite universe with a PHP ...)
 	TODO: check
 CVE-2025-49140 (Pion Interceptor is a framework for building RTP/RTCP communication so ...)
@@ -65,37 +65,37 @@ CVE-2025-49137 (HAX CMS PHP allows users to manage their microsite universe with
 CVE-2025-49004 (Caido is a web security auditing toolkit. Prior to version 0.48.0, due ...)
 	TODO: check
 CVE-2025-42998 (The security settings in the SAP Business One Integration Framework ar ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42996 (SAP MDM Server allows an attacker to gain control of existing client s ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42995 (SAP MDM Server Read function allows an attacker to send specially craf ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42994 (SAP MDM Server ReadString function allows an attacker to send speciall ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42993 (Due to a missing authorization check vulnerability in SAP S/4HANA (Ent ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42991 (SAP S/4HANA (Bank Account Application) does not perform necessary auth ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42990 (Unprotected SAPUI5 applications allow an attacker with basic privilege ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42989 (RFC inbound processing\ufffddoes not perform necessary authorization c ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42988 (Under certain conditions, SAP Business Objects Business Intelligence P ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42987 (SAP Manage Processing Rules (For Bank Statement) allows an attacker wi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42984 (SAP S/4HANA Manage Central Purchase Contract does not perform necessar ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42983 (SAP Business Warehouse and SAP Plug-In Basis allows an authenticated a ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42982 (SAP GRC allows a non-administrative user to access and initiate transa ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42977 (SAP NetWeaver Visual Composer contains a Directory Traversal vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-3076 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-31325 (Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Key ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-30515 (CyberData011209 Intercom   could allow an authenticated attacker to up ...)
 	TODO: check
 CVE-2025-30507 (CyberData011209 Intercom could allow an unauthenticated user to gather ...)
@@ -113,7 +113,7 @@ CVE-2025-27817 (A possible arbitrary file read and SSRF vulnerability has been i
 CVE-2025-26468 (CyberData 011209    Intercom exposes features that could allow an unau ...)
 	TODO: check
 CVE-2025-23192 (SAP BusinessObjects Business Intelligence (BI Workspace) allows an una ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-1041 (An improper input validation discovered in   Avaya Call Management Sys ...)
 	TODO: check
 CVE-2025-0037 (In AMD Versal Adaptive SoC devices, the lack of address validation whe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17956a06f23885bb1c8a0b27006ba2665fae21bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17956a06f23885bb1c8a0b27006ba2665fae21bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250610/f31d6b0e/attachment.htm>

More information about the debian-security-tracker-commits mailing list