[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 11 21:14:30 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1904a0c3 by security tracker role at 2025-06-11T20:14:23+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,15 +5,15 @@ CVE-2025-6001 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the p
 CVE-2025-5687 (A vulnerability in Mozilla VPN on macOS allows privilege escalation fr ...)
 	TODO: check
 CVE-2025-5144 (The The Events Calendar plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4922 (Nomad Community and Nomad Enterprise (\u201cNomad\u201d) prefix-based  ...)
 	TODO: check
 CVE-2025-4605 (A maliciously crafted .usdc file, when loaded through Autodesk Maya, c ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-4573 (Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5 ...)
 	TODO: check
 CVE-2025-4315 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4128 (Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to proper ...)
 	TODO: check
 CVE-2025-49150 (Cursor is a code editor built for programming with AI. Prior to 0.51.0 ...)
@@ -23,17 +23,17 @@ CVE-2025-49148 (ClipShare is a lightweight and cross-platform tool for clipboard
 CVE-2025-49146 (pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until ...)
 	TODO: check
 CVE-2025-48448 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48447 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48446 (Incorrect Authorization vulnerability in Drupal Commerce Alphabank Red ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48445 (Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Red ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48444 (Missing Authorization vulnerability in Drupal Quick Node Block allows  ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48013 (Missing Authorization vulnerability in Drupal Quick Node Block allows  ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-41663 (An unauthenticated remote attacker in a man-in-the-middle position can ...)
 	TODO: check
 CVE-2025-41662 (An unauthenticated remote attacker can execute arbitrary commands with ...)
@@ -47,35 +47,35 @@ CVE-2025-40914 (Perl CryptX before version 0.087 contains a dependency that may
 CVE-2025-40912 (CryptX for Perl before version 0.065 contains a dependency that may be ...)
 	TODO: check
 CVE-2025-3473 (IBM Security Guardium 12.1 could allow a local privileged user to esca ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-3302 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-35941 (A password is exposed locally.)
 	TODO: check
 CVE-2025-32711 (Ai command injection in M365 Copilot allows an unauthorized attacker t ...)
 	TODO: check
 CVE-2025-32466 (A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1 ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-32465 (A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for  ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-30085 (Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3. ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-26412 (The SIMCom SIM7600G modem supports an undocumented AT command, which a ...)
 	TODO: check
 CVE-2025-26383 (The iSTAR Configuration Utility (ICU) tool leaks memory, which could r ...)
 	TODO: check
 CVE-2025-25032 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-1699 (An incorrect default permissions vulnerability was reported in the Mot ...)
 	TODO: check
 CVE-2025-1698 (Null pointer exception vulnerabilities were reported in the fingerprin ...)
 	TODO: check
 CVE-2025-0923 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-0917 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-0163 (IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 co ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-5991 (There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandle ...)
 	- qt6-base <unfixed>
 	- qtbase-opensource-src <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1904a0c38537ef18ef69a7eaa9ef2b5c966d4738

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1904a0c38537ef18ef69a7eaa9ef2b5c966d4738
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250611/80fdbae8/attachment.htm>

More information about the debian-security-tracker-commits mailing list