[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 25 21:13:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac6b4356 by security tracker role at 2025-06-25T20:13:09+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,37 +11,37 @@ CVE-2025-6619 (A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has
 CVE-2025-6618 (A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been  ...)
 	TODO: check
 CVE-2025-6617 (A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-6616 (A vulnerability has been found in D-Link DIR-619L 2.06B01 and classifi ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-6615 (A vulnerability, which was classified as critical, was found in D-Link ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-6614 (A vulnerability, which was classified as critical, has been found in D ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-6613 (A vulnerability classified as problematic was found in PHPGurukul Hosp ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-6612 (A vulnerability was found in code-projects Inventory Management System ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-6611 (A vulnerability was found in code-projects Inventory Management System ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-6610 (A vulnerability was found in itsourcecode Employee Management System u ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-6609 (A vulnerability was found in SourceCodester Best Salon Management Syst ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-6608 (A vulnerability has been found in SourceCodester Best Salon Management ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-6607 (A vulnerability, which was classified as critical, was found in Source ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-6606 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-6605 (A vulnerability classified as critical was found in SourceCodester Bes ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-6604 (A vulnerability classified as critical has been found in SourceCodeste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-6603 (A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011 ...)
 	TODO: check
 CVE-2025-6543 (Memory overflow vulnerability leading to unintended control flow and D ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2025-6445 (ServiceStack FindType Directory Traversal Remote Code Execution Vulner ...)
 	TODO: check
 CVE-2025-6444 (ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vul ...)
@@ -49,7 +49,7 @@ CVE-2025-6444 (ServiceStack GetErrorResponse Improper Input Validation NTLM Rela
 CVE-2025-6442 (Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vu ...)
 	TODO: check
 CVE-2025-5927 (The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5834 (Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Loca ...)
 	TODO: check
 CVE-2025-5833 (Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Dat ...)
@@ -97,19 +97,19 @@ CVE-2025-52480 (Registrator is a GitHub app that automates creation of registrat
 CVE-2025-52479 (HTTP.jl provides HTTP client and server functionality for Julia, and U ...)
 	TODO: check
 CVE-2025-50179 (Tuleap is an Open Source Suite to improve management of software devel ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2025-50178 (GitForge.jl is a unified interface for interacting with Git "forges."  ...)
 	TODO: check
 CVE-2025-4656 (Vault Community and Vault Enterprise rekey and recovery key operations ...)
 	TODO: check
 CVE-2025-49845 (Discourse is an open-source discussion platform. The visibility of pos ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2025-49797 (Multiple Brother driver installers for Windows contain a privilege esc ...)
 	TODO: check
 CVE-2025-49550 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-49549 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-49153 (MICROSENS NMP Web+  could allow an unauthenticated attacker to overwri ...)
 	TODO: check
 CVE-2025-49152 (MICROSENS NMP Web+contain JSON Web Tokens (JWT) that do not expire, wh ...)
@@ -119,9 +119,9 @@ CVE-2025-49151 (MICROSENS NMP Web+could allow an unauthenticated attacker to gen
 CVE-2025-49135 (CVAT is an open source interactive video and image annotation tool for ...)
 	TODO: check
 CVE-2025-48991 (Tuleap is an Open Source Suite to improve management of software devel ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2025-48954 (Discourse is an open-source discussion platform. Versions prior to 3.5 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2025-45333 (berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnera ...)
 	TODO: check
 CVE-2025-45332 (vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerabil ...)
@@ -139,11 +139,11 @@ CVE-2025-25905 (Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and
 CVE-2025-25012 (URL redirection to an untrusted site ('Open Redirect') in Kibana can l ...)
 	TODO: check
 CVE-2025-20282 (A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC coul ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20281 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20264 (A vulnerability in the web-based management interface of Cisco Identit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-57708 (An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a d ...)
 	TODO: check
 CVE-2024-27685 (SQL Injection vulnerability in Student Record system Using PHP and MyS ...)
@@ -151,7 +151,7 @@ CVE-2024-27685 (SQL Injection vulnerability in Student Record system Using PHP a
 CVE-2023-44915 (A cross-site scripting (XSS) vulnerability in the component /Login.php ...)
 	TODO: check
 CVE-2021-4457 (The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5846
 	- gitlab <not-affected> (Specific to EE)
 CVE-2025-2938



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac6b4356da6d298b997e83f13d219c1b5a16b0a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac6b4356da6d298b997e83f13d219c1b5a16b0a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250625/60e29220/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list