[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 26 21:13:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3c9bf50 by security tracker role at 2025-06-26T20:13:01+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,45 +15,45 @@ CVE-2025-6701 (A vulnerability, which was classified as problematic, has been fo
 CVE-2025-6700 (A vulnerability classified as problematic was found in Xuxueli xxl-sso ...)
 	TODO: check
 CVE-2025-6699 (A vulnerability classified as problematic has been found in LabRedesCe ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-6698 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-6697 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-6696 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-6695 (A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classifie ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-6694 (A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and clas ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-6693 (A vulnerability, which was classified as critical, was found in RT-Thr ...)
 	TODO: check
 CVE-2025-6677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-6676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-6675 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-6674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-6562 (Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic ...)
 	TODO: check
 CVE-2025-6561 (Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electron ...)
 	TODO: check
 CVE-2025-6212 (The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5995 (Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earl ...)
 	TODO: check
 CVE-2025-5966 (Zohocorp ManageEngine Exchange reporter Plus version5722 and below are ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-5842 (The Modern Design Library plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5682 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-5366 (Zohocorp ManageEngine Exchange reporter Plus version5722 and below are ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-5338 (The Royal Elementor Addons plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-53122 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-53121 (Multiple stored XSS were found on different nodes with unsanitized par ...)
@@ -79,11 +79,11 @@ CVE-2025-52573 (iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context
 CVE-2025-52477 (Octo-STS is a GitHub App that acts like a Security Token Service (STS) ...)
 	TODO: check
 CVE-2025-51672 (A time-based blind SQL injection vulnerability was identified in the P ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-51671 (A SQL injection vulnerability was discovered in the PHPGurukul Dairy F ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-50350 (PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-49603 (Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Inc ...)
 	TODO: check
 CVE-2025-49592 (n8n is a workflow automation platform. Versions prior to 1.98.0 have a ...)
@@ -91,11 +91,11 @@ CVE-2025-49592 (n8n is a workflow automation platform. Versions prior to 1.98.0
 CVE-2025-49003 (DataEase is an open source business intelligence and data visualizatio ...)
 	TODO: check
 CVE-2025-48923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48922 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48921 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social  ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-44141 (A Cross-Site Scripting (XSS) vulnerability exists in the node creation ...)
 	TODO: check
 CVE-2025-3773 (A sensitive  information exposure vulnerability in System Information  ...)
@@ -105,11 +105,11 @@ CVE-2025-3771 (A path or symbolic link manipulation vulnerability in SIR 1.0.3 a
 CVE-2025-3722 (A path traversal vulnerability in System Information Reporter (SIR) 1. ...)
 	TODO: check
 CVE-2025-36034 (IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information S ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-34049 (An OS command injection vulnerability exists in the OptiLink ONT1GEW G ...)
 	TODO: check
 CVE-2025-34048 (A path traversal vulnerability exists in the web management interface  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-34047 (A path traversal vulnerability exists in the Leadsec SSL VPN (formerly ...)
 	TODO: check
 CVE-2025-34046 (An unauthenticated file upload vulnerability exists in the Fanwei E-Of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c9bf502c0b7bc8f42dfe08e2baa6b8000baf09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c9bf502c0b7bc8f42dfe08e2baa6b8000baf09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250626/0f42003e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list