[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 1 09:14:01 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b84d7f3 by security tracker role at 2025-05-01T08:13:54+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,85 +1,85 @@
 CVE-2025-4156 (A vulnerability has been found in PHPGurukul Boat Booking System 1.0 a ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4155 (A vulnerability, which was classified as critical, was found in PHPGur ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4154 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4153 (A vulnerability classified as critical was found in PHPGurukul Park Ti ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4152 (A vulnerability classified as critical has been found in PHPGurukul On ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4151 (A vulnerability was found in PHPGurukul Curfew e-Pass Management Syste ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4150 (A vulnerability was found in Netgear EX6200 1.0.3.94. It has been decl ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4149 (A vulnerability was found in Netgear EX6200 1.0.3.94. It has been clas ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4148 (A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4147 (A vulnerability has been found in Netgear EX6200 1.0.3.94 and classifi ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4146 (A vulnerability, which was classified as critical, was found in Netgea ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4145 (A vulnerability, which was classified as critical, has been found in N ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4144 (PKCE was implemented in the OAuth implementation in workers-oauth-prov ...)
 	TODO: check
 CVE-2025-4143 (The OAuth implementation in workers-oauth-provider that is part of  MC ...)
 	TODO: check
 CVE-2025-4142 (A vulnerability has been found in Netgear EX6200 1.0.3.94 and classifi ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4141 (A vulnerability, which was classified as critical, was found in Netgea ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4140 (A vulnerability, which was classified as critical, has been found in N ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4139 (A vulnerability classified as critical was found in Netgear EX6120 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-4100 (The Nautic Pages plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4099 (The List Children plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-47154 (LibJS in Ladybird before f5a6704 mishandles the freeing of the vector  ...)
 	TODO: check
 CVE-2025-3952 (The Projectopia \u2013 WordPress Project Management plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3521 (The Team Members \u2013 Best WordPress Team Plugin with Team Slider, T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3504 (The WP Maps  WordPress plugin before 4.7.2 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3503 (The WP Maps  WordPress plugin before 4.7.2 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3502 (The WP Maps  WordPress plugin before 4.7.2 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-30422 (A buffer overflow was addressed with improved input validation. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-2816 (The Page View Count plugin for WordPress is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2168 (The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Buil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-24132 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-1305 (The NewsBlogger theme for WordPress is vulnerable to Cross-Site Reques ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1304 (The NewsBlogger theme for WordPress is vulnerable to arbitrary file up ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30146 (Improper access control of endpoint in HCL Domino Leap allows certain  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-30145 (Multiple vectors in HCL Domino Volt and Domino Leap allow client-side  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-30115 (Insufficient sanitization policy in HCL Leap allows client-side script ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-13845 (The Gravity Forms WebHooks plugin for WordPress is vulnerable to Serve ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13381 (The Calculated Fields Form WordPress plugin before 5.2.62 does not san ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4533
 	REJECTED
 CVE-2023-45721 (Insufficient default configuration in HCL Leap allows anonymous access ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-37535 (Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-37517 (Missing "no cache" headers in HCL Leap permits sensitive data to be ca ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-47153 (Certain build processes for libuv and Node.js for 32-bit systems, such ...)
 	- nodejs <unfixed> (bug #922075; bug #1076350)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892601
@@ -225469,9 +225469,9 @@ CVE-2022-42452 (HCL Launch is vulnerable to HTML injection. HTML code is stored
 CVE-2022-42451 (Certain credentials within the BigFix Patch Management Download Plug-i ...)
 	NOT-FOR-US: HCL
 CVE-2022-42450 (Improper sanitization of SVG files in HCL Domino Volt allows client-si ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-42449 (Unsafe default file type filter policy in HCL Domino Volt allows uploa ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-42448
 	RESERVED
 CVE-2022-42447 (HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). Thi ...)
@@ -267398,7 +267398,7 @@ CVE-2022-27564
 CVE-2022-27563 (An unauthenticated user can overload a part of HCL VersionVault Expres ...)
 	NOT-FOR-US: HCL
 CVE-2022-27562 (Unsafe default file type filter policy in HCL Domino Volt allows uploa ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-27561 (There is a reflected Cross-Site Scripting vulnerability in the HCL Tra ...)
 	NOT-FOR-US: HCL
 CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b84d7f3fb228cef82bf214bcabbb0629cdb762d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b84d7f3fb228cef82bf214bcabbb0629cdb762d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250501/907296bd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list