[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 1 21:14:09 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
675ab662 by security tracker role at 2025-05-01T20:14:02+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-4174 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4173 (A vulnerability classified as critical was found in SourceCodester Onl ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-4164 (A vulnerability, which was classified as critical, was found in PHPGur ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4163 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-4162 (A vulnerability classified as critical was found in PCMan FTP Server u ...)
 	TODO: check
 CVE-2025-4161 (A vulnerability classified as critical has been found in PCMan FTP Ser ...)
@@ -17,29 +17,29 @@ CVE-2025-4159 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It has
 CVE-2025-4158 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been ...)
 	TODO: check
 CVE-2025-4157 (A vulnerability was found in PHPGurukul Boat Booking System 1.0 and cl ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-46635 (An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46634 (Cleartext transmission of sensitive information in the web management  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46633 (Cleartext transmission of sensitive information in the web management  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46632 (Initialization vector (IV) reuse in the web management portal of the T ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46631 (Improper access controls in the web management portal of the Tenda RX2 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46630 (Improper access controls in the web management portal of the Tenda RX2 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46629 (Lack of access controls in the 'ate' management binary of the Tenda RX ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46628 (Lack of input validation/sanitization in the 'ate' management service  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46627 (Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an una ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46626 (Reuse of a static AES key and initialization vector for encrypted traf ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46625 (Lack of input validation/sanitization in the 'setLanCfg' API endpoint  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-46569 (Open Policy Agent (OPA) is an open source, general-purpose policy engi ...)
 	TODO: check
 CVE-2025-46568 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
@@ -55,13 +55,13 @@ CVE-2025-46345 (Auth0 Account Link Extension is an extension aimed to help link
 CVE-2025-46337 (ADOdb is a PHP database class library that provides abstractions for p ...)
 	TODO: check
 CVE-2025-44867 (Tenda W20E V15.11.0.6 was found to contain a command injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-44866 (Tenda W20E V15.11.0.6 was found to contain a command injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-44865 (Tenda W20E V15.11.0.6 was found to contain a command injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-44864 (Tenda W20E V15.11.0.6 was found to contain a command injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-44863 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command  ...)
 	TODO: check
 CVE-2025-44862 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command  ...)
@@ -99,15 +99,15 @@ CVE-2025-44837 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contai
 CVE-2025-44836 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a co ...)
 	TODO: check
 CVE-2025-44835 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-3890 (The WordPress Simple Shopping Cart plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3889 (The WordPress Simple Shopping Cart plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3874 (The WordPress Simple Shopping Cart plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3517 (Privilege context switching error in PAM JIT feature in Devolutions Se ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2025-36558 (KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-si ...)
 	TODO: check
 CVE-2025-36521 (MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which m ...)
@@ -153,7 +153,7 @@ CVE-2025-23246 (NVIDIA vGPU software for Windows and Linux contains a vulnerabil
 CVE-2025-23245 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...)
 	TODO: check
 CVE-2025-1529 (The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-52979 (Uncontrolled Resource Consumption in Elasticsearch while evaluating sp ...)
 	TODO: check
 CVE-2024-52976 (Inclusion of functionality from an untrusted control sphere in Elastic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675ab662af10e9447cb5aacfa12c2e4df833212d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/675ab662af10e9447cb5aacfa12c2e4df833212d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250501/ec32f905/attachment.htm>

More information about the debian-security-tracker-commits mailing list