[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 5 21:14:19 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3bf76b6b by security tracker role at 2025-05-05T20:14:13+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the aws-am ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server 2025.1.6. ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2025-4287 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as ...)
 	TODO: check
 CVE-2025-4286 (A vulnerability was found in Intelbras InControl up to 2.21.59. It has ...)
 	TODO: check
 CVE-2025-4283 (A vulnerability was found in SourceCodester/oretnom23 Stock Management ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-4282 (A vulnerability has been found in SourceCodester/oretnom23 Stock Manag ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-4281 (A vulnerability, which was classified as problematic, was found in She ...)
 	TODO: check
 CVE-2025-4279 (The External image replace plugin for WordPress is vulnerable to arbit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4272 (A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has ...)
 	TODO: check
 CVE-2025-47240
@@ -43,7 +43,7 @@ CVE-2025-46340 (Misskey is an open source, federated social media platform. Star
 CVE-2025-46335 (Mobile Security Framework (MobSF) is a security research platform for  ...)
 	TODO: check
 CVE-2025-45751 (SourceCodester Web Based Pharmacy Product Management System 1.0 is vul ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-45618 (Incorrect access control in the component /admin/sys/datasource/ajaxLi ...)
 	TODO: check
 CVE-2025-45617 (Incorrect access control in the component /user/list of production_ssm ...)
@@ -87,7 +87,7 @@ CVE-2025-45237 (Incorrect access control in the component /config/download of DB
 CVE-2025-45236 (A stored cross-site scripting (XSS) vulnerability in the Edit Profile  ...)
 	TODO: check
 CVE-2025-45042 (Tenda AC9 v15.03.05.14 was discovered to contain a command injection v ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-43915 (In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd ...)
 	TODO: check
 CVE-2025-43852 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
@@ -131,9 +131,9 @@ CVE-2025-25504 (An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (I
 CVE-2025-24977 (OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to  ...)
 	TODO: check
 CVE-2025-1992 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-1909 (The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0217 (BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are  ...)
 	TODO: check
 CVE-2024-58237 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
@@ -143,27 +143,27 @@ CVE-2024-58100 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-58098 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	TODO: check
 CVE-2024-57235 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-57234 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-57233 (NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-57232 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-57231 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-57230 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-57229 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-51991 (October is a Content Management System (CMS) and web platform. A vulne ...)
 	TODO: check
 CVE-2024-42213 (HCL BigFix Compliance is affected by inclusion of temporary files left ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-42212 (HCL BigFix Compliance is affected by an improper or missing SameSite a ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-11615 (The Envolve Plugin plugin for WordPress is vulnerable to arbitrary fil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-47268 (ping in iputils through 20240905 allows a denial of service (applicati ...)
 	- iputils <unfixed> (bug #1104746)
 	[bookworm] - iputils <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bf76b6b0f6e0e8fb86fbfe56879bbc995060ab6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bf76b6b0f6e0e8fb86fbfe56879bbc995060ab6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250505/727b1d55/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list