[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 7 09:12:54 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0225a88 by security tracker role at 2025-05-07T08:12:48+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,45 +1,45 @@
 CVE-2025-4335 (The Woocommerce Multiple Addresses plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4220 (The Xavin's List Subpages plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4171 (The WZ Followed Posts \u2013 Display what visitors are reading plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4055 (The Multiple Post Type Order plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4054 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-47420 (266 vulnerability in Crestron Automate VX allows Privilege Escalation. ...)
-	TODO: check
+	NOT-FOR-US: Crestron
 CVE-2025-47419 (Cleartext Transmission of Sensitive Information vulnerability in Crest ...)
-	TODO: check
+	NOT-FOR-US: Crestron
 CVE-2025-47418 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Crestron
 CVE-2025-46573 (passport-wsfed-saml2 provides passport strategy for both WS-fed and SA ...)
 	TODO: check
 CVE-2025-46572 (passport-wsfed-saml2 provides passport strategy for both WS-fed and SA ...)
 	TODO: check
 CVE-2025-44899 (There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-44073 (SeaCMS v13.3 was discovered to contain a SQL injection vulnerability v ...)
 	TODO: check
 CVE-2025-3924 (The PeproDev Ultimate Profile Solutions plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3921 (The PeproDev Ultimate Profile Solutions plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3860 (The CarDealerPress plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3853 (The WPshop 2 \u2013 E-Commerce plugin for WordPress is vulnerable to I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3852 (The WPshop 2 \u2013 E-Commerce plugin for WordPress is vulnerable to p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3851 (The Download Manager and Payment Form WordPress Plugin \u2013 WP Smart ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3844 (The PeproDev Ultimate Profile Solutions plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3766 (The Login Lockdown & Protection plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3218 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-32405 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allow ...)
 	TODO: check
 CVE-2025-32404 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allow ...)
@@ -61,17 +61,17 @@ CVE-2025-32397 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or
 CVE-2025-32396 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlie ...)
 	TODO: check
 CVE-2025-2821 (The Search Exclude plugin for WordPress is vulnerable to unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1400 (Out-of-bounds Read vulnerability inunpack_response (conn.c) in libplct ...)
 	TODO: check
 CVE-2025-1399 (Out-of-bounds Read vulnerability inunpack_response (session.c) in libp ...)
 	TODO: check
 CVE-2025-0856 (The PGS Core plugin for WordPress is vulnerable to unauthorized access ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0855 (The PGS Core plugin for WordPress is vulnerable to PHP Object Injectio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0853 (The PGS Core plugin for WordPress is vulnerable to SQL Injection via t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0669 (Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows ...)
 	TODO: check
 CVE-2025-0668 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -83,7 +83,7 @@ CVE-2025-0666 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow serving ver ...)
 	TODO: check
 CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27533 [Unchecked buffer length can cause excessive memory allocation]
 	- activemq <unfixed>
 	NOTE: https://issues.apache.org/jira/browse/AMQ-6596



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0225a8889c91c7a8823cfbc4ad8d82214b86072

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0225a8889c91c7a8823cfbc4ad8d82214b86072
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250507/7ea71a7a/attachment.htm>

More information about the debian-security-tracker-commits mailing list