[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 8 21:14:25 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b8b889b by security tracker role at 2025-05-08T20:14:18+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-4475 (Issue in my product in blah version x on y allows bad person to break)
 	TODO: check
 CVE-2025-4208 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4207 (Buffer over-read in PostgreSQL GB18030 encoding validation allows a da ...)
 	TODO: check
 CVE-2025-4132 (Rapid7 Corporate Website prior to May 2nd 2025, suffered from a URL Re ...)
@@ -59,7 +59,7 @@ CVE-2025-41450 (Improper Authentication vulnerability in Danfoss AKSM8xxA Series
 CVE-2025-40846 (Improper Input Validation, the returnUrl parameter in Account Security ...)
 	TODO: check
 CVE-2025-3862 (Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3759 (Endpoint/cgi-bin-igd/netcore_set.cgiwhich is used for changing device  ...)
 	TODO: check
 CVE-2025-3758 (WF2220 exposes endpoint/cgi-bin-igd/netcore_get.cgithat returns config ...)
@@ -67,17 +67,17 @@ CVE-2025-3758 (WF2220 exposes endpoint/cgi-bin-igd/netcore_get.cgithat returns c
 CVE-2025-3506 (Files to be deployed with agents are accessible without authentication ...)
 	TODO: check
 CVE-2025-3468 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-30102 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-30101 (Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a ti ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-2806 (The tagDiv Composer plugin for WordPress, used by the Newspaper theme, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-28073 (phpList 3.6.3 is vulnerable to Reflected Cross-Site Scripting (XSS) vi ...)
 	TODO: check
 CVE-2025-27695 (Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authe ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-1948 (In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client ...)
 	TODO: check
 CVE-2025-1254 (Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext P ...)
@@ -87,19 +87,19 @@ CVE-2025-1253 (Buffer Copy without Checking Size of Input ('Classic Buffer Overf
 CVE-2025-1252 (Heap-based Buffer Overflow vulnerability in RTI Connext Professional ( ...)
 	TODO: check
 CVE-2025-0505 (On Arista CloudVision systems (virtual or physical on-premise deployme ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2024-9448 (On affected platforms running Arista EOS with Traffic Policies configu ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2024-8100 (On affected versions of the Arista CloudVision Portal (CVP on-prem), t ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2024-6648 (Absolute Path Traversal vulnerability in AP Page Builder versions prio ...)
 	TODO: check
 CVE-2024-13009 (In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly  ...)
 	TODO: check
 CVE-2024-12378 (On affected platforms running Arista EOS with secure Vxlan configured, ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2024-11186 (On affected versions of the CloudVision Portal, improper access contro ...)
-	TODO: check
+	NOT-FOR-US: Arista Networks
 CVE-2023-51328 (PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple S ...)
 	TODO: check
 CVE-2023-51295 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b8b889bd5009a0c996d9baec596c88c0b07a5f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b8b889bd5009a0c996d9baec596c88c0b07a5f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/8b8b7596/attachment.htm>

More information about the debian-security-tracker-commits mailing list