[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 14 21:13:32 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60e5b31b by security tracker role at 2025-05-14T20:13:25+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,25 +21,25 @@ CVE-2025-47777 (5ire is a cross-platform desktop artificial intelligence assista
 CVE-2025-47775 (Bullfrog is a GithHb Action to block unauthorized outbound traffic in  ...)
 	TODO: check
 CVE-2025-47710 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47709 (Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47708 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise M ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47707 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47706 (Authentication Bypass by Capture-replay vulnerability in Drupal Enterp ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47705 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47704 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47703 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47702 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47701 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict rou ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47445 (Relative Path Traversal vulnerability in Themewinter Eventin allows Pa ...)
 	TODO: check
 CVE-2025-47436 (Heap-based Buffer Overflow vulnerability in Apache ORC.  A vulnerabili ...)
@@ -47,15 +47,15 @@ CVE-2025-47436 (Heap-based Buffer Overflow vulnerability in Apache ORC.  A vulne
 CVE-2025-47292 (Cap Collectif is an online decision making platform that integrates se ...)
 	TODO: check
 CVE-2025-46786 (Improper neutralization of special elements in some Zoom Workplace App ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-46785 (Buffer over-read in some Zoom Workplace Apps for Windows may allow an  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-44186 (SourceCodester Best Employee Management System 1.0 is vulnerable to Cr ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-44184 (SourceCodester Best Employee Management System V1.0 is vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-40595 (A Server-side request forgery (SSRF) vulnerability has been identified ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2025-3932 (It was possible to craft an email that showed a tracking link as an at ...)
 	TODO: check
 CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker, allowing ...)
@@ -67,33 +67,33 @@ CVE-2025-3877 (A crafted HTML email using mailbox:/// links can trigger automati
 CVE-2025-3875 (Thunderbird parses addresses in a way that can allow sender spoofing i ...)
 	TODO: check
 CVE-2025-3834 (Zohocorp ManageEngineADAudit Plus versions8510and prior are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-3833 (Zohocorp ManageEngineADSelfService Plus versions6513 and prior are vul ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-3769 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3600 (In Progress\xae Telerik\xae UI for AJAX, versions 2011.2.712 to 2025.1 ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2025-33104 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-32363 (mediDOK before 2.5.18.43 allows remote attackers to achieve remote cod ...)
 	TODO: check
 CVE-2025-30668 (Integer underflow in some Zoom Workplace Apps may allow an authenticat ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-30667 (NULL pointer dereference in some Zoom Workplace Apps for Windows may a ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-30666 (NULL pointer dereference in some Zoom Workplace Apps for Windows may a ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-30665 (NULL pointer dereference in some Zoom Workplace Apps for Windows may a ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-30664 (Improper neutralization of special elements in some Zoom Workplace App ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-30663 (Time-of-check time-of-use race condition in some Zoom Workplace Apps m ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-2900 (IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-2875 (CWE-610: Externally Controlled Reference to a Resource in Another Sphe ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-26785 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
 	TODO: check
 CVE-2025-26784 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
@@ -113,25 +113,25 @@ CVE-2025-24021 (iTop is an web based IT Service Management tool. Prior to versio
 CVE-2025-22756
 	REJECTED
 CVE-2025-0138 (Web sessions in the web interface of Palo Alto Networks Prisma\xae Clo ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-0137 (An improper input neutralization vulnerability in the management web i ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-0136 (Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Network ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-0135 (An incorrect privilege assignment vulnerability in the Palo Alto Netwo ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-0134 (A code injection vulnerability in the Palo Alto Networks Cortex XDR\xa ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-0133 (A reflected cross-site scripting (XSS) vulnerability in the GlobalProt ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-0132 (A missing authentication vulnerability in Palo Alto Networks Cortex XD ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-0131 (An incorrect privilege management vulnerability in the OPSWAT MetaDefe ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-0130 (A missing exception check in Palo Alto Networks PAN-OS\xae software wi ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2024-8988 (The PeepSo Core: File Uploads plugin for WordPress is vulnerable to In ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-58101 (Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pair ...)
 	TODO: check
 CVE-2024-57273 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
@@ -147,13 +147,13 @@ CVE-2024-54779 (Netgate pfSense CE (prior to 2.8.0 beta release) and correspondi
 CVE-2024-52601 (iTop is an web based IT Service Management tool. Prior to versions 2.7 ...)
 	TODO: check
 CVE-2024-45516 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Pat ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2024-13940 (The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10865 (Improper Input validation leads to XSS or Cross-site Scripting vulnera ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-10864 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-4609
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60e5b31bbc6e56f806446701760bc191bb49fa22

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60e5b31bbc6e56f806446701760bc191bb49fa22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/91f9d9f9/attachment.htm>

More information about the debian-security-tracker-commits mailing list