[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 15 09:13:08 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5bf93e7 by security tracker role at 2025-05-15T08:13:01+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
 CVE-2025-4737 (Insufficient encryption vulnerability in the mobile application (com.t ...)
 	TODO: check
 CVE-2025-4591 (The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4589 (The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4579 (The WP Content Security Plugin plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4126 (The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-48027 (The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authenticati ...)
 	TODO: check
 CVE-2025-48024 (In BlueWave Checkmate before 2.1, an authenticated regular user can ac ...)
 	TODO: check
 CVE-2025-47889 (In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims ar ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47888 (Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47887 (Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47886 (A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence v ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47885 (Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earl ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47884 (In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-47783 (Label Studio is a multi-type data labeling and annotation tool. A vuln ...)
 	TODO: check
 CVE-2025-44879 (WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the ...)
@@ -31,11 +31,11 @@ CVE-2025-44879 (WS-WN572HP3 V230525 was discovered to contain a buffer overflow
 CVE-2025-44024 (Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome ...)
 	TODO: check
 CVE-2025-3917 (The \u767e\u5ea6\u7ad9\u957fSEO\u5408\u96c6(\u652f\u6301\u767e\u5ea6/\ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3742 (The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3053 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-32421 (Next.js is a React framework for building full-stack web applications. ...)
 	TODO: check
 CVE-2025-29691 (A cross-site scripting (XSS) vulnerability in OA System before v2025.0 ...)
@@ -51,11 +51,11 @@ CVE-2025-29686 (A cross-site scripting (XSS) vulnerability in OA System before v
 CVE-2025-27891 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
 	TODO: check
 CVE-2025-27525 (Information Exposure vulnerability in Hitachi JP1/IT Desktop Managemen ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2025-27524 (Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2025-27523 (XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Devic ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2025-26783 (An issue was discovered in RRC in Samsung Mobile Processor, Wearable P ...)
 	TODO: check
 CVE-2024-56427 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...)
@@ -65,7 +65,7 @@ CVE-2024-55569 (An issue was discovered in Samsung Mobile Processor, Wearable Pr
 CVE-2024-45067 (Incorrect default permissions in some Intel(R) Gaudi(R) software insta ...)
 	TODO: check
 CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4478
 	- gnome-remote-desktop <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365232



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5bf93e77156465fbf27eb3ede9463e12d6eb1aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5bf93e77156465fbf27eb3ede9463e12d6eb1aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250515/53b3ddc6/attachment.htm>

More information about the debian-security-tracker-commits mailing list