[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 21 21:13:52 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e000b111 by security tracker role at 2025-05-21T20:13:46+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2025-5049 (A vulnerability was found in FreeFloat FTP Server 1.0. It has bee
 CVE-2025-5033 (A vulnerability classified as problematic was found in XiaoBingby TeaC ...)
 	TODO: check
 CVE-2025-5032 (A vulnerability classified as critical has been found in Campcodes Onl ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-5031 (A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has be ...)
 	TODO: check
 CVE-2025-5030 (A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has be ...)
@@ -17,21 +17,21 @@ CVE-2025-5029 (A vulnerability has been found in Kingdee Cloud Galaxy Private Cl
 CVE-2025-5020 (Opening maliciously-crafted URLs in Firefox from other apps such as Sa ...)
 	TODO: check
 CVE-2025-4803 (The Glossary by WPPedia \u2013 Best Glossary plugin for WordPress plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4611 (The Slim SEO \u2013 Fast & Automated WordPress SEO Plugin plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4416 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-4415 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-4221 (The Animated Buttons plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4219 (The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4217 (The WP YouTube Video Optimizer plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4105 (The Splitit plugin for WordPress is vulnerable to unauthorized modific ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4008 (The Meteobridge web interface let meteobridge administrator manage the ...)
 	TODO: check
 CVE-2025-48417 (The certificate and private key used for providing transport layer sec ...)
@@ -69,13 +69,13 @@ CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required rig
 CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and including 1 ...)
 	TODO: check
 CVE-2025-48012 (Authentication Bypass by Capture-replay vulnerability in Drupal One Ti ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48011 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48010 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-48009 (Missing Authorization vulnerability in Drupal Single Content Sync allo ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-47291 (containerd is an open-source container runtime. A bug was found in the ...)
 	TODO: check
 CVE-2025-46822 (OsamaTaher/Java-springboot-codebase is a collection of Java and Spring ...)
@@ -93,17 +93,17 @@ CVE-2025-44895 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack ov
 CVE-2025-44892 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
 	TODO: check
 CVE-2025-44083 (An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypa ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-41426 (Affected Vertiv products contain a stack based buffer overflow vulnera ...)
 	TODO: check
 CVE-2025-41232 (Spring Security Aspects may not correctly locate method security annot ...)
 	TODO: check
 CVE-2025-3781 (The Raisely Donation Form plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3751 (The component listed above contains a vulnerability that can be exploi ...)
 	TODO: check
 CVE-2025-3750 (The Network Posts Extended plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-36535 (The embedded web server lacks authentication and access controls, allo ...)
 	TODO: check
 CVE-2025-2261 (Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data t ...)
@@ -177,7 +177,7 @@ CVE-2024-42922 (AAPanel v7.0.7 was discovered to contain an OS command injection
 CVE-2024-23337 (jq is a command-line JSON processor. In versions up to and including 1 ...)
 	TODO: check
 CVE-2024-12561 (The Affiliate Sales in Google Analytics and other tools plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-40775 (When an incoming DNS protocol message includes a Transaction Signature ...)
 	- bind9 1:9.20.9-1
 	[bookworm] - bind9 <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e000b111fe92a9c1db2116bfd0c26fc67b218202

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e000b111fe92a9c1db2116bfd0c26fc67b218202
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250521/d1a4e3d3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list