[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Tue Nov 4 20:14:08 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5530504a by security tracker role at 2025-11-04T20:13:59+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2025-64322 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2025-64321 (Improper Neutralization of Input Used for LLM Prompting vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2025-64320 (Improper Neutralization of Input Used for LLM Prompting vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2025-64319 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2025-64318 (Improper Neutralization of Input Used for LLM Prompting vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2025-63294 (WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Inse ...)
 	TODO: check
 CVE-2025-61956 (Radiometrics VizAir is vulnerable to a lack of authentication mechanis ...)
@@ -81,19 +81,19 @@ CVE-2025-23358 (NVIDIA NVApp for Windows contains a vulnerability in the install
 CVE-2025-12695 (The overly permissive sandbox configuration in DSPy allows attackers t ...)
 	TODO: check
 CVE-2025-12682 (The Easy Upload Files During Checkout plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12493 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12184 (The MeetingList plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12108 (The Survision LPR Camera system does not enforce password protection b ...)
 	TODO: check
 CVE-2025-12045 (The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11690 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
 	TODO: check
 CVE-2025-10875 (Improper Neutralization of Input Used for LLM Prompting vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2025-XXXX [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization]
 	- keystone <unfixed> (bug #1120053)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/11/04/2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5530504aad1c3788470d2864d92c8a091f32025d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5530504aad1c3788470d2864d92c8a091f32025d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251104/541b99a0/attachment.htm>
