[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 18 08:13:40 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f53b6b8 by security tracker role at 2025-11-18T08:13:33+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
 CVE-2025-8727 (There is a vulnerability in the Supermicro BMC web function at Supermi ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2025-8693 (A post-authentication command injection vulnerability in the "priv" pa ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2025-8404 (Stack buffer overflow vulnerability exists in the Supermicro BMC Share ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2025-8076 (There is a vulnerability in the Supermicro BMC web function at Supermi ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2025-7711 (The The Classified Listing \u2013 Classified ads & Business Directory  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7623 (Stack-based buffer overflow in the SMASH-CLP shell. An authenticated a ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2025-6599 (An uncontrolled resource consumption vulnerability in the web server o ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2025-64766 (NixOS's Onlyoffice is a software suite that offers online and offline  ...)
 	TODO: check
 CVE-2025-64734 (Missing Release of Resource after Effective Lifetime (CWE-772) in the  ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2025-52578 (Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335)  ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2025-52457 (Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an a ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2025-48593 (In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-36553 (A buffer overflow vulnerability exists in the CvManager functionality  ...)
 	TODO: check
 CVE-2025-36463 (Multiple out-of-bounds read and write vulnerabilities exist in the Con ...)
@@ -33,11 +33,11 @@ CVE-2025-36461 (Multiple out-of-bounds read and write vulnerabilities exist in t
 CVE-2025-36460 (Multiple out-of-bounds read and write vulnerabilities exist in the Con ...)
 	TODO: check
 CVE-2025-36357 (IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36299 (IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive inf ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36118 (IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation all ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-32089 (A buffer overflow vulnerability exists in the CvManager_SBI functional ...)
 	TODO: check
 CVE-2025-31649 (A hard-coded password vulnerability exists in the ControlVault WBDI Dr ...)
@@ -45,23 +45,23 @@ CVE-2025-31649 (A hard-coded password vulnerability exists in the ControlVault W
 CVE-2025-31361 (A privilege escalation vulnerability exists in the ControlVault WBDI D ...)
 	TODO: check
 CVE-2025-13325 (A vulnerability was determined in itsourcecode Student Information Sys ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-13323 (A security flaw has been discovered in code-projects Simple Pizza Orde ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-13306 (A security vulnerability has been detected in D-Link DWR-M920, DWR-M92 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-13305 (A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-13304 (A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR- ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-13303 (A vulnerability was determined in code-projects Courier Management Sys ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-13302 (A vulnerability was identified in code-projects Courier Management Sys ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-13301 (A vulnerability was found in itsourcecode Web-Based Internet Laborator ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-13300 (A vulnerability has been found in itsourcecode Web-Based Internet Labo ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-13230 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
 	TODO: check
 CVE-2025-13229 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
@@ -73,17 +73,17 @@ CVE-2025-13227 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 all
 CVE-2025-13226 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
 	TODO: check
 CVE-2025-12974 (The Gravity Forms plugin for WordPress is vulnerable to arbitrary file ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12792 (The Mac App Store distribution of the Canva for Mac desktop app before ...)
 	TODO: check
 CVE-2025-12524 (The Post Type Switcher plugin for WordPress is vulnerable to Insecure  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11267 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11265 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10089 (Malicious Code Execution Vulnerability in Setting and Operation Applic ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2025-13223 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed  ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f53b6b8220ace51fbb1e6431995c39aaf75c03d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f53b6b8220ace51fbb1e6431995c39aaf75c03d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251118/9fef0c65/attachment.htm>

More information about the debian-security-tracker-commits mailing list