[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 11 09:13:40 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e091ace by security tracker role at 2025-10-11T08:13:32+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2025-9560 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9554 (Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-9553 (Vulnerability in Drupal API Key manager.This issue affects API Key man ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-9552 (Vulnerability in Drupal Synchronize composer.Json With Contrib Modules ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-9551 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-9550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-9549 (Missing Authorization vulnerability in Drupal Facets allows Forceful B ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-9496 (The Enable Media Replace plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9196 (The Trinity Audio \u2013 Text to Speech AI audio player to convert con ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8093 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-62162 (cel-rust is a Common Expression Language interpreter written in Rust.  ...)
 	TODO: check
 CVE-2025-62159 (External Secrets Operator reads information from a third-party service ...)
@@ -31,45 +31,45 @@ CVE-2025-61912 (python-ldap is a lightweight directory access protocol (LDAP) cl
 CVE-2025-61911 (python-ldap is a lightweight directory access protocol (LDAP) client A ...)
 	TODO: check
 CVE-2025-58285 (Permission control vulnerability in the media module.Successful exploi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-58284 (Permission control vulnerability in the network module.Successful expl ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-58283 (Permission control vulnerability in the Wi-Fi module.Successful exploi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-58282 (Permission control vulnerability in the camera module.Successful explo ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-58278 (Identity authentication bypass vulnerability in the Gallery app.Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-58277 (Permission verification bypass vulnerability in the Camera app.Success ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-54654 (Permission control vulnerability in the Gallery module. Successful exp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-52885 (Poppler ia a library for rendering PDF files, and examining or modifyi ...)
 	TODO: check
 CVE-2025-52647 (The BigFix WebUI application responds with HOST information from the H ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31718 (In modem, there is a possible system crash due to improper input valid ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2025-31717 (In modem, there is a possible system crash due to improper input valid ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2025-11626 (MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to ...)
 	TODO: check
 CVE-2025-11593 (A flaw has been found in CodeAstro Gym Management System 1.0. This vul ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-11592 (A vulnerability was detected in CodeAstro Gym Management System 1.0. T ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-11591 (A security vulnerability has been detected in CodeAstro Gym Management ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-11590 (A weakness has been identified in CodeAstro Gym Management System 1.0. ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-11589 (A security flaw has been discovered in CodeAstro Gym Management System ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-11588 (A vulnerability was identified in CodeAstro Gym Management System 1.0. ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-11586 (A vulnerability was determined in Tenda AC7 15.03.06.44. This affects  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-11585 (A vulnerability was found in code-projects Project Monitoring System 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-11584 (A vulnerability has been found in code-projects Online Job Search Engi ...)
 	TODO: check
 CVE-2025-11583 (A flaw has been found in code-projects Online Job Search Engine 1.0. I ...)
@@ -77,15 +77,15 @@ CVE-2025-11583 (A flaw has been found in code-projects Online Job Search Engine
 CVE-2025-11582 (A vulnerability was detected in code-projects Online Job Search Engine ...)
 	TODO: check
 CVE-2025-11533 (The WP Freeio plugin for WordPress is vulnerable to Privilege Escalati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11380 (The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11197 (The Draft List plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10185 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10048 (The My auctions allegro plugin for WordPress is vulnerable to SQL Inje ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8887 (Authorization Bypass Through User-Controlled Key, Missing Authorizatio ...)
 	TODO: check
 CVE-2025-8886 (Incorrect Permission Assignment for Critical Resource, Exposure of Sen ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e091acebe3fa9e9fdec0e50731afb5f6640ff62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e091acebe3fa9e9fdec0e50731afb5f6640ff62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251011/c35e0d92/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list