[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Thu Oct 16 09:13:39 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c673d17f by security tracker role at 2025-10-16T08:13:31+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2025-62584 (Whale browser before 4.33.325.17 allows an attacker to bypass th
 CVE-2025-62583 (Whale Browser before 4.33.325.17 allows an attacker to escape the ifra ...)
 	TODO: check
 CVE-2025-62580 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2025-62579 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2025-58778 (Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH ...)
 	TODO: check
 CVE-2025-55091 (In NetX Duo before 6.4.4, the networking support module for Eclipse Fo ...)
@@ -19,13 +19,13 @@ CVE-2025-55089 (In FileX before 6.4.2, the file support module for Eclipse Found
 CVE-2025-55084 (In NetX Duo version before 6.4.4, the component of Eclipse Foundation  ...)
 	TODO: check
 CVE-2025-43313 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-43282 (A double free issue was addressed with improved memory management. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-43281 (The issue was addressed with improved authentication. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-43280 (The issue was resolved by not loading remote images This issue is fixe ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-41021 (Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consistin ...)
 	TODO: check
 CVE-2025-41020 (Insecure direct object reference (IDOR) vulnerability in Sergestec's E ...)
@@ -35,21 +35,21 @@ CVE-2025-41019 (SQL injection in Sergestec's SISTICK v7.2. This vulnerability al
 CVE-2025-41018 (SQL injection in Sergestec's Exito v8.0. This vulnerability allows an  ...)
 	TODO: check
 CVE-2025-11814 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10850 (The Felan Framework plugin for WordPress is vulnerable to improper aut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10849 (The Felan Framework plugin for WordPress is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10742 (The Truelysell Core plugin for WordPress is vulnerable to Arbitrary Us ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10706 (The Classified Pro theme for WordPress is vulnerable to unauthorized p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10700 (The Ally \u2013 Web Accessibility & Usability plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0275 (HCL BigFix Mobile 3.3 and earlier is affected by improper access contr ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-0274 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-11683 (YAML::Syck versions before 1.36 for Perl has missing null-terminators  ...)
 	- libyaml-syck-perl 1.34-4
 	[trixie] - libyaml-syck-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c673d17f5679601a3aba6b7a1658f69516ce1676

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c673d17f5679601a3aba6b7a1658f69516ce1676
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/eedd64e5/attachment-0001.htm>
