[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 4 21:14:29 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe0fd6da by security tracker role at 2025-09-04T20:14:22+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-9636 (pgAdmin <= 9.7 is affected by a  Cross-Origin Opener Policy (COOP) vul ...)
 	TODO: check
 CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site Request For ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8311 (dotCMS versions24.03.22 and after, identified a Boolean-based blind SQ ...)
 	TODO: check
 CVE-2025-7388 (It was possible to perform Remote Command Execution (RCE) via Java RMI ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2025-7385 (Input from search query parameter in GOV CMS is not sanitized properly ...)
 	TODO: check
 CVE-2025-6984 (The langchain-ai/langchain project, specifically the EverNoteLoader co ...)
@@ -13,13 +13,13 @@ CVE-2025-6984 (The langchain-ai/langchain project, specifically the EverNoteLoad
 CVE-2025-6785 (Securing externally available CAN wires can easily allow physical acce ...)
 	TODO: check
 CVE-2025-6085 (The Make Connector plugin for WordPress is vulnerable to arbitrary fil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-58361 (Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and  ...)
 	TODO: check
 CVE-2025-58353 (Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and  ...)
 	TODO: check
 CVE-2025-57576 (PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scri ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-57263 (An authenticated SQL injection vulnerability in VX Guestbook 1.07 allo ...)
 	TODO: check
 CVE-2025-48581 (In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to  ...)
@@ -199,9 +199,9 @@ CVE-2025-32321 (In isSafeIntent of AccountTypePreferenceLoader.java, there is a
 CVE-2025-32312 (In createIntentsList of PackageParser.java , there is a possible way t ...)
 	TODO: check
 CVE-2025-2694 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 thro ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-2667 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 thro ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-2411 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
 	TODO: check
 CVE-2025-26464 (In executeAppFunction of AppSearchManagerService.java, there is a poss ...)
@@ -279,7 +279,7 @@ CVE-2025-26420 (In multiple functions of GrantPermissionsActivity.java , there i
 CVE-2025-26419 (In initPhoneSwitch of SystemSettingsFragment.java, there is a possible ...)
 	TODO: check
 CVE-2025-25048 (IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 i ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-23302 (NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of ...)
 	TODO: check
 CVE-2025-23301 (NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of ...)
@@ -319,11 +319,11 @@ CVE-2024-49731 (In apk-versions.txt, there is a possible corruption of telemetry
 CVE-2024-49714 (In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds w ...)
 	TODO: check
 CVE-2024-43184 (IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 i ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-40664 (In setupAccessibilityServices of AccessibilityFragment.java , there is ...)
 	TODO: check
 CVE-2024-34598 (Improper export of component in GoodLock prior to version 2.2.04.95 al ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2024-13073 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2023-35657 (In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bou ...)
@@ -272243,7 +272243,7 @@ CVE-2022-39890 (Improper Authorization in Samsung Billing prior to version 5.0.5
 CVE-2022-39889 (Improper access control vulnerability in GalaxyWatch4Plugin prior to v ...)
 	NOT-FOR-US: Samsung
 CVE-2022-39888 (Improper access control vulnerability in retrieveExternalProxy in Misc ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2022-39887 (Improper access control vulnerability in clearAllGlobalProxy in MiscPo ...)
 	NOT-FOR-US: Samsung
 CVE-2022-39886 (Improper access control vulnerability in IpcRxServiceModeBigDataInfo i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe0fd6da4e02402d166a61f54f2b94615f7c541e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe0fd6da4e02402d166a61f54f2b94615f7c541e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250904/8321c26a/attachment.htm>

More information about the debian-security-tracker-commits mailing list