[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 10 21:14:27 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af31bda9 by security tracker role at 2025-09-10T20:14:20+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2025-9997 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-9996 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-9979 (The Maspik plugin for WordPress is vulnerable to Missing Authorization ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9888 (The Maspik \u2013 Ultimate Spam Protection plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9857 (The Heateor Login \u2013 Social Login Plugin plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9622 (The WP Blast | SEO & Performance Booster plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9463 (The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9367 (The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8778 (The NitroPack plugin for WordPress is vulnerable to unauthorized modif ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8696 (If an unauthenticated user sends a large amount of data to the Stork U ...)
 	TODO: check
 CVE-2025-8681 (Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stor ...)
 	TODO: check
 CVE-2025-8388 (The PowerPack Elementor Addons (Free Widgets, Extensions and Templates ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7843 (The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7826 (The Testimonial plugin for WordPress is vulnerable to SQL Injection vi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7746 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-7718 (The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7049 (The WPGYM - Wordpress Gym Management System plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6189 (The Duplicate Page and Post plugin for WordPress is vulnerable to time ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-59049 (Mockoon provides way to design and run mock APIs. Prior to version 9.2 ...)
 	TODO: check
 CVE-2025-59046 (The npm package `interactive-git-checkout` is an interactive command-l ...)
@@ -75,25 +75,25 @@ CVE-2025-58448 (rAthena is an open-source cross-platform massively multiplayer o
 CVE-2025-58447 (rAthena is an open-source cross-platform massively multiplayer online  ...)
 	TODO: check
 CVE-2025-58135 (Improper action enforcement in certain Zoom Workplace Clients for Wind ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-58134 (Incorrect authorization in certain Zoom Workplace Clients for Windows  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-58131 (Race condition in the Zoom Workplace VDI Plugin macOS Universal instal ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-57642 (A Shell Upload vulnerability in Tourism Management System 2.0 allows a ...)
 	TODO: check
 CVE-2025-57633 (A command injection vulnerability in FTP-Flask-python through 5173b68  ...)
 	TODO: check
 CVE-2025-57573 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57572 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57571 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57570 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57569 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57520 (A Cross Site Scripting (XSS) vulnerability exists in Decap CMS thru 3. ...)
 	TODO: check
 CVE-2025-57392 (BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The  ...)
@@ -113,27 +113,27 @@ CVE-2025-56405 (An issue was discovered in litmusautomation litmus-mcp-server th
 CVE-2025-56404 (An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gai ...)
 	TODO: check
 CVE-2025-55976 (Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via  ...)
-	TODO: check
+	NOT-FOR-US: Intelbras
 CVE-2025-54376 (Hoverfly is an open source API simulation tool. In versions 1.11.3 and ...)
 	TODO: check
 CVE-2025-54260 (Substance3D - Modeler versions 1.22.2 and earlier are affected by an o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54259 (Substance3D - Modeler versions 1.22.2 and earlier are affected by an I ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54258 (Substance3D - Modeler versions 1.22.2 and earlier are affected by a Us ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54245 (Substance3D - Viewer versions 0.25.1 and earlier are affected by an ou ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54244 (Substance3D - Viewer versions 0.25.1 and earlier are affected by a Hea ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54243 (Substance3D - Viewer versions 0.25.1 and earlier are affected by an ou ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54241 (After Effects versions 25.3, 24.6.7 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54240 (After Effects versions 25.3, 24.6.7 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54239 (After Effects versions 25.3, 24.6.7 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54123 (Hoverfly is an open source API simulation tool. In versions 1.11.3 and ...)
 	TODO: check
 CVE-2025-54084 (OS Command ('OS Command Injection') vulnerability in Calix GigaCenter  ...)
@@ -143,39 +143,39 @@ CVE-2025-54083 (Insecure Storage of Sensitive Information vulnerability in Calix
 CVE-2025-50892 (The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Back ...)
 	TODO: check
 CVE-2025-49461 (Cross-site scripting in certain Zoom Workplace Clients may allow an un ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-49460 (Uncontrolled resource consumption in certain Zoom Workplace Clients ma ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-49459 (Missing authorization in the installer for Zoom Workplace for Windows  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-49458 (Buffer overflow in certain Zoom Workplace Clients may allow an authent ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2025-44595 (Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) i ...)
 	TODO: check
 CVE-2025-44593 (Halo prior to 2.20.13 allows bypassing file type detection and uploadi ...)
 	TODO: check
 CVE-2025-43938 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43888 (Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, c ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43887 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43886 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43885 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43884 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43785 (Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4. ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43784 (Improper Access Control vulnerability in Liferay Portal  7.4.0 through ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43783 (Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7 ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43725 (Dell PowerProtect Data Manager, Generic Application Agent, version(s)  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43491 (A vulnerability in the Poly Lens Desktop application running on the Wi ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2025-41714 (The upload endpoint insufficiently validates the 'Upload-Key' request  ...)
 	TODO: check
 CVE-2025-40979 (DLL search order hijacking vulnerability in the wave.exe executable fo ...)
@@ -205,11 +205,11 @@ CVE-2025-23343 (The NVIDIA NVDebug tool contains a vulnerability that may allow
 CVE-2025-23342 (The NVIDIA NVDebug tool contains a vulnerability that may allow an act ...)
 	TODO: check
 CVE-2025-20340 (A vulnerability in the Address Resolution Protocol (ARP) implementatio ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20248 (A vulnerability in the installation process of Cisco IOS XR Software c ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20159 (A vulnerability in the management interface access control list (ACL)  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-10231 (An Incorrect File Handling Permission bug exists on the N-central Wind ...)
 	TODO: check
 CVE-2025-10227 (Missing Encryption of Sensitive Data (CWE-311) in the Object Archive c ...)
@@ -255,23 +255,23 @@ CVE-2025-10170 (A security vulnerability has been detected in UTT 1200GW up to 3
 CVE-2025-10169 (A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affec ...)
 	TODO: check
 CVE-2025-10159 (An authentication bypass vulnerability allows remote attackers to gain ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2025-10142 (The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10126 (The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10049 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10040 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10001 (The Import any XML, CSV or Excel File to WordPress plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-47120 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-45671 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-45669 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-6769
 	- gitlab <unfixed>
 CVE-2025-10094



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af31bda9703dfe0e7f8b91459ed8ad5ee5ab3679

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af31bda9703dfe0e7f8b91459ed8ad5ee5ab3679
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250910/7ff7f25c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list