[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b29fcb48 by security tracker role at 2025-09-12T08:12:45+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2025-9881 (The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9880 (The Side Slide Responsive Menu plugin for WordPress is vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9879 (The Spotify Embed Creator plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9877 (The Embed Google Datastudio plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9807 (The The Events Calendar plugin for WordPress is vulnerable to time-bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8575 (The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8280 (The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-58781 (WTW-EAGLE App does not properly validate server certificates, which ma ...)
 	TODO: check
 CVE-2025-58754 (Axios is a promise based HTTP client for the browser and Node.js. When ...)
@@ -21,17 +21,17 @@ CVE-2025-55319 (Ai command injection in Agentic AI and Visual Studio Code allows
 CVE-2025-4974
 	REJECTED
 CVE-2025-43789 (JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Lifer ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43788 (The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, a ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-3650 (The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox l ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-36222 (IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0,  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-21043 (Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-21042 (Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-10298
 	REJECTED
 CVE-2025-10291 (A weakness has been identified in linlinjava litemall up to 1.8.0. Thi ...)
@@ -57,7 +57,7 @@ CVE-2025-10272 (A vulnerability was determined in erjinzhi 10OA 1.0. Affected is
 CVE-2025-10271 (A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknow ...)
 	TODO: check
 CVE-2025-10269 (The Spirit Framework plugin for WordPress is vulnerable to Local File  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9319 (A potential vulnerability was reported in the Lenovo Wallpaper Client  ...)
 	NOT-FOR-US: Lenovo
 CVE-2025-9214 (A missing authentication vulnerability was reported in some Lenovo pri ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b29fcb484080645194b93dc7c03e21815be2984f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b29fcb484080645194b93dc7c03e21815be2984f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250912/bc868e39/attachment.htm>