[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 19 21:13:25 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82f2b408 by security tracker role at 2025-09-19T20:13:18+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,23 +13,23 @@ CVE-2025-8664 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2025-8532 (Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing  ...)
 	TODO: check
 CVE-2025-8531 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2025-8487 (The Kubio AI Page Builder plugin for WordPress is vulnerable to unauth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7937 (There is a vulnerability in the Supermicro BMC firmware validation log ...)
 	TODO: check
 CVE-2025-7702 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
 	TODO: check
 CVE-2025-7665 (The Miniorange OTP Verification with Firebase plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7403 (Unsafe handling in bt_conn_tx_processor causes a use-after-free, resul ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-6198 (There is a vulnerability in the Supermicro BMC firmware validation log ...)
 	TODO: check
 CVE-2025-5955 (The Service Finder SMS System plugin for WordPress is vulnerable to au ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5948 (The Service Finder Bookings plugin for WordPress is vulnerable to priv ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-59717 (In the @digitalocean/do-markdownit package through 1.16.1 (in npm), th ...)
 	TODO: check
 CVE-2025-59715 (SMSEagle before 6.11 allows reflected XSS via a username or contact ph ...)
@@ -81,11 +81,11 @@ CVE-2025-57880 (Improper Encoding or Escaping of Output vulnerability in Hallo W
 CVE-2025-57644 (Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabi ...)
 	TODO: check
 CVE-2025-57528 (An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_T ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57396 (Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable t ...)
 	TODO: check
 CVE-2025-57296 (Tenda AC6 router firmware 15.03.05.19 contains a command injection vul ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57295 (H3C devices running firmware version NX15V100R015 are vulnerable to un ...)
 	TODO: check
 CVE-2025-57293 (A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) ...)
@@ -131,11 +131,11 @@ CVE-2025-47698 (An adjacent attacker without authentication can exploit this vul
 CVE-2025-46703 (Improper Encoding or Escaping of Output vulnerability in Hallo Welt! G ...)
 	TODO: check
 CVE-2025-43809 (Cross-Site Request Forgery (CSRF) vulnerability in the server (license ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43803 (Insecure direct object reference (IDOR) vulnerability in the Contacts  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-36248 (IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-34206 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Applic ...)
 	TODO: check
 CVE-2025-34205 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
@@ -177,13 +177,13 @@ CVE-2025-30755 (OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue
 CVE-2025-30519 (Dover Fueling Solutions ProGauge MagLink LX4 Deviceshave default root  ...)
 	TODO: check
 CVE-2025-26517 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 11.8.0. ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2025-26516 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 11.8.0. ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2025-26515 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 11.8.0. ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2025-26514 (StorageGRID (formerly  StorageGRID Webscale) versions prior to 11.8.0. ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2025-10722 (A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. ...)
 	TODO: check
 CVE-2025-10721 (A vulnerability was determined in Webull Investing & Trading App 11.2. ...)
@@ -211,27 +211,27 @@ CVE-2025-10708 (A security vulnerability has been detected in Four-Faith Water C
 CVE-2025-10707 (A weakness has been identified in JeecgBoot up to 3.8.2. Affected is a ...)
 	TODO: check
 CVE-2025-10690 (The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10689 (A vulnerability was identified in D-Link DIR-645 105B01. This issue af ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-10647 (The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10630 (Grafana is an open-source platform for monitoring and observability.Gr ...)
 	TODO: check
 CVE-2025-10568 (HyperX NGENUITY software is potentially vulnerable to arbitrary code e ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2025-10468 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	TODO: check
 CVE-2025-10458 (Parameters are not validated or sanitized, and are later used in vario ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-10457 (The function responsible for handling BLE connection responses does no ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-10456 (A vulnerability was identified in the handling of Bluetooth Low Energy ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-10146 (The Download Manager plugin for WordPress is vulnerable to Reflected C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10035 (A deserialization vulnerability in the License Servlet of Fortra's GoA ...)
-	TODO: check
+	NOT-FOR-US: Fortra
 CVE-2024-13990 (MicroWorld eScan AV's update mechanism failed to ensure authenticity a ...)
 	TODO: check
 CVE-2022-4980 (General Bytes Crypto Application Server (CAS) beginning with version 2 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82f2b4088c628f8e49324596e4ea0c14cecacd6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82f2b4088c628f8e49324596e4ea0c14cecacd6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250919/ddf30741/attachment.htm>

More information about the debian-security-tracker-commits mailing list