[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 7 08:14:10 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55388ab4 by security tracker role at 2026-01-07T08:14:04+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2026-21492 (iccDEV provides a set of libraries and tools that allow for the
 CVE-2026-20893 (Origin validation error issue exists in Fujitsu Security Solution Auth ...)
 	TODO: check
 CVE-2026-0656 (The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0650 (OpenFlagr versions prior to and including 1.1.18 contain an authentica ...)
 	TODO: check
 CVE-2026-0649 (A security vulnerability has been detected in invoiceninja up to 5.12. ...)
@@ -29,59 +29,59 @@ CVE-2026-0642 (A vulnerability was detected in projectworlds House Rental and Pr
 CVE-2025-9611 (Microsoft Playwright MCP Server versions prior to 0.0.40 fails to vali ...)
 	TODO: check
 CVE-2025-47396 (Memory corruption occurs when a secure application is launched on a de ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47395 (Transient DOS while parsing a WLAN management frame with a Vendor Spec ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47394 (Memory corruption when copying overlapping buffers during memory opera ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47393 (Memory corruption when accessing resources in kernel driver.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47388 (Memory corruption while passing pages to DSP with an unaligned startin ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47380 (Memory corruption while preprocessing IOCTLs in sensors.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47369 (Information disclosure when a weak hashed value is returned to userlan ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47356 (Memory Corruption when multiple threads concurrently access and modify ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47348 (Memory corruption while processing identity credential operations in t ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47346 (Memory corruption while processing a secure logging command in the tru ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47345 (Cryptographic issue may occur while encrypting license data.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47344 (Memory corruption while handling sensor utility operations.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47343 (Memory corruption while processing a video session to set video parame ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47339 (Memory corruption while deinitializing a HDCP session.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47337 (Memory corruption while accessing a synchronization object during conc ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47336 (Memory corruption while performing sensor register read operations.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47335 (Memory corruption while parsing clock configuration data for a specifi ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47334 (Memory corruption while processing shared command buffer packet betwee ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47333 (Memory corruption while handling buffer mapping operations in the cryp ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47332 (Memory corruption while processing a config call from userspace.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47331 (Information disclosure while processing a firmware event.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-47330 (Transient DOS while parsing video packets received from the video firm ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-31964 (Improper service binding configuration in internal service components  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31963 (Improper authentication and missing CSRF protection in the local setup ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31962 (Insufficient session expiration in the Web UI authentication component ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31051 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30996 (Unrestricted Upload of File with Dangerous Type vulnerability in Themi ...)
 	TODO: check
 CVE-2025-30631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -91,73 +91,73 @@ CVE-2025-29004 (Incorrect Privilege Assignment vulnerability in AA-Team Premium
 CVE-2025-15474 (AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 con ...)
 	TODO: check
 CVE-2025-15472 (A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2025-15471 (A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted  ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2025-14904 (The Newsletter Email Subscribe plugin for WordPress is vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14901 (The Bit Form \u2013 Contact Form Plugin plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14891 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14888 (The Simple User Meta Editor plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14887 (The twinklesmtp \u2013 Email Service Provider For WordPress plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14875 (The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14867 (The Flashcard plugin for WordPress is vulnerable to Path Traversal in  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14845 (The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14842 (The Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14835 (The WP Photo Album Plus plugin for WordPress is vulnerable to Reflecte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14804 (The Frontend File Manager Plugin WordPress plugin before 23.5 did not  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14802 (The LearnPress \u2013 WordPress LMS Plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14792 (The Key Figures plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14719 (The Relevanssi  WordPress plugin before 4.26.0, Relevanssi Premium Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14631 (A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(80 ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-14625 (Uncontrolled Search Path Element vulnerability in Altera Quartus Prime ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-14614 (Insecure Temporary File vulnerability in Altera Quartus Prime Standard ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-14612 (Insecure Temporary File vulnerability in Altera Quartus Prime Pro  Ins ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-14605 (Uncontrolled Search Path Element vulnerability in Altera Quartus Prime ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-14599 (Uncontrolled Search Path Element vulnerability in Altera Quartus Prime ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-14596 (Uncontrolled Search Path Element vulnerability in Altera Quartus Prime ...)
-	TODO: check
+	NOT-FOR-US: Altera
 CVE-2025-14468 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14370 (The Quote Comments plugin for WordPress is vulnerable to Missing Autho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14059 (The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13744 (An Improper Neutralization of Input During Web Page Generation vulnera ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2025-13657 (The HelpDesk contact form plugin for WordPress is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13371 (The MoneySpace plugin for WordPress is vulnerable to Sensitive Informa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13369 (The Premmerce WooCommerce Customers Manager plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12648 (The WP-Members Membership Plugin for WordPress is vulnerable to unauth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12449 (The aBlocks \u2013 WordPress Gutenberg Blocks plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11235 (Unverified Password Change vulnerability in Progress MOVEit Transfer o ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2025-0980 (Nokia SR Linux is vulnerable to an authentication vulnerability allowi ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2024-14020 (A weakness has been identified in carboneio carbone up to fbcd349077ad ...)
 	TODO: check
 CVE-2025-15224 [libssh key passphrase bypass without agent set]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55388ab4bf5d237e49ff9c48ac970815448dc832

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55388ab4bf5d237e49ff9c48ac970815448dc832
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260107/9bd03d27/attachment.htm>

More information about the debian-security-tracker-commits mailing list