[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Mon Apr 21 21:13:04 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e617000 by security tracker role at 2025-04-21T20:12:57+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-43922 (The FileWave Windows client before 16.0.0, in some non-default c
 CVE-2025-43916 (Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpo ...)
 	TODO: check
 CVE-2025-3857 (When reading binary Ion data through Amazon.IonDotnet using the RawBin ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2025-3841 (A vulnerability, which was classified as problematic, was found in wix ...)
 	TODO: check
 CVE-2025-3840 (An improper neutralization of input vulnerability was identified in th ...)
@@ -19,7 +19,7 @@ CVE-2025-32431 (Traefik (pronounced traffic) is an HTTP reverse proxy and load b
 CVE-2025-32408 (In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam s ...)
 	TODO: check
 CVE-2025-2517 (Reference to Expired Domain Vulnerability in OpenText\u2122 ArcSight E ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-2298 (An improper authorization vulnerability in Dremio Software allows auth ...)
 	TODO: check
 CVE-2025-29660 (A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6. ...)
@@ -33,7 +33,7 @@ CVE-2025-29287 (An arbitrary file upload vulnerability in the ueditor component
 CVE-2025-28367 (mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterIm ...)
 	TODO: check
 CVE-2025-28121 (code-projects Online Exam Mastering System 1.0 is vulnerable to Cross  ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-28104 (Incorrect access control in laskBlog v2.6.1 allows attackers to access ...)
 	TODO: check
 CVE-2025-28103 (Incorrect access control in laskBlog v2.6.1 allows attackers to arbitr ...)
@@ -43,7 +43,7 @@ CVE-2025-28102 (A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 a
 CVE-2025-28099 (opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/v ...)
 	TODO: check
 CVE-2025-27086 (A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI coul ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2025-23174 (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor)
 	TODO: check
 CVE-2024-57394 (The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Securi ...)
@@ -53,11 +53,11 @@ CVE-2024-42699 (Cross Site Scripting vulnerability in Create/Modify article func
 CVE-2024-41446 (A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v ...)
 	TODO: check
 CVE-2024-12863 (Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25 ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-12862 (Incorrect Authorization vulnerability in the OpenText Content Server R ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-12543 (User Enumeration and Data Integrity in Barcode functionality in OpenTe ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-40446
 	- mimetex <unfixed> (bug #1103801)
 	NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6170003a18a7024b1f976579fd9936051679fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6170003a18a7024b1f976579fd9936051679fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/ac388fe9/attachment-0001.htm>
