[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 18 21:13:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1c15fed by security tracker role at 2025-08-18T20:12:58+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2025-7693 (A security issue exists due to improper handling of malformed CIP Forw ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-55591 (TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a comm ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55590 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an com ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55589 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multip ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55588 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buff ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55587 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buff ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55586 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buff ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55585 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eva ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55584 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecu ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-55300 (Komari is a lightweight, self-hosted server monitoring tool designed t ...)
 	TODO: check
 CVE-2025-55299 (VaulTLS is a modern solution for managing mTLS (mutual TLS) certificat ...)
@@ -45,7 +45,7 @@ CVE-2025-55201 (Copier library and CLI app for rendering project templates. Prio
 CVE-2025-54421 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
 	TODO: check
 CVE-2025-54234 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54118 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
 	TODO: check
 CVE-2025-54117 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
@@ -53,31 +53,31 @@ CVE-2025-54117 (NamelessMC is a free, easy to use & powerful website software fo
 CVE-2025-4962 (An Insecure Direct Object Reference (IDOR) vulnerability was identifie ...)
 	TODO: check
 CVE-2025-47206 (An out-of-bounds write vulnerability has been reported to affect File  ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2025-43733 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43732 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43731 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-41242 (Spring Framework MVC applications can be vulnerable to a \u201cPath Tr ...)
 	TODO: check
 CVE-2025-3639 (Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 throug ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-36120 (IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authentic ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-33100 (IBM Concert Software 1.0.0 through 1.1.0   contains hard-coded credent ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-33090 (IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-32992 (Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Cont ...)
 	TODO: check
 CVE-2025-27909 (IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sh ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-1759 (IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-49827 (IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive da ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-9109 (A security flaw has been discovered in Portabilis i-Diario up to 1.5.0 ...)
 	NOT-FOR-US: Portabilis
 CVE-2025-9108 (Affected is an unknown function of the component Login Page. The manip ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1c15feda9f5d489d8eb549d7ce7b84dcd951557

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1c15feda9f5d489d8eb549d7ce7b84dcd951557
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250818/9ffa85a0/attachment.htm>

More information about the debian-security-tracker-commits mailing list