[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 20 21:16:12 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c7b7d3f by security tracker role at 2025-08-20T20:16:01+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-9246 (A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE700 ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2025-9245 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500 ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2025-9244 (A security vulnerability has been detected in Linksys RE6250, RE6300,  ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2025-9241 (A weakness has been identified in elunez eladmin up to 2.7. This affec ...)
 	TODO: check
 CVE-2025-9240 (A security flaw has been discovered in elunez eladmin up to 2.7. Affec ...)
@@ -15,7 +15,7 @@ CVE-2025-9238 (A vulnerability was determined in Swatadru Exam-Seating-Arrangeme
 CVE-2025-9237 (A vulnerability was found in CodeAstro Ecommerce Website 1.0. This imp ...)
 	TODO: check
 CVE-2025-9236 (A vulnerability has been found in Portabilis i-Diario up to 2.10. This ...)
-	TODO: check
+	NOT-FOR-US: Portabilis
 CVE-2025-9235 (A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element ...)
 	TODO: check
 CVE-2025-9234 (A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected  ...)
@@ -29,7 +29,7 @@ CVE-2025-9228 (MiR software versions prior to version 3.0.0 have insufficient au
 CVE-2025-9173 (A weakness has been identified in Emlog Pro up to 2.5.18. This issue a ...)
 	TODO: check
 CVE-2025-9074 (A vulnerability was identified in Docker Desktop that allows local run ...)
-	TODO: check
+	NOT-FOR-US: Docker products not packaged in Debian
 CVE-2025-8612 (AOMEI Backupper Workstation Link Following Local Privilege Escalation  ...)
 	TODO: check
 CVE-2025-8611 (AOMEI Cyber Backup Missing Authentication for Critical Function Remote ...)
@@ -37,17 +37,17 @@ CVE-2025-8611 (AOMEI Cyber Backup Missing Authentication for Critical Function R
 CVE-2025-8610 (AOMEI Cyber Backup Missing Authentication for Critical Function Remote ...)
 	TODO: check
 CVE-2025-8453 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-8449 (CWE-400: Uncontrolled Resource Consumption vulnerability exists that c ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-8448 (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vu ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-8415 (A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP AP ...)
 	TODO: check
 CVE-2025-8309 (There is an improper privilege management vulnerability identified in  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-8102 (The Easy Digital Downloads plugin for WordPress is vulnerable to Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6183 (The StrongDM macOS client incorrectly processed JSON-formatted message ...)
 	TODO: check
 CVE-2025-6182 (The StrongDM Windows service incorrectly handled communication related ...)
@@ -63,13 +63,13 @@ CVE-2025-5260 (Server-Side Request Forgery (SSRF) vulnerability in Pik Online Ya
 CVE-2025-5115 (In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21,  ...)
 	TODO: check
 CVE-2025-57734 (In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-57733 (In JetBrains TeamCity before 2025.07.1 sMTP injection was possible all ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-57732 (In JetBrains TeamCity before 2025.07.1 privilege escalation was possib ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-57731 (In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-57730 (In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible v ...)
 	TODO: check
 CVE-2025-57729 (In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was ...)
@@ -81,33 +81,33 @@ CVE-2025-57727 (In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure
 CVE-2025-55751 (OnboardLite is the result of the Influx Initiative, our vision for an  ...)
 	TODO: check
 CVE-2025-55746 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2025-55732 (Frappe is a full-stack web application framework. Prior to 15.74.2 and ...)
 	TODO: check
 CVE-2025-55731 (Frappe is a full-stack web application framework. A carefully crafted  ...)
 	TODO: check
 CVE-2025-55503 (Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via th ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-55499 (Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overfl ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-55498 (Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overfl ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-55483 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the f ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-55482 (Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the f ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-55444 (A SQL injection vulnerability exists in the id2 parameter of the cance ...)
 	TODO: check
 CVE-2025-54927 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-54926 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-54925 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-54924 (CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-54923 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-54175 (QuickCMS.EXT is vulnerable to Reflected XSS in sFileNameparameter in t ...)
 	TODO: check
 CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in article creati ...)
@@ -115,9 +115,9 @@ CVE-2025-54174 (QuickCMS is vulnerable to Cross-Site Request Forgery in article
 CVE-2025-54172 (QuickCMS is vulnerable to Stored XSS in sTitleparameter in page editor ...)
 	TODO: check
 CVE-2025-51991 (XWiki through version 17.3.0 is vulnerable to Server-Side Template Inj ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-51990 (XWiki through version 17.3.0 is affected by multiple stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-50904 (There is an authentication bypass vulnerability in WinterChenS my-site ...)
 	TODO: check
 CVE-2025-50902 (Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Sho ...)
@@ -129,61 +129,61 @@ CVE-2025-50864 (An Origin Validation Error in the elysia-cors library thru 1.3.0
 CVE-2025-50503 (A vulnerability in the password reset workflow of the Touch Lebanon Mo ...)
 	TODO: check
 CVE-2025-47054 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46998 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46962 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46936 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46932 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46856 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46852 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46849 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-43757 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43750 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43749 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43748 (Insufficient CSRF protection for omni-administrator users in Liferay P ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43746 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43742 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43741 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-36114 (IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote at ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-32010 (A stack-based buffer overflow vulnerability exists in the Cloud API fu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-31355 (A firmware update vulnerability exists in the Firmware Signature Valid ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-30256 (A denial of service vulnerability exists in the HTTP Header Parsing fu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-28041 (Incorrect access control in the doFilter function of itranswarp up to  ...)
 	TODO: check
 CVE-2025-27129 (An authentication bypass vulnerability exists in the HTTP authenticati ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-24496 (An information disclosure vulnerability exists in the /goform/getprodu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-24322 (An unsafe default authentication vulnerability exists in the Initial S ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-20345 (A vulnerability in the debug logging function of Cisco Duo Authenticat ...)
 	TODO: check
 CVE-2025-20269 (A vulnerability in the web-based management interface of Cisco Evolved ...)
 	TODO: check
 CVE-2025-20131 (A vulnerability in the GUI of Cisco Identity Services Engine (ISE) cou ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-1142 (IBM Edge Application Manager 4.5 is vulnerable to server-side request  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-1139 (IBM Edge Application Manager 4.5 could allow a local user to read or m ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-57491 (Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allow ...)
 	TODO: check
 CVE-2024-57157 (Incorrect access control in Jantent v1.1 allows attackers to bypass au ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c7b7d3f468c369c04b2a7b433057df162ccafeb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c7b7d3f468c369c04b2a7b433057df162ccafeb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250820/c3848540/attachment.htm>

More information about the debian-security-tracker-commits mailing list