[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Mon Dec 1 20:13:40 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f97edde5 by security tracker role at 2025-12-01T20:13:33+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2025-61228 (An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a
 CVE-2025-59789 (Uncontrolled recursion in the json2pb component in Apache bRPC (versio ...)
 	TODO: check
 CVE-2025-58408 (Software installed and run as a non-privileged user may conduct improp ...)
-	TODO: check
+	NOT-FOR-US: Imagination Technologies
 CVE-2025-57489 (Incorrect access control in the SDAgent component of Shirt Pocket Supe ...)
 	TODO: check
 CVE-2025-55222 (A denial of service vulnerability exists in the Modbus TCP and Modbus  ...)
@@ -93,11 +93,11 @@ CVE-2025-49643 (An authenticated Zabbix user (including Guest) is able to cause
 CVE-2025-49642 (Library loading on AIX Zabbix Agent builds can be hijacked by local us ...)
 	TODO: check
 CVE-2025-41739 (An unauthenticated remote attacker, who beats a race condition, can ex ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2025-41738 (An unauthenticated remote attacker may cause the visualisation server  ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2025-41700 (An unauthenticated attacker can trick a local user into executing arbi ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2025-41070 (Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clicked ...)
 	TODO: check
 CVE-2025-3500 (Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1. ...)
@@ -119,7 +119,7 @@ CVE-2025-13837 (When loading a plist file, the plistlib module reads data in siz
 CVE-2025-13836 (When reading an HTTP response from a server, if no read amount is spec ...)
 	TODO: check
 CVE-2025-13835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-13829 (Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurv ...)
 	TODO: check
 CVE-2025-13819 (Open redirect in the web server component of MiR Robot and Fleet softw ...)
@@ -137,7 +137,7 @@ CVE-2025-13129 (Improper Enforcement of Behavioral Workflow vulnerability in Sen
 CVE-2025-12756 (Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 1 ...)
 	TODO: check
 CVE-2025-11772 (A carefully crafted DLL, copied to   C:\ProgramData\Synaptics   folder ...)
-	TODO: check
+	NOT-FOR-US: Synaptics
 CVE-2025-11699 (nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate s ...)
 	TODO: check
 CVE-2025-10101 (Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f97edde59c8c33e5c6ed928a491cc7287bb6cef6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f97edde59c8c33e5c6ed928a491cc7287bb6cef6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251201/f2c3bd46/attachment.htm>
