[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 4 20:13:58 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
080841a2 by security tracker role at 2025-12-04T20:13:47+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-9127 (A vulnerability exists in PX Enterprise whereby sensitive information  ...)
-	TODO: check
+	NOT-FOR-US: Pure Storage
 CVE-2025-8074 (Origin validation error vulnerability in BeeDrive in Synology BeeDrive ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-66516 (Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2 ...)
 	TODO: check
 CVE-2025-66373 (Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunke ...)
@@ -55,11 +55,11 @@ CVE-2025-54304 (An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2
 CVE-2025-54303 (The Thermo Fisher Torrent Suite Django application 5.18.1 has weak def ...)
 	TODO: check
 CVE-2025-54160 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-54159 (Missing authorization vulnerability in BeeDrive in Synology BeeDrive f ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-54158 (Missing authentication for critical function vulnerability in BeeDrive ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-53963 (An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS100 ...)
 	TODO: check
 CVE-2025-41080 (A stored Cross-Site Scripting (XSS) vulnerability has been found in Se ...)
@@ -67,15 +67,15 @@ CVE-2025-41080 (A stored Cross-Site Scripting (XSS) vulnerability has been found
 CVE-2025-41079 (A stored Cross-Site Scripting (XSS) vulnerability has been found in Se ...)
 	TODO: check
 CVE-2025-2848 (A vulnerability in Synology Mail Server allows remote authenticated at ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-29846 (A vulnerability in portenable cgi allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-29845 (A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticat ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-29844 (A vulnerability in FileStation file cgi allows remote authenticated us ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-29843 (A vulnerability in FileStation thumb cgi allows remote authenticated u ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-29269 (ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command inje ...)
 	TODO: check
 CVE-2025-29268 (ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credential ...)
@@ -105,17 +105,17 @@ CVE-2025-14005 (A weakness has been identified in dayrui XunRuiCMS up to 4.7.1.
 CVE-2025-14004 (A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. A ...)
 	TODO: check
 CVE-2025-13488 (Due to a regression introduced in version 3.83.0, a security header is ...)
-	TODO: check
+	NOT-FOR-US: Sonatype
 CVE-2025-12097 (There is a relative path traversal vulnerability in the NI System Web  ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2025-11222 (Central Dogma versions before 0.78.0 contain an Open Redirect vulnerab ...)
 	TODO: check
 CVE-2024-5401 (Improper control of dynamically-managed code resources vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-45539 (Out-of-bounds write vulnerability in cgi components in Synology DiskSt ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-45538 (Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2025-40266 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 6.17.10-1
 	NOTE: https://git.kernel.org/linus/103e17aac09cdd358133f9e00998b75d6c1f1518 (6.18-rc6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080841a2698c7e34577d1d856746fdcbbe22b655

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080841a2698c7e34577d1d856746fdcbbe22b655
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251204/5e93ce8f/attachment.htm>

More information about the debian-security-tracker-commits mailing list