[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 8 20:13:36 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e07df32 by security tracker role at 2025-12-08T20:13:29+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
 CVE-2025-66461 (FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers ...)
 	TODO: check
 CVE-2025-66334 (Denial of service (DoS) vulnerability in the office service. Impact: S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66333 (Denial of service (DoS) vulnerability in the office service. Impact: S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66332 (Denial of service (DoS) vulnerability in the office service. Impact: S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66331 (Denial of service (DoS) vulnerability in the office service. Impact: S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66330 (App lock verification bypass vulnerability in the file management app. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66329 (Permission control vulnerability in the window management module. Impa ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66328 (Multi-thread race condition vulnerability in the network management mo ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66327 (Race condition vulnerability in the network module.Impact: Successful  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66326 (Race condition vulnerability in the audio module. Impact: Successful e ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66325 (Permission control vulnerability in the package management module. Imp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66324 (Input verification vulnerability in the compression and decompression  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66323 (Vulnerability of improper criterion security check in the card module. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-66322 (Multi-thread race condition vulnerability in the camera framework modu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-65849 (A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version ...)
 	TODO: check
 CVE-2025-65804 (Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via th ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-65799 (A lack of file name validation or verification in the Attachment servi ...)
 	TODO: check
 CVE-2025-65798 (Incorrect access control in usememos memos v0.25.2 allows attackers wi ...)
@@ -51,7 +51,7 @@ CVE-2025-65231 (Barix Instreamer v04.06 and earlier is vulnerable to Cross Site
 CVE-2025-65230 (Barix Instreamer v04.06 and v04.05 contains a stored cross-site script ...)
 	TODO: check
 CVE-2025-64081 (SQL injection vulnerability in /php/api_patient_schedule.php in Source ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-63721 (HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component allow ...)
 	TODO: check
 CVE-2025-61318 (Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vu ...)
@@ -61,113 +61,113 @@ CVE-2025-60912 (phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vuln
 CVE-2025-59391 (A memory disclosure vulnerability exists in libcoap's OSCORE configura ...)
 	TODO: check
 CVE-2025-58279 (Permission control vulnerability in the media library module. Impact:  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-48639 (In DefaultTransitionHandler.java, there is a possible way to unknowing ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48638 (In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds w ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48637 (In multiple functions of mem_protect.c, there is a possible out of bou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48633 (In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48632 (In setDisplayName of AssociationRequest.java, there is a possible way  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48631 (In onHeaderDecoded of LocalImageResolver.java, there is a possible per ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48629 (In findAvailRecognizer of VoiceInteractionManagerService.java, there i ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48628 (In validateIconUserBoundary of PrintManagerService.java, there is a po ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48627 (In startNextMatchingActivity of ActivityTaskManagerService.java, there ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48626 (In multiple locations, there is a possible way to launch an applicatio ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48625 (In multiple locations of UsbDataAdvancedProtectionHook.java, there is  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48624 (In multiple functions of arm-smmu-v3.c, there is a possible out-of-bou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48623 (In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds wri ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48622 (In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48621 (In DefaultTransitionHandler.java, there is a possible way to enable a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48620 (In onSomePackagesChanged of VoiceInteractionManagerService.java, there ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48618 (In processLaunchBrowser of CommandParamsFactory.java, there is a possi ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48615 (In getComponentName of MediaButtonReceiverHolder.java, there is a poss ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48614 (In rebootWipeUserData of RecoverySystem.java, there is a possible way  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48612 (In multiple locations, there is a possible way for an application on a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48610 (In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possib ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48608 (In isValidMediaUri of SettingsProvider.java, there is a possible cross ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48607 (In multiple locations, there is a possible way to create a large amoun ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48606 (In preparePackage of InstallPackageHelper.java, there is a possible wa ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48604 (In multiple locations, there is a possible way to read files from anot ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48603 (In InputMethodInfo of InputMethodInfo.java, there is a possible perman ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48601 (In multiple locations, there is a possible permanent denial of service ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48600 (In multiple files, there is a possible way to reveal information acros ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48599 (In multiple functions of WifiScanModeActivity.java, there is a possibl ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48598 (In multiple locations, there is a possible way to alter the primary us ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48597 (In multiple locations, there is a possible way to trick a user into ac ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48596 (In appendFrom of Parcel.cpp, there is a possible out of bounds read du ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48594 (In onUidImportance of DisassociationProcessor.java, there is a possibl ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48592 (In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bound ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48591 (In multiple locations, there is a possible way to read files from anot ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48590 (In verifyAndGetBypass of AppOpsService.java, there is a possible metho ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48589 (In multiple functions of HeaderPrivacyIconsController.kt, there is a p ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48588 (In startAlwaysOnVpn of Vpn.java, there is a possible way to disable al ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48586 (In onActivityResult of EditFdnContactScreen.java, there is a possible  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48584 (In multiple functions of NotificationManagerService.java, there is a p ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48583 (In multiple functions of BaseBundle.java, there is a possible way to e ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48580 (In connectInternal of MediaBrowser.java, there is a possible way to ac ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48576 (In updateNotificationChannelGroupFromPrivilegedListener of Notificatio ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48575 (In multiple functions of CertInstaller.java, there is a possible way t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48573 (In sendCommand of MediaSessionRecord.java, there is a possible way to  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48572 (In multiple locations, there is a possible way to launch activities fr ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48569 (In multiple locations, there is a possible permanent denial of service ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48566 (In multiple locations, there is a possible bypass of user profile boun ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48565 (In multiple locations, there is a possible way to bypass the cross pro ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48564 (In multiple locations, there is a possible intent filter bypass due to ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48555 (In multiple functions of NotificationStation.java, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48536 (In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-48525 (In disassociate of DisassociationProcessor.java, there is a possible w ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-42620 (In affected versions, vulnerability-lookup handled user-controlled  co ...)
 	TODO: check
 CVE-2025-42616 (Some endpoints in vulnerability-lookup that modified  application stat ...)
@@ -175,11 +175,11 @@ CVE-2025-42616 (Some endpoints in vulnerability-lookup that modified  applicatio
 CVE-2025-42615 (In affected versions, vulnerability-lookup did not track or limit fail ...)
 	TODO: check
 CVE-2025-32329 (In multiple functions of Session.java, there is a possible way to view ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-32328 (In multiple functions of Session.java, there is a possible way to view ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-32319 (In ensureBound of RemotePrintService.java, there is a possible way for ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-27020 (Improper configuration of the SSH service in Infinera MTC-9 allows an  ...)
 	TODO: check
 CVE-2025-27019 (Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allo ...)
@@ -191,9 +191,9 @@ CVE-2025-26488 (Improper Input Validation vulnerability in Infinera MTC-9 allows
 CVE-2025-26487 (Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 ver ...)
 	TODO: check
 CVE-2025-22432 (In notifyTimeout of CallRedirectionProcessor.java, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-22420 (In multiple locations, there is a possible way to leak audio files acr ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-14271
 	REJECTED
 CVE-2025-14262 (A wrong permission check in KNIME Business Hub before version 1.17.0 a ...)
@@ -203,17 +203,17 @@ CVE-2025-14261 (The Litmus platform uses JWT for authentication and authorizatio
 CVE-2025-14259 (A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0 ...)
 	TODO: check
 CVE-2025-14258 (A vulnerability has been found in itsourcecode Student Management Syst ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-14257 (A flaw has been found in itsourcecode Student Management System 1.0. A ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-14256 (A vulnerability was detected in itsourcecode Student Management System ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-14251 (A security vulnerability has been detected in code-projects Online Ord ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14250 (A weakness has been identified in code-projects Online Ordering System ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14249 (A security flaw has been discovered in code-projects Online Ordering S ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14248 (A vulnerability was identified in code-projects Simple Shopping Cart 1 ...)
 	TODO: check
 CVE-2025-14247 (A vulnerability was determined in code-projects Simple Shopping Cart 1 ...)
@@ -225,23 +225,23 @@ CVE-2025-14245 (A vulnerability has been found in IdeaCMS up to 1.8. This affect
 CVE-2025-14244 (A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is  ...)
 	TODO: check
 CVE-2025-14230 (A vulnerability was detected in code-projects Daily Time Recording Sys ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14229 (A security vulnerability has been detected in SourceCodester Inventory ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-14228 (A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impa ...)
 	TODO: check
 CVE-2025-14227 (A security flaw has been discovered in Philipinho Simple-PHP-Blog up t ...)
 	TODO: check
 CVE-2025-14226 (A vulnerability was identified in itsourcecode Student Management Syst ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-14225 (A vulnerability was determined in D-Link DCS-930L 1.15.04. This affect ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-14224 (A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2. ...)
 	TODO: check
 CVE-2025-14223 (A vulnerability has been found in code-projects Simple Leave Manager 1 ...)
 	TODO: check
 CVE-2025-12956 (A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA  ...)
-	TODO: check
+	NOT-FOR-US: Dassault Systemes
 CVE-2025-59030 [Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor]
 	- pdns-recursor <unfixed> (bug #1122197)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e07df3257e71a95b6089d6b7506009c1d27e7e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e07df3257e71a95b6089d6b7506009c1d27e7e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251208/6f5a4b23/attachment.htm>

More information about the debian-security-tracker-commits mailing list