[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 9 08:13:04 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81d10aa3 by security tracker role at 2025-12-09T08:12:57+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,55 +39,55 @@ CVE-2025-66202 (Astro is a web framework. Versions 5.15.7 and below have a doubl
 CVE-2025-65964 (n8n is an open source workflow automation platform. Versions 0.123.1 t ...)
 	TODO: check
 CVE-2025-65962 (Tuleap is a free and open source suite for management of software deve ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2025-65229 (A stored cross-site scripting (XSS) vulnerability exists in the web in ...)
 	TODO: check
 CVE-2025-65228 (A stored cross-site scripting vulnerability exists in the web manageme ...)
 	TODO: check
 CVE-2025-64760 (Tuleap is a free and open source suite for management of software deve ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2025-64650 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could d ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-64499 (Tuleap is a free and open source suite for management of software deve ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2025-64498 (Tuleap is an Open Source Suite for management of software development  ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2025-64497 (Tuleap is an Open Source Suite for management of software development  ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2025-42928 (Under certain conditions, a high privileged user could exploit a deser ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42904 (Due to an Information Disclosure vulnerability in Application Server A ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42896 (SAP BusinessObjects Business Intelligence Platform lets an unauthentic ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42891 (Due to a missing authorization check in SAP Enterprise Search for ABAP ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42880 (Due to missing input sanitation, SAP Solution Manager allows an authen ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42878 (SAP Web Dispatcher and ICM may expose internal testing interfaces that ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42877 (SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Cont ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42876 (Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Pri ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42875 (The SAP Internet Communication Framework does not conduct any authenti ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42874 (SAP NetWeaver remote service for Xcelsius allows an attacker with netw ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42873 (SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with kn ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42872 (Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Ent ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-36140 (IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36102 (IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36017 (IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36015 (IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-33111 (IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-14311 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	TODO: check
 CVE-2025-14310 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
@@ -101,27 +101,27 @@ CVE-2025-14307 (An insecure temporary file creation vulnerability exists in the
 CVE-2025-14306 (A directory traversal vulnerability exists in the CacheCleaner compone ...)
 	TODO: check
 CVE-2025-14286 (A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affecte ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-14285 (A vulnerability was found in code-projects Employee Profile Management ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14284 (Versions of the package @tiptap/extension-link before 2.10.4 are vulne ...)
 	TODO: check
 CVE-2025-14276 (A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.e ...)
 	TODO: check
 CVE-2025-13604 (The Login Security, FireWall, Malware removal by CleanTalk plugin for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13428 (A vulnerability exists in the SecOps SOAR server. The custom integrati ...)
 	TODO: check
 CVE-2025-13071 (The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13070 (The CSV to SortTable WordPress plugin through 4.2 does not validate so ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13031 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12832 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-12635 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-40344 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.17.8-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d10aa3d3d4a0efe72ea673d4fb4f51cb13330f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d10aa3d3d4a0efe72ea673d4fb4f51cb13330f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/e5131f7f/attachment.htm>

More information about the debian-security-tracker-commits mailing list