[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 19 20:14:48 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ae8593b by security tracker role at 2025-12-19T20:14:36+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2025-66905 (The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails t
 CVE-2025-66580 (Dive is an open-source MCP Host Desktop Application that enables integ ...)
 	TODO: check
 CVE-2025-66524 (Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-65035 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventor ...)
 	TODO: check
 CVE-2025-63665 (An issue in GT Edge AI Platform Versions before v2.0.10-dev allows att ...)
@@ -57,21 +57,21 @@ CVE-2025-1927 (Cross-Site Request Forgery (CSRF) vulnerability in Restajet Infor
 CVE-2025-1885 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in R ...)
 	TODO: check
 CVE-2025-14967 (A vulnerability was identified in itsourcecode Student Management Syst ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2025-14966 (A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affe ...)
 	TODO: check
 CVE-2025-14965 (A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c ...)
 	TODO: check
 CVE-2025-14964 (A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-14962 (A flaw has been found in code-projects Simple Stock System 1.0. The im ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14961 (A vulnerability was detected in code-projects Simple Blood Donor Manag ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14960 (A security vulnerability has been detected in code-projects Simple Blo ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14959 (A weakness has been identified in code-projects Simple Stock System 1. ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14958 (A security flaw has been discovered in floooh sokol up to 33e2271c431b ...)
 	TODO: check
 CVE-2025-14957 (A vulnerability was identified in WebAssembly Binaryen up to 125. This ...)
@@ -85,17 +85,17 @@ CVE-2025-14954 (A vulnerability has been found in Open5GS up to 2.7.5. Affected
 CVE-2025-14953 (A flaw has been found in Open5GS up to 2.7.5. This impacts the functio ...)
 	TODO: check
 CVE-2025-14952 (A vulnerability was detected in Campcodes Supplier Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-14951 (A security vulnerability has been detected in code-projects Scholars T ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14950 (A weakness has been identified in code-projects Scholars Tracking Syst ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-14946 (A flaw was found in libnbd. A malicious actor could exploit this by co ...)
 	TODO: check
 CVE-2025-14882 (An API endpoint allowed access to sensitive files from other users by  ...)
-	TODO: check
+	NOT-FOR-US: rami.io products
 CVE-2025-14881 (Multiple API endpoints allowed access to sensitive files from other us ...)
-	TODO: check
+	NOT-FOR-US: rami.io products
 CVE-2025-14847 (Mismatched length fields in Zlib compressed protocol headers may allow ...)
 	TODO: check
 CVE-2025-14812 (ArcSearch for iOS versions prior to 1.45.2 could display a different d ...)
@@ -103,17 +103,17 @@ CVE-2025-14812 (ArcSearch for iOS versions prior to 1.45.2 could display a diffe
 CVE-2025-14809 (ArcSearch for Android versions prior to 1.12.6 could display a differe ...)
 	TODO: check
 CVE-2025-14455 (The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14151 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12874 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response S ...)
 	TODO: check
 CVE-2025-12361 (The myCred \u2013 Points Management System For Gamification, Ranks, Ba ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11747 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-49587 (Glutton V1 service endpoints were exposed without any authentication o ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2025-14840
 	NOT-FOR-US: Drupal addon
 CVE-2025-68491
@@ -14795,7 +14795,7 @@ CVE-2025-64682 (In JetBrains Hub before 2025.3.104432 a race condition allowed b
 CVE-2025-64681 (In JetBrains Hub before 2025.3.104992 a race condition allowed bypass  ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-64457 (In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2025-64456 (In JetBrains ReSharper before 2025.2.4 missing signature verification  ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-63835 (A stack-based buffer overflow vulnerability was discovered in Tenda AC ...)
@@ -256250,7 +256250,7 @@ CVE-2023-30973
 CVE-2023-30972
 	RESERVED
 CVE-2023-30971 (Gotham Gaia application was found to be exposing multiple unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2023-30970 (Gotham Table service and Forward App were found to be vulnerable to a  ...)
 	NOT-FOR-US: Gotham Table service and Forward App
 CVE-2023-30969 (The Palantir Tiles1 service was  found to be vulnerable to an API wide ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae8593bf02dffc14307889df9e5246201f4d6c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae8593bf02dffc14307889df9e5246201f4d6c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251219/9adf5ae0/attachment.htm>

More information about the debian-security-tracker-commits mailing list