[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 25 20:13:46 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c59fde3a by security tracker role at 2025-11-25T20:13:38+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-65961 (Contao is an Open Source CMS. From version 4.0.0 to before 4.13.
 CVE-2025-65960 (Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, be ...)
 	TODO: check
 CVE-2025-65647 (Insecure Direct Object Reference (IDOR) in the Track order function in ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-65085 (A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum ...)
 	TODO: check
 CVE-2025-65084 (An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobal ...)
@@ -47,13 +47,13 @@ CVE-2025-51742 (An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materi
 CVE-2025-40890 (A Stored Cross-Site Scripting vulnerability was discovered in the Dash ...)
 	TODO: check
 CVE-2025-36134 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 thro ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-34350 (UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary  ...)
 	TODO: check
 CVE-2025-33205 (NVIDIA NeMo framework contains a vulnerability in a predefined variabl ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33204 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33203 (NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the c ...)
 	TODO: check
 CVE-2025-33200 (NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, wher ...)
@@ -93,7 +93,7 @@ CVE-2025-13467 (A flaw was found in the Keycloak LDAP User Federation provider.
 CVE-2025-12816 (An interpretation-conflict (CWE-436) vulnerability in node-forge versi ...)
 	TODO: check
 CVE-2025-0248 (HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-9803 (lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover d ...)
 	NOT-FOR-US: lunary-ai/lunary
 CVE-2025-6389 (The Sneeit Framework plugin for WordPress is vulnerable to Remote Code ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59fde3aa536b3c2fc07a9750bd3154e69a1c314

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59fde3aa536b3c2fc07a9750bd3154e69a1c314
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251125/477eeb0b/attachment.htm>

More information about the debian-security-tracker-commits mailing list