[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 6 09:13:53 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0d0cb15 by security tracker role at 2025-10-06T08:13:46+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2025-9914 (The credentials of the users stored in the system's local database can ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-9913 (JavaScript can be ran inside the address bar via the dashboard "Open i ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-9710 (The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9703 (The Ultimate Addons for Elementor (Formerly Elementor Header & Footer  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-58591 (A remote, unauthorized attacker can brute force folders and files and  ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58590 (It's possible to brute force folders and files, what can be used by an ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58589 (When an error occurs in the application a full stacktrace is provided  ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58587 (The application does not implement sufficient measures to prevent mult ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58586 (For failed login attempts, the application returns different error mes ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58585 (Multiple endpoints with sensitive information do not require authentic ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58584 (In the HTTP request, the username and password are transferred directl ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58583 (The  application  provides  access  to  a  login  protected  H2  datab ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58582 (If a user tries to login but the provided credentials are incorrect a  ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58581 (When an error occurs in the application a full stacktrace is  provided ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58580 (An API  endpoint  allows  arbitrary  log  entries  to  be  created  vi ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58579 (Due to a lack of authentication, it is possible for an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-58578 (A user with the appropriate authorization can create any number of use ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2025-57781 (The installers of DENSO TEN drive recorder viewer contain an issue wit ...)
 	TODO: check
 CVE-2025-50538 (Flowise before 3.0.5 allows XSS via an IFRAME element when an admin vi ...)
@@ -39,11 +39,11 @@ CVE-2025-50538 (Flowise before 3.0.5 allows XSS via an IFRAME element when an ad
 CVE-2025-29192 (Flowise before 3.0.5 allows XSS via a FORM element and an INPUT elemen ...)
 	TODO: check
 CVE-2025-11326 (A weakness has been identified in Tenda AC18 15.03.05.19(6318). This a ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-11325 (A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). A ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-11324 (A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affect ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-11323 (A vulnerability was determined in UTT 1250GW up to v2v3.2.2-200710. Af ...)
 	TODO: check
 CVE-2025-11322 (A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted el ...)
@@ -83,7 +83,7 @@ CVE-2025-11305 (A vulnerability has been found in UTT HiPER 840G up to 3.1.1-190
 CVE-2025-11304 (A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Aff ...)
 	TODO: check
 CVE-2025-11303 (A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an ...)
-	TODO: check
+	NOT-FOR-US: Belkin
 CVE-2025-8917 (A vulnerability in allegroai/clearml version v2.0.1 allows for path tr ...)
 	NOT-FOR-US: allegroai/clearml
 CVE-2025-8406 (ZenML version 0.83.1 is affected by a path traversal vulnerability in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d0cb157a3b42a8db5bb3eb357b9ea84d606823

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d0cb157a3b42a8db5bb3eb357b9ea84d606823
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251006/11c481a8/attachment.htm>

More information about the debian-security-tracker-commits mailing list