[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ce3b239 by Salvatore Bonaccorso at 2025-10-08T22:23:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -120,23 +120,23 @@ CVE-2025-43822 (Multiple stored cross-site scripting (XSS) vulnerabilities in Li
 CVE-2025-43727 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-40889 (A path traversal vulnerability was discovered in the Time Machine func ...)
-	TODO: check
+	NOT-FOR-US: Guardian/CMC
 CVE-2025-40888 (A SQL Injection vulnerability was discovered in the CLI functionality  ...)
-	TODO: check
+	NOT-FOR-US: Guardian/CMC
 CVE-2025-40887 (A SQL Injection vulnerability was discovered in the Alert functionalit ...)
-	TODO: check
+	NOT-FOR-US: Guardian/CMC
 CVE-2025-40886 (A SQL Injection vulnerability was discovered in the Alert functionalit ...)
-	TODO: check
+	NOT-FOR-US: Guardian/CMC
 CVE-2025-40885 (A SQL Injection vulnerability was discovered in the Smart Polling func ...)
-	TODO: check
+	NOT-FOR-US: Guardian/CMC
 CVE-2025-40676 (Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Bio ...)
-	TODO: check
+	NOT-FOR-US: Negotiator from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC)
 CVE-2025-40649 (Stored Cross-Site Scripting (XSS) in Biobanking and Biomolecular Resou ...)
-	TODO: check
+	NOT-FOR-US: Negotiator from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC)
 CVE-2025-3719 (An access control vulnerability was discovered in the CLI functionalit ...)
-	TODO: check
+	NOT-FOR-US: Guardian/CMC
 CVE-2025-3718 (A client-side path traversal vulnerability was discovered in the web m ...)
-	TODO: check
+	NOT-FOR-US: Guardian/CMC
 CVE-2025-3450 (Improper Resource Locking vulnerability in B&R Industrial Automation A ...)
 	NOT-FOR-US: ABB group
 CVE-2025-3449 (Generation of Predictable Numbers or Identifiers vulnerability in B&R  ...)
@@ -144,7 +144,7 @@ CVE-2025-3449 (Generation of Predictable Numbers or Identifiers vulnerability in
 CVE-2025-3448 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: ABB group
 CVE-2025-37728 (Insufficiently Protected Credentials in the Crowdstrike connector can  ...)
-	TODO: check
+	NOT-FOR-US: Crowdstrike connector
 CVE-2025-36569 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-36567 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
@@ -156,7 +156,7 @@ CVE-2025-36565 (Dell PowerProtect Data Domain with Data Domain Operating System
 CVE-2025-36156 (IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vu ...)
 	NOT-FOR-US: IBM
 CVE-2025-34252 (NetSarang Xmanager Enterprise 5.0 Build 1232,Xmanager 5.0 Build 1045,X ...)
-	TODO: check
+	NOT-FOR-US: NetSarang Xmanager
 CVE-2025-1826 (IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundatio ...)
 	NOT-FOR-US: IBM
 CVE-2025-11462 (Improper Link Resolution Before File Access in the AWS VPN Client for  ...)
@@ -260,13 +260,13 @@ CVE-2025-11386 (A vulnerability was found in Tenda AC15 15.03.05.18. The impacte
 CVE-2025-11385 (A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The af ...)
 	NOT-FOR-US: Tenda
 CVE-2025-11360 (A vulnerability was detected in jakowenko double-take up to 1.13.1. Th ...)
-	TODO: check
+	NOT-FOR-US: jakowenko double-take
 CVE-2025-11359 (A security vulnerability has been detected in code-projects Simple Ban ...)
 	NOT-FOR-US: code-projects
 CVE-2025-11204 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11192 (A vulnerability in Extreme Networks\u2019 Fabric Engine (VOSS) before  ...)
-	TODO: check
+	NOT-FOR-US: Extreme Networks
 CVE-2025-11171 (The Chartify \u2013 WordPress Chart Plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10904
@@ -280,7 +280,7 @@ CVE-2025-10587 (The Community Events plugin for WordPress is vulnerable to SQL I
 CVE-2025-10494 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0603 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Callvision Emergency Code
 CVE-2023-6215 (A potential security vulnerability has been identified in HP Sure Star ...)
 	NOT-FOR-US: HP
 CVE-2025-11460
@@ -836,7 +836,7 @@ CVE-2025-43824 (The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, an
 CVE-2025-34251 (Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contain ...)
 	NOT-FOR-US: Tesla
 CVE-2025-11362 (Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: pdfmake
 CVE-2025-11358 (A weakness has been identified in code-projects Simple Banking System  ...)
 	NOT-FOR-US: code-projects
 CVE-2025-11357 (A security flaw has been discovered in code-projects Simple Banking Sy ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce3b2396282402b288b0b005d186103c9fe807a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce3b2396282402b288b0b005d186103c9fe807a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251008/bdb89d9c/attachment-0001.htm>