[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Mon Oct 13 21:14:04 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0bf8205 by security tracker role at 2025-10-13T20:13:56+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2025-9968 (A link following vulnerability exists in the UnifyScanner component of ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2025-9902 (Authorization Bypass Through User-Controlled Key vulnerability in AKIN ...)
 	TODO: check
 CVE-2025-9337 (A null pointer dereference has been identified in the AsIO3.sys driver ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2025-9336 (A stack buffer overflow has been identified in the AsIO3.sys driver. T ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2025-7707 (The llama_index library version 0.12.33 sets the NLTK data directory t ...)
 	TODO: check
 CVE-2025-6919 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-62244 (Insecure direct object reference (IDOR) vulnerability in Publications  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-62243 (Insecure direct object reference (IDOR) vulnerability in Publications  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-62242 (Insecure Direct Object Reference (IDOR) vulnerability with account add ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-62241 (Insecure Direct Object Reference (IDOR) vulnerability with shipment ad ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-62170 (rAthena is an open-source cross-platform MMORPG server. A use-after-fr ...)
 	TODO: check
 CVE-2025-61775 (Vickey is a Misskey-based microblogging platform. A vulnerability exis ...)
@@ -25,7 +25,7 @@ CVE-2025-61775 (Vickey is a Misskey-based microblogging platform. A vulnerabilit
 CVE-2025-58084 (Mattermost Desktop App versions <= 5.13.0 fail to validate URLs extern ...)
 	TODO: check
 CVE-2025-43991 (SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-37729 (Improper neutralization of special elements used in a template engine  ...)
 	TODO: check
 CVE-2025-11695 (When tlsInsecure=False appears in a connection string, certificate val ...)
@@ -35,7 +35,7 @@ CVE-2025-11184 (Cross-site scripting vulnerability in QGIS QWC2 Registration GUI
 CVE-2025-11183 (Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 <20 ...)
 	TODO: check
 CVE-2025-10720 (The WP Private Content Plus through 3.6.2 provides a global content pr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-39965 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	- linux 6.16.10-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0bf82056981a66d2b6fb5249800784f14f7c756

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0bf82056981a66d2b6fb5249800784f14f7c756
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251013/49c9da12/attachment.htm>
