[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 14 09:13:36 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4fa0a10b by security tracker role at 2025-10-14T08:13:29+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
 CVE-2025-9713 (Path traversal in Ivanti Endpoint Manager allows a remote unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-8594 (The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a para ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-62392 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62391 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62390 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62389 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62388 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62387 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62386 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62385 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62384 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62383 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-62365 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
 	TODO: check
 CVE-2025-62364 (text-generation-webui is an open-source web interface for running Larg ...)
@@ -31,25 +31,25 @@ CVE-2025-62363 (yt-grabber-tui is a terminal user interface application for down
 CVE-2025-62362 (gpp-burgerportaal is a Dutch government citizen portal application. In ...)
 	TODO: check
 CVE-2025-62361 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-62360 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-62359 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-62358 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-62252 (Insecure Direct Object Reference (IDOR) vulnerability in Liferay Porta ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-62251 (Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 thro ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-62246 (Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-62179 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-62178 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-62177 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2025-62176 (Mastodon is a free, open-source social network server based on Activit ...)
 	TODO: check
 CVE-2025-62175 (Mastodon is a free, open-source social network server based on Activit ...)
@@ -65,33 +65,33 @@ CVE-2025-59836 (Omni manages Kubernetes on bare metal, virtual machines, or in a
 CVE-2025-55078 (In Eclipse ThreadX before version 6.4.3, an attacker can cause a denia ...)
 	TODO: check
 CVE-2025-42939 (SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42937 (SAP Print Service (SAPSprint) performs insufficient validation of path ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42910 (Due to missing verification of file type or content, SAP Supplier Rela ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42909 (SAP Cloud Appliance Library Appliances allows an attacker with high pr ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42908 (Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWea ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42906 (SAP Commerce Cloud contains a path traversal vulnerability that may al ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42903 (A vulnerability in SAP Financial Service Claims Management RFC functio ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42902 (Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP an ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-42901 (SAP Application Server for ABAP allows an authenticated attacker to st ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-11731 (A flaw was found in the exsltFuncResultComp() function of libxslt, whi ...)
 	TODO: check
 CVE-2025-11623 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-11622 (Insecure deserialization in Ivanti Endpoint Manager allows a local aut ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-10732 (The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10357 (The Simple SEO WordPress plugin before 2.0.32 does not sanitise and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6211
 	REJECTED
 CVE-2025-9968 (A link following vulnerability exists in the UnifyScanner component of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fa0a10b0d6c3a8f04bee08d66a88d058a017cbe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fa0a10b0d6c3a8f04bee08d66a88d058a017cbe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251014/1a9d0fcd/attachment.htm>

More information about the debian-security-tracker-commits mailing list