[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 15 22:25:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ebfedf54 by Salvatore Bonaccorso at 2025-10-15T23:24:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -68,7 +68,7 @@ CVE-2025-59269 (A stored cross-site scripting (XSS) vulnerability exists in an u
 CVE-2025-59268 (On the BIG-IP system, undisclosed endpoints that contain static non-se ...)
 	NOT-FOR-US: F5
 CVE-2025-58474 (When BIG-IP Advanced WAF is configured on a virtual server with Server ...)
-	TODO: check
+	NOT-FOR-US: N5
 CVE-2025-58424 (On BIG-IP systems, undisclosed traffic can cause data corruption and u ...)
 	NOT-FOR-US: F5
 CVE-2025-58153 (Under undisclosed traffic conditions along with conditions beyond the  ...)
@@ -78,21 +78,21 @@ CVE-2025-58133 (Authentication bypass in some Zoom Rooms Clients before version
 CVE-2025-58132 (Command injection in some Zoom Clients for Windows may allow an authen ...)
 	NOT-FOR-US: Zoom
 CVE-2025-58120 (When HTTP/2 Ingress is configured, undisclosed traffic can cause the T ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-58096 (When the database variable tm.tcpudptxchecksumis configured as non-def ...)
 	NOT-FOR-US: F5
 CVE-2025-58071 (When IPsec is configured on the BIG-IP system, undisclosed traffic can ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-57780 (A vulnerability exists in F5OS-A and F5OS-C system that may allow an a ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-56749 (Creativeitem Academy LMS up to and including 6.14 uses a hardcoded def ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Academy LMS
 CVE-2025-56748 (Creativeitem Academy LMS up to and including 5.13 uses predictable pas ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Academy LMS
 CVE-2025-56746 (Creativeitem Academy LMS up to and including 5.13 does not regenerate  ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Academy LMS
 CVE-2025-55670 (On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes sy ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-55669 (When the BIG-IP Advanced WAF and ASM security policy and a server-side ...)
 	NOT-FOR-US: F5
 CVE-2025-55083 (In NetX Duo version before 6.4.4, the component of Eclipse Foundation  ...)
@@ -108,11 +108,11 @@ CVE-2025-54858 (When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is conf
 CVE-2025-54854 (When a BIG-IP APM OAuth access profile (Resource Server or Resource Cl ...)
 	NOT-FOR-US: F5
 CVE-2025-54805 (When an iRule is configured on a virtual server via the declarative AP ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-54755 (A directory traversal vulnerability exists in TMUI that allows an auth ...)
 	NOT-FOR-US: F5
 CVE-2025-54479 (When a classification profile is configured on a virtual server withou ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-54271 (Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by  ...)
 	NOT-FOR-US: Adobe
 CVE-2025-53868 (When running in Appliance mode, a highly privileged authenticated atta ...)
@@ -126,15 +126,15 @@ CVE-2025-53521 (When a BIG-IP APM Access Policy is configured on a virtual serve
 CVE-2025-53474 (When an iRule using an ILX::callcommand is configured on a virtual ser ...)
 	NOT-FOR-US: F5
 CVE-2025-48008 (When a TCP profile with Multipath TCP (MPTCP) enabled is configured on ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-47150 (When SNMP is configured on F5OS Appliance and Chassis systems, undiscl ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-47148 (When the BIG-IP system is configured as both a Security Assertion Mark ...)
 	NOT-FOR-US: F5
 CVE-2025-46706 (When an iRule containing the HTTP::respond command is configured on a  ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-41430 (When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-2529 (Applications using affected versions of Ehcache 3.x can experience deg ...)
 	NOT-FOR-US: IBM
 CVE-2025-20360 (Multiple Cisco products are affected by a vulnerability in the Snort 3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebfedf542963b98356fedd77512343bc3b2f8ac5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebfedf542963b98356fedd77512343bc3b2f8ac5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251015/b89120b6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list