[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 16 21:13:40 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e734291 by security tracker role at 2025-10-16T20:13:33+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-9955 (An improper access control vulnerability exists in WSO2 Enterprise Int ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-9804 (An improper access control vulnerability exists in multiple WSO2 produ ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-9559 (Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Inse ...)
 	TODO: check
 CVE-2025-9152 (An improper privilege management vulnerability exists in WSO2 API Mana ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-6338 (There is an incomplete cleanup vulnerability in Qt Network's Schannel  ...)
 	TODO: check
 CVE-2025-62586 (OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset t ...)
@@ -119,7 +119,7 @@ CVE-2025-54859 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO
 CVE-2025-54760 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R ...)
 	TODO: check
 CVE-2025-54658 (An Improper Limitation of a Pathname to a Restricted Directory ('Path  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-54539 (A Deserialization of Untrusted Data vulnerability exists in the Apache ...)
 	TODO: check
 CVE-2025-54499 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use  ...)
@@ -127,9 +127,9 @@ CVE-2025-54499 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail t
 CVE-2025-54461 (ChatLuck contains an insufficient granularity of access control vulner ...)
 	TODO: check
 CVE-2025-53951 (An Improper Limitation of a Pathname to a Restricted Directory ('Path  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-53950 (An Exposure of Private Personal Information ('Privacy Violation') vuln ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-53858 (ChatLuck contains a cross-site scripting vulnerability in Chat Rooms.  ...)
 	TODO: check
 CVE-2025-53092 (Strapi is an open source headless content management system. Strapi ve ...)
@@ -137,7 +137,7 @@ CVE-2025-53092 (Strapi is an open source headless content management system. Str
 CVE-2025-52583 (Reflected cross-site scripting (XSS) vulnerability in desknet's Web Se ...)
 	TODO: check
 CVE-2025-46752 (A insertion of sensitive information into log file in Fortinet FortiDL ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-41443 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
 	TODO: check
 CVE-2025-41410 (Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <=  ...)
@@ -149,9 +149,9 @@ CVE-2025-41253 (The following versions of Spring Cloud Gateway Server Webflux ma
 CVE-2025-3930 (Strapi uses JSON Web Tokens (JWT) for authentication. After logout or  ...)
 	TODO: check
 CVE-2025-36128 (IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denia ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36002 (IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and I ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-34519 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain an  ...)
 	TODO: check
 CVE-2025-34518 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a r ...)
@@ -169,11 +169,11 @@ CVE-2025-34513 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden conta
 CVE-2025-34512 (IleviaEVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a r ...)
 	TODO: check
 CVE-2025-34255 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observa ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-34254 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observa ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-34253 (D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored c ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-25298 (Strapi is an open source headless CMS. The @strapi/core package before ...)
 	TODO: check
 CVE-2025-24833 (Stored cross-site scripting (XSS) vulnerability in desknet's NEO versi ...)
@@ -199,13 +199,13 @@ CVE-2025-11493 (The ConnectWise Automate Agent does not fully verify the authent
 CVE-2025-11492 (In the ConnectWise Automate Agent, communications could be configured  ...)
 	TODO: check
 CVE-2025-10611 (Due to an insufficient access control implementation in multiple WSO2  ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-10545 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
 	TODO: check
 CVE-2025-0277 (HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure d ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-0276 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerab ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-56143 (Strapi is an open-source headless content management system. In versio ...)
 	TODO: check
 CVE-2025-62585 (Whale browser before 4.33.325.17 allows an attacker to bypass the Cont ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e7342916752abe96d8c56bcbbaeb0362a731b8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e7342916752abe96d8c56bcbbaeb0362a731b8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/31524135/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list