[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a2eab32 by security tracker role at 2025-10-20T20:13:37+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2025-9574 (Missing Authentication for Critical Function vulnerability in ABB ALS- ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-8884 (Authorization Bypass Through User-Controlled Key vulnerability in VHS  ...)
 	TODO: check
 CVE-2025-8349 (Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. Thi ...)
 	TODO: check
 CVE-2025-8053 (Insufficient Granularity of Access Control vulnerability in opentext F ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-8052 (SQL Injection vulnerability in opentext Flipper allows SQL Injection.  ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-8051 (Path Traversal vulnerability in opentext Flipper allows Absolute Path  ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-8049 (Insufficient Granularity of Access Control vulnerability in opentext F ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-8048 (External Control of File Name or Path vulnerability in opentext Flippe ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-6515 (The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the s ...)
 	TODO: check
 CVE-2025-62700 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -49,9 +49,9 @@ CVE-2025-61417 (Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter
 CVE-2025-60856 (Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access t ...)
 	TODO: check
 CVE-2025-5517 (Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40 ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-57837 (Tileservice module is affected by information leak vulnerability, succ ...)
-	TODO: check
+	NOT-FOR-US: Honor
 CVE-2025-57738 (Apache Syncope offers the ability to extend / customize the base behav ...)
 	TODO: check
 CVE-2025-56224 (A lack of rate limiting in the One-Time Password (OTP) verification en ...)
@@ -61,7 +61,7 @@ CVE-2025-56223 (A lack of rate limiting in the component /Home/UploadStreamDocum
 CVE-2025-56219 (Incorrect access control in SigningHub v8.6.8 allows attackers to arbi ...)
 	TODO: check
 CVE-2025-55086 (In NetXDuo version before 6.4.4, a networking support module for Eclip ...)
-	TODO: check
+	NOT-FOR-US: Eclipse
 CVE-2025-54957 (An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the  ...)
 	TODO: check
 CVE-2025-48025 (In Samsung Mobile Processor and Wearable Processor Exynos 980, 1280, 1 ...)
@@ -77,7 +77,7 @@ CVE-2025-41390 (An arbitrary code execution vulnerability exists in the git func
 CVE-2025-41028 (A SQL Injection vulnerability has been found in Epsilon RH by Grupo Ca ...)
 	TODO: check
 CVE-2025-3465 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-26782 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
 	TODO: check
 CVE-2025-26781 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a2eab325369056a4eda18e4fa00295b49244a45

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a2eab325369056a4eda18e4fa00295b49244a45
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251020/40befa6e/attachment.htm>