[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 28 20:14:31 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83b9500b by security tracker role at 2025-10-28T20:14:02+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2025-61235 (An issue was discovered in Dataphone A920 v2025.07.161103. A cus
 CVE-2025-61155 (Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-che ...)
 	TODO: check
 CVE-2025-61128 (Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN ...)
-	TODO: check
+	NOT-FOR-US: Wavlink
 CVE-2025-61107 (FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NU ...)
 	TODO: check
 CVE-2025-61106 (FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NU ...)
@@ -37,7 +37,7 @@ CVE-2025-59837 (Astro is a web framework that includes an image proxy. In versio
 CVE-2025-56399 (alexusmai laravel-file-manager 3.3.1 and before allows an authenticate ...)
 	TODO: check
 CVE-2025-55758 (Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for  ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-54605 (Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (is ...)
 	TODO: check
 CVE-2025-54604 (Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (is ...)
@@ -49,15 +49,15 @@ CVE-2025-53814 (A use-after-free vulnerability exists in the XML parser function
 CVE-2025-41090 (microCLAUDIA in v3.2.0 and prior has an improper access control vulner ...)
 	TODO: check
 CVE-2025-40843 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
-	TODO: check
+	NOT-FOR-US: Ericsson
 CVE-2025-36386 (IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36085 (IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36083 (IBM Concert Software   1.0.0 through 2.0.0could allow a local user to  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36081 (IBM ConcertSoftware  1.0.0 through 2.0.0 could allow a user to modify  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-34318 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
 	TODO: check
 CVE-2025-34317 (IPFire versions prior to 2.29 (Core Update 198) containa stored cross- ...)
@@ -99,19 +99,19 @@ CVE-2025-34294 (Wazuh's File Integrity Monitoring (FIM), when configured with au
 CVE-2025-27093 (Sliver is a command and control framework that uses a custom Wireguard ...)
 	TODO: check
 CVE-2025-1038 (The \u201cDiagnostics Tools\u201d page of the web-based configuration  ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Energy
 CVE-2025-1037 (By making minor configuration changes to the TropOS 4th Gen device, an ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Energy
 CVE-2025-1036 (Command injection vulnerability exists in the \u201cLogging\u201d page ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Energy
 CVE-2025-12425 (Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; ...)
-	TODO: check
+	NOT-FOR-US: Azure Access Technology
 CVE-2025-12424 (Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC ...)
-	TODO: check
+	NOT-FOR-US: Azure Access Technology
 CVE-2025-12423 (Protocol manipulation might lead to denial of service.This issue affec ...)
-	TODO: check
+	NOT-FOR-US: Azure Access Technology
 CVE-2025-12422 (Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtainin ...)
-	TODO: check
+	NOT-FOR-US: Azure Access Technology
 CVE-2025-12390 (A flaw was found in Keycloak. In Keycloak where a user can accidentall ...)
 	TODO: check
 CVE-2025-12380 (Starting with Firefox 142, it was possible for a compromised child pro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b9500bc1e1fb828245331409e9e4a787edb2a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b9500bc1e1fb828245331409e9e4a787edb2a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251028/d326a48c/attachment.htm>

More information about the debian-security-tracker-commits mailing list