[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 30 20:13:49 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b90a8137 by security tracker role at 2025-10-30T20:13:43+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2025-63423 (Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.
 CVE-2025-63422 (Incorrect access control in the Web management interface in Each Italy ...)
 	TODO: check
 CVE-2025-63298 (A path traversal vulnerability was identified in SourceCodester Pet Gr ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-62795 (JumpServer is an open source bastion host and an operation and mainten ...)
 	TODO: check
 CVE-2025-62726 (n8n is an open source workflow automation platform. Prior to 1.113.0,  ...)
@@ -27,11 +27,11 @@ CVE-2025-62726 (n8n is an open source workflow automation platform. Prior to 1.1
 CVE-2025-62712 (JumpServer is an open source bastion host and an operation and mainten ...)
 	TODO: check
 CVE-2025-62266 (By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsuppor ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-62265 (Cross-site scripting (XSS) vulnerability in the Blogs widget in Lifera ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-61498 (A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-61196 (An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker t ...)
 	TODO: check
 CVE-2025-61121 (Mobile Scanner Android App version 2.12.38 (package name com.glority.e ...)
@@ -57,11 +57,11 @@ CVE-2025-60950 (An arbitrary file upload vulnerability in the Data Preparation f
 CVE-2025-60319 (PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due t ...)
 	TODO: check
 CVE-2025-5347 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-5343 (Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-5342 (Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2025-57109 (Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to Heap Use-Af ...)
 	TODO: check
 CVE-2025-56313 (A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in ...)
@@ -87,41 +87,41 @@ CVE-2025-50736 (An open redirect vulnerability exists in Byaidu PDFMathTranslate
 CVE-2025-50574 (Cross-site scripting (XSS) vulnerability in blog-details.php in Hiruna ...)
 	TODO: check
 CVE-2025-46423 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-46422 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-46363 (Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance versio ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43942 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43941 (Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43940 (Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43939 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-43027 (A critical severity vulnerability has been identified in the ALPR Mana ...)
 	TODO: check
 CVE-2025-3356 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could al ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-3355 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could al ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-39663 (Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed moni ...)
 	TODO: check
 CVE-2025-36592 (Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.2 ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-36137 (IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004,  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-12517 (Credits Page not Matching Versions in Use in the FirmwareThis issue af ...)
-	TODO: check
+	NOT-FOR-US: Azure Access Technology
 CVE-2025-12516 (Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU ...)
-	TODO: check
+	NOT-FOR-US: Azure Access Technology
 CVE-2025-12515 (Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects  ...)
-	TODO: check
+	NOT-FOR-US: Azure Access Technology
 CVE-2025-12060 (The keras.utils.get_file API in Keras, when used with the extract=True ...)
 	TODO: check
 CVE-2025-11998 (The following HP Card Readers B Models(X3D03B & Y7C05B) are potentiall ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2025-10348 (URVE Smart Office is vulnerable to Stored XSS in report problem functi ...)
 	TODO: check
 CVE-2025-10317 (Quick.Cart is vulnerable to Cross-Site Request Forgery in product crea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b90a81370168f5d68924bedb04108c370e7bb028

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b90a81370168f5d68924bedb04108c370e7bb028
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251030/0b374fd4/attachment.htm>

More information about the debian-security-tracker-commits mailing list