[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 15 21:14:10 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a66b2286 by security tracker role at 2025-09-15T20:14:03+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9826 (Stored cross-site scripting vulnerability in M-Files Hubshare before v ...)
-	TODO: check
+	NOT-FOR-US: M-Files
 CVE-2025-9084 (Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirec ...)
 	TODO: check
 CVE-2025-9078 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11 ...)
@@ -31,27 +31,27 @@ CVE-2025-59359 (The cleanTcs mutation in Chaos Controller Manager is vulnerable
 CVE-2025-59358 (The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging ...)
 	TODO: check
 CVE-2025-59331 (is-arrayish checks if an object can be used like an Array. On 8 Septem ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-59330 (error-ex allows error subclassing and stack customization. On 8 Septem ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-59328 (A vulnerability in Apache Fory allows a remote attacker to cause a Den ...)
 	TODO: check
 CVE-2025-59162 (color-convert provides plain color conversion functions in JavaScript. ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-59155 (hackmd-mcp is a Model Context Protocol server for integrating HackMD's ...)
 	TODO: check
 CVE-2025-59154 (Openfire is an XMPP server licensed under the Open Source Apache Licen ...)
 	TODO: check
 CVE-2025-59144 (debug is a JavaScript debugging utility. On 8 September 2025, the npm  ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-59143 (color is a Javascript color conversion and manipulation library. On 8  ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-59142 (color-string is a parser and generator for CSS color strings. On 8 Sep ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-59141 (simple-swizzle swizzles function arguments. On 8 September 2025, the n ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-59140 (backlash parses collected strings with escapes. On 8 September 2025, t ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2025-58748 (Dataease is an open source data analytics and visualization platform.  ...)
 	TODO: check
 CVE-2025-58177 (n8n is an open source workflow automation platform. From 1.24.0 to bef ...)
@@ -71,7 +71,7 @@ CVE-2025-57174 (An issue was discovered in Siklu Communications Etherhaul 8010TX
 CVE-2025-57104 (Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx.)
 	TODO: check
 CVE-2025-56710 (A Cross-Site Request Forgery (CSRF) vulnerability was identified in th ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-56252 (Cross Site Scripting (xss) vulnerability in ServitiumCRM 2.10 allowing ...)
 	TODO: check
 CVE-2025-55777
@@ -79,7 +79,7 @@ CVE-2025-55777
 CVE-2025-52344 (Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in ...)
 	TODO: check
 CVE-2025-52053 (TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-52048 (In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the fun ...)
 	TODO: check
 CVE-2025-50944 (An issue was discovered in the method push.lite.avtech.com.MySSLSocket ...)
@@ -93,19 +93,19 @@ CVE-2025-46408 (An issue was discovered in the methods push.lite.avtech.com.Avte
 CVE-2025-45091 (Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable  ...)
 	TODO: check
 CVE-2025-43800 (Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43794 (Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4. ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43793 (Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43792 (Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older un ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43791 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-3025 (Elevation of Privileges in the cleaning feature of Gen Digital CCleane ...)
 	TODO: check
 CVE-2025-36082 (IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally w ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-10491 (The MongoDB Windows installation MSI may leave ACLs unset on custom in ...)
 	TODO: check
 CVE-2025-10475 (A weakness has been identified in SpyShelter up to 15.4.0.1015. Affect ...)
@@ -117,33 +117,33 @@ CVE-2025-10472 (A vulnerability has been found in harry0703 MoneyPrinterTurbo up
 CVE-2025-10471 (A vulnerability was detected in ZKEACMS 4.3. Impacted is the function  ...)
 	TODO: check
 CVE-2025-10459 (A security flaw has been discovered in PHPGurukul Beauty Parlour Manag ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-10448 (A flaw has been found in Campcodes Online Job Finder System 1.0. This  ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10447 (A vulnerability was detected in Campcodes Online Job Finder System 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10446 (A security vulnerability has been detected in Campcodes Computer Sales ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10445 (A weakness has been identified in Campcodes Computer Sales and Invento ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10444 (A security flaw has been discovered in Campcodes Online Job Finder Sys ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10443 (A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-10442 (A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-10441 (A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-10440 (A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, D ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-10436 (A weakness has been identified in Campcodes Computer Sales and Invento ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10435 (A security flaw has been discovered in Campcodes Computer Sales and In ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10434 (A vulnerability was identified in IbuyuCMS up to 2.6.3. Impacted is an ...)
 	TODO: check
 CVE-2025-10203 (Relative path traversal vulnerability due to improper input validation ...)
-	TODO: check
+	NOT-FOR-US: National Instruments
 CVE-2022-50338 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/27a594bc7a7c8238d239e3cdbcf2edfa3bbe9a1b (5.4.224)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a66b22861bbf7dc099a9b8c3ece4343e2ac72781

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a66b22861bbf7dc099a9b8c3ece4343e2ac72781
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250915/12e09724/attachment.htm>

More information about the debian-security-tracker-commits mailing list