[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Tue Sep 16 21:14:31 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50ff68c5 by security tracker role at 2025-09-16T20:14:24+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-8894 (A maliciously crafted PDF file, when parsed through certain Autodesk p ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-8893 (A maliciously crafted PDF file, when parsed through certain Autodesk p ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-8446 (The Blaze Demo Importer plugin for WordPress is vulnerable to unauthor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8276 (Improper Encoding or Escaping of Output, Improper Neutralization of Sp ...)
 	TODO: check
 CVE-2025-8057 (Authorization Bypass Through User-Controlled Key, Externally Controlle ...)
@@ -55,15 +55,15 @@ CVE-2025-56562 (An incorrect API discovered in Signify Wiz Connected 1.9.1 allow
 CVE-2025-56557 (An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers  ...)
 	TODO: check
 CVE-2025-56295 (code-projects Computer Laboratory System 1.0 has a file upload vulnera ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-56293 (code-projects Human Resource Integrated System 1.0 is vulnerable to Cr ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-56289 (code-projects Document Management System 1.0 has a Cross Site Scriptin ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-56280 (code-projects Food Ordering Review System 1.0 is vulnerable to Cross S ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-56276 (code-projects Food Ordering Review System 1.0 is vulnerable to Cross S ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-56264 (The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial ...)
 	TODO: check
 CVE-2025-56263 (by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api ...)
@@ -91,9 +91,9 @@ CVE-2025-55110 (Control-M/Agents use a kdb or PKCS#12 keystore by default, and t
 CVE-2025-55109 (An authentication bypass vulnerability exists in the out-of-support Co ...)
 	TODO: check
 CVE-2025-54262 (Substance3D - Stager versions 3.1.3 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-54237 (Substance3D - Stager versions 3.1.3 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-52044 (In Frappe ERPNext v15.57.5, the function get_stock_balance() at erpnex ...)
 	TODO: check
 CVE-2025-4953 (A flaw was found in Podman. In a Containerfile or Podman, data written ...)
@@ -101,13 +101,13 @@ CVE-2025-4953 (A flaw was found in Podman. In a Containerfile or Podman, data wr
 CVE-2025-4688 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-49728 (Cleartext storage of sensitive information in Microsoft PC Manager all ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47967 (Insufficient ui warning of dangerous operations in Microsoft Edge for  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-44034 (SQL injection vulnerability in oa_system oasys v.1.1 allows a remote a ...)
 	TODO: check
 CVE-2025-43801 (Unchecked input for loop condition vulnerability in XML-RPC in Liferay ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-41249 (The Spring Framework annotation detection mechanism may not correctly  ...)
 	TODO: check
 CVE-2025-41248 (The Spring Security annotation detection mechanism may not correctly r ...)
@@ -179,7 +179,7 @@ CVE-2025-39806 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-39805 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	TODO: check
 CVE-2025-36244 (IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerber ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-34187 (Ilevia EVE X1/X5 Server version \u2264 4.7.18.0.eden contains a miscon ...)
 	TODO: check
 CVE-2025-34186 (Ilevia EVE X1/X5 Server version \u2264 4.7.18.0.eden contains a vulner ...)
@@ -195,21 +195,21 @@ CVE-2025-30075 (In Alludo MindManager before 25.0.208 on Windows, attackers coul
 CVE-2025-2404 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-26711 (There is an unauthorized access vulnerability in ZTE T5400. Due to imp ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2025-26710 (There is an an information disclosure vulnerability in ZTE T5400. Due  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2025-10572
 	REJECTED
 CVE-2025-10563 (A vulnerability has been found in Campcodes Grocery Sales and Inventor ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10562 (A flaw has been found in Campcodes Grocery Sales and Inventory System  ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10546 (This vulnerability exist in PPC 2K15X Router, due to improper input va ...)
 	TODO: check
 CVE-2025-10492 (A Java deserialisation vulnerability has been discovered in Jaspersoft ...)
 	TODO: check
 CVE-2025-10316 (The extension "Form to Database" is susceptible to Cross-Site Scriptin ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2025-10290 (Opening links via the contextual menu in Focus iOS for certain URL sch ...)
 	TODO: check
 CVE-2025-10016 (The Sparkle framework includes a helper tool Autoupdate. Due to lack o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50ff68c5f201c162ec31102fcbdb23bab117de8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50ff68c5f201c162ec31102fcbdb23bab117de8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250916/0f8fb8e7/attachment.htm>
