[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 24 09:39:26 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
efdd1195 by security tracker role at 2025-09-24T08:39:19+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-9962 (A buffer overflow vulnerability in Novakon P series allows attack
 CVE-2025-9846 (Unrestricted Upload of File with Dangerous Type vulnerability in Talen ...)
 	TODO: check
 CVE-2025-9844 (Uncontrolled Search Path Element vulnerability in Salesforce Salesforc ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2025-9798 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-9342 (Authorization Bypass Through User-Controlled Key vulnerability in Anad ...)
@@ -21,11 +21,11 @@ CVE-2025-9197
 CVE-2025-8410 (Use After Free vulnerability in RTI Connext Professional (Security Plu ...)
 	TODO: check
 CVE-2025-8354 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-7106 (danny-avila/librechat is affected by an authorization bypass vulnerabi ...)
 	TODO: check
 CVE-2025-5717 (An authenticated remote code execution (RCE) vulnerability exists in m ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-59930
 	REJECTED
 CVE-2025-59929
@@ -67,9 +67,9 @@ CVE-2025-58473 (An improper resource shutdown or release vulnerability has been
 CVE-2025-58354 (Kata Containers is an open source project focusing on a standard imple ...)
 	TODO: check
 CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data vulnerability in Aut ...)
 	TODO: check
 CVE-2025-58069 (The use of a hard-coded cryptographic key was discovered in firmware v ...)
@@ -77,13 +77,13 @@ CVE-2025-58069 (The use of a hard-coded cryptographic key was discovered in firm
 CVE-2025-57882 (An improper resource shutdown or release vulnerability has been identi ...)
 	TODO: check
 CVE-2025-57639 (OS Command injection vulnerability in Tenda AC9 1.0 was discovered to  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57638 (Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-57637 (Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-57636 (OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-57407 (A stored cross-site scripting (XSS) vulnerability in the Admin Log Vie ...)
 	TODO: check
 CVE-2025-56394 (Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly va ...)
@@ -105,13 +105,13 @@ CVE-2025-54855 (Cleartext storage of sensitive information was discovered in Cli
 CVE-2025-54081 (Sunshine is a self-hosted game stream host for Moonlight. Prior to ver ...)
 	TODO: check
 CVE-2025-52905 (Improper Input Validation vulnerability in TOTOLINK X6000R allows Floo ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-51005 (A heap-buffer-overflow vulnerability exists in the tcpliveplay utility ...)
 	TODO: check
 CVE-2025-4993 (Untrusted Pointer Dereference vulnerability in RTI Connext Professiona ...)
 	TODO: check
 CVE-2025-4760 (An authenticated stored cross-site scripting (XSS) vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-4582 (Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Profes ...)
 	TODO: check
 CVE-2025-48459 (Deserialization of Untrusted Data vulnerability in Apache IoTDB.  This ...)
@@ -121,9 +121,9 @@ CVE-2025-48392 (A vulnerability in Apache IoTDB.  This issue affects Apache IoTD
 CVE-2025-45326 (An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attacke ...)
 	TODO: check
 CVE-2025-43819 (A Insufficient Session Expiration vulnerability in the Liferay Portal  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-43779 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-29084 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacke ...)
 	TODO: check
 CVE-2025-29083 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacke ...)
@@ -131,27 +131,27 @@ CVE-2025-29083 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote a
 CVE-2025-1255 (Untrusted Pointer Dereference vulnerability in RTI Connext Professiona ...)
 	TODO: check
 CVE-2025-10857 (A security flaw has been discovered in Campcodes Point of Sale System  ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10851 (A security flaw has been discovered in Campcodes Gym Management System ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-10412 (The Product Options and Price Calculation Formulas for WooCommerce \u2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10244 (A maliciously crafted HTML payload, when rendered by the Autodesk Fusi ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-10184 (The vulnerability allows any application installed on the device to re ...)
 	TODO: check
 CVE-2025-10147 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to ar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0672 (An authentication bypass vulnerability exists in multiple WSO2 product ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-0663 (A cross-tenant authentication vulnerability exists in multiple WSO2 pr ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-0209 (A reflected cross-site scripting (XSS) vulnerability exists in the acc ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2024-6429 (A content spoofing vulnerability exists in multiple WSO2 products due  ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2024-4598 (An information disclosure vulnerability exists in multiple WSO2 produc ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2024-21935 (Improper input validation in Satellite Management Controller (SMC) may ...)
 	TODO: check
 CVE-2024-21927 (Improper input validation in Satellite Management Controller (SMC) may ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efdd1195dc74a5c29fd2d1476aaf4498cf8712ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efdd1195dc74a5c29fd2d1476aaf4498cf8712ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250924/047a8940/attachment.htm>

More information about the debian-security-tracker-commits mailing list