[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Mon Sep 29 21:14:15 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14f2f4ba by security tracker role at 2025-09-29T20:14:08+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-9648 (A vulnerability in the CivetWeb library's function mg_handle_form_requ ...)
 	TODO: check
 CVE-2025-8868 (In Progress Chef Automate, versions earlier than 4.13.295, on Linux x8 ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2025-7104 (A mass assignment vulnerability exists in danny-avila/librechat, affec ...)
 	TODO: check
 CVE-2025-6724 (In Progress Chef Automate, versions earlier than 4.13.295, on Linux x8 ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2025-61659 (bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index ...)
 	TODO: check
 CVE-2025-57879 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
@@ -53,7 +53,7 @@ CVE-2025-55795 (The openml/openml.org web application version v2.0.20241110 uses
 CVE-2025-51495 (An integer overflow vulnerability exists in the WebSocket component of ...)
 	TODO: check
 CVE-2025-43400 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-41252 (Description: VMware NSX contains a username enumeration vulnerability. ...)
 	TODO: check
 CVE-2025-41251 (VMware NSX contains a weak password recovery mechanism vulnerability.  ...)
@@ -61,11 +61,11 @@ CVE-2025-41251 (VMware NSX contains a weak password recovery mechanism vulnerabi
 CVE-2025-41250 (VMware vCenter contains an SMTP header injection vulnerability.A malic ...)
 	TODO: check
 CVE-2025-36352 (IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored c ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36351 (IBM License Metric Tool 9.2.0 through 9.2.40   could allow an authenti ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36099 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-35034 (Medical Informatics Engineering Enterprise Health has a reflected cros ...)
 	TODO: check
 CVE-2025-35033 (Medical Informatics Engineering Enterprise Health has a CSV injection  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14f2f4ba4fdcd39c81991699c546e57f2a431c3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14f2f4ba4fdcd39c81991699c546e57f2a431c3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250929/4ef0acc7/attachment-0001.htm>
