[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Mon, 18 Aug 2025 13:29:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a1c15fed by security tracker role at 2025-08-18T20:12:58+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2025-7693 (A security issue exists due to improper handling of malformed 
CIP Forw ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2025-55591 (TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to 
contain a comm ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-55590 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to 
contain an com ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-55589 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to 
contain multip ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-55588 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to 
contain a buff ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-55587 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to 
contain a buff ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-55586 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to 
contain a buff ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-55585 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to 
contain an eva ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-55584 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to 
contain insecu ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-55300 (Komari is a lightweight, self-hosted server monitoring tool 
designed t ...)
        TODO: check
 CVE-2025-55299 (VaulTLS is a modern solution for managing mTLS (mutual TLS) 
certificat ...)
@@ -45,7 +45,7 @@ CVE-2025-55201 (Copier library and CLI app for rendering 
project templates. Prio
 CVE-2025-54421 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
        TODO: check
 CVE-2025-54234 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2025-54118 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
        TODO: check
 CVE-2025-54117 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
@@ -53,31 +53,31 @@ CVE-2025-54117 (NamelessMC is a free, easy to use & 
powerful website software fo
 CVE-2025-4962 (An Insecure Direct Object Reference (IDOR) vulnerability was 
identifie ...)
        TODO: check
 CVE-2025-47206 (An out-of-bounds write vulnerability has been reported to 
affect File  ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2025-43733 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-43732 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 
2025.Q1.0 thro ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-43731 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-41242 (Spring Framework MVC applications can be vulnerable to a 
\u201cPath Tr ...)
        TODO: check
 CVE-2025-3639 (Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 
throug ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-36120 (IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an 
authentic ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-33100 (IBM Concert Software 1.0.0 through 1.1.0   contains hard-coded 
credent ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-33090 (IBM Concert Software 1.0.0 through 1.1.0 could allow a remote 
attacker ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-32992 (Thermo Fisher Scientific ePort through 3.0.0 has Incorrect 
Access Cont ...)
        TODO: check
 CVE-2025-27909 (IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin 
resource sh ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-1759 (IBM Concert Software 1.0.0 through 1.1.0 could allow a remote 
attacker ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-49827 (IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to 
excessive da ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-9109 (A security flaw has been discovered in Portabilis i-Diario up 
to 1.5.0 ...)
        NOT-FOR-US: Portabilis
 CVE-2025-9108 (Affected is an unknown function of the component Login Page. 
The manip ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1c15feda9f5d489d8eb549d7ce7b84dcd951557

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1c15feda9f5d489d8eb549d7ce7b84dcd951557
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to