[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Wed, 24 Sep 2025 01:39:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
efdd1195 by security tracker role at 2025-09-24T08:39:19+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2025-9962 (A buffer overflow vulnerability in Novakon P 
series allows attack
 CVE-2025-9846 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Talen ...)
        TODO: check
 CVE-2025-9844 (Uncontrolled Search Path Element vulnerability in Salesforce 
Salesforc ...)
-       TODO: check
+       NOT-FOR-US: Salesforce
 CVE-2025-9798 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        TODO: check
 CVE-2025-9342 (Authorization Bypass Through User-Controlled Key vulnerability 
in Anad ...)
@@ -21,11 +21,11 @@ CVE-2025-9197
 CVE-2025-8410 (Use After Free vulnerability in RTI Connext Professional 
(Security Plu ...)
        TODO: check
 CVE-2025-8354 (A maliciously crafted RFA file, when parsed through Autodesk 
Revit, ca ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-7106 (danny-avila/librechat is affected by an authorization bypass 
vulnerabi ...)
        TODO: check
 CVE-2025-5717 (An authenticated remote code execution (RCE) vulnerability 
exists in m ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2025-59930
        REJECTED
 CVE-2025-59929
@@ -67,9 +67,9 @@ CVE-2025-58473 (An improper resource shutdown or release 
vulnerability has been
 CVE-2025-58354 (Kata Containers is an open source project focusing on a 
standard imple ...)
        TODO: check
 CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks proper validation of the 
user-suppli ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the 
user-suppli ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Aut ...)
        TODO: check
 CVE-2025-58069 (The use of a hard-coded cryptographic key was discovered in 
firmware v ...)
@@ -77,13 +77,13 @@ CVE-2025-58069 (The use of a hard-coded cryptographic key 
was discovered in firm
 CVE-2025-57882 (An improper resource shutdown or release vulnerability has 
been identi ...)
        TODO: check
 CVE-2025-57639 (OS Command injection vulnerability in Tenda AC9 1.0 was 
discovered to  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-57638 (Buffer overflow vulnerability in Tenda AC9 1.0 via the user 
supplied s ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2025-57637 (Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in 
the sub ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-57636 (OS Command injection vulnerability in D-Link C1 2020-02-21. 
The sub_47 ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-57407 (A stored cross-site scripting (XSS) vulnerability in the Admin 
Log Vie ...)
        TODO: check
 CVE-2025-56394 (Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF 
incorrectly va ...)
@@ -105,13 +105,13 @@ CVE-2025-54855 (Cleartext storage of sensitive 
information was discovered in Cli
 CVE-2025-54081 (Sunshine is a self-hosted game stream host for Moonlight. 
Prior to ver ...)
        TODO: check
 CVE-2025-52905 (Improper Input Validation vulnerability in TOTOLINK X6000R 
allows Floo ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2025-51005 (A heap-buffer-overflow vulnerability exists in the tcpliveplay 
utility ...)
        TODO: check
 CVE-2025-4993 (Untrusted Pointer Dereference vulnerability in RTI Connext 
Professiona ...)
        TODO: check
 CVE-2025-4760 (An authenticated stored cross-site scripting (XSS) 
vulnerability exist ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2025-4582 (Buffer Over-read, Off-by-one Error vulnerability in RTI Connext 
Profes ...)
        TODO: check
 CVE-2025-48459 (Deserialization of Untrusted Data vulnerability in Apache 
IoTDB.  This ...)
@@ -121,9 +121,9 @@ CVE-2025-48392 (A vulnerability in Apache IoTDB.  This 
issue affects Apache IoTD
 CVE-2025-45326 (An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote 
attacke ...)
        TODO: check
 CVE-2025-43819 (A Insufficient Session Expiration vulnerability in the Liferay 
Portal  ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-43779 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-29084 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote 
attacke ...)
        TODO: check
 CVE-2025-29083 (SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote 
attacke ...)
@@ -131,27 +131,27 @@ CVE-2025-29083 (SQL Injection vulnerability in CSZ-CMS 
v.1.3.0 allows a remote a
 CVE-2025-1255 (Untrusted Pointer Dereference vulnerability in RTI Connext 
Professiona ...)
        TODO: check
 CVE-2025-10857 (A security flaw has been discovered in Campcodes Point of Sale 
System  ...)
-       TODO: check
+       NOT-FOR-US: Campcodes
 CVE-2025-10851 (A security flaw has been discovered in Campcodes Gym 
Management System ...)
-       TODO: check
+       NOT-FOR-US: Campcodes
 CVE-2025-10412 (The Product Options and Price Calculation Formulas for 
WooCommerce \u2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-10244 (A maliciously crafted HTML payload, when rendered by the 
Autodesk Fusi ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2025-10184 (The vulnerability allows any application installed on the 
device to re ...)
        TODO: check
 CVE-2025-10147 (The Podlove Podcast Publisher plugin for WordPress is 
vulnerable to ar ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-0672 (An authentication bypass vulnerability exists in multiple WSO2 
product ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2025-0663 (A cross-tenant authentication vulnerability exists in multiple 
WSO2 pr ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2025-0209 (A reflected cross-site scripting (XSS) vulnerability exists in 
the acc ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2024-6429 (A content spoofing vulnerability exists in multiple WSO2 
products due  ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2024-4598 (An information disclosure vulnerability exists in multiple WSO2 
produc ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2024-21935 (Improper input validation in Satellite Management Controller 
(SMC) may ...)
        TODO: check
 CVE-2024-21927 (Improper input validation in Satellite Management Controller 
(SMC) may ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efdd1195dc74a5c29fd2d1476aaf4498cf8712ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efdd1195dc74a5c29fd2d1476aaf4498cf8712ee
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to