[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Thu, 25 Sep 2025 13:14:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0baee8cd by security tracker role at 2025-09-25T20:13:47+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-60019 (glib-networking's OpenSSL backend fails to 
properly check the re
 CVE-2025-60018 (glib-networking's OpenSSL backend fails to properly check the 
return v ...)
        TODO: check
 CVE-2025-5494 (ZohoCorp ManageEngine Endpoint Central was impacted by an 
improper pri ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2025-59841 (Flag Forge is a Capture The Flag (CTF) platform. In versions 
from 2.2. ...)
        TODO: check
 CVE-2025-59839 (The EmbedVideo Extension is a MediaWiki extension which adds a 
parser  ...)
@@ -37,7 +37,7 @@ CVE-2025-59422 (Dify is an open-source LLM app development 
platform. In version
 CVE-2025-57632 (libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing 
SMB2 ch ...)
        TODO: check
 CVE-2025-57623 (A NULL pointer dereference in TOTOLINK N600R firmware 
v4.3.0cu.7866_B2 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-57446 (An issue in O-RAN Near Realtime RIC ric-plt-submgr in the 
J-Release en ...)
        TODO: check
 CVE-2025-57317 (apidoc-core is the core parser library to generate apidoc 
result follo ...)
@@ -73,25 +73,25 @@ CVE-2025-46149 (In PyTorch before 2.7.0, when inductor is 
used, nn.Fold has an a
 CVE-2025-46148 (In PyTorch through 2.6.0, when eager is used, 
nn.PairwiseDistance(p=2) ...)
        TODO: check
 CVE-2025-43993 (Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and 
GNSS/GPS  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-43943 (Dell Cloud Disaster Recovery, version(s) prior to 19.20, 
contain(s) an ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-40838 (Ericsson Indoor Connect 8855 contains a vulnerability where 
server-sid ...)
-       TODO: check
+       NOT-FOR-US: Ericsson
 CVE-2025-40837 (Ericsson Indoor Connect 8855 contains a missing authorization 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Ericsson
 CVE-2025-40836 (Ericsson Indoor Connect 8855 contains an improper input 
validation vul ...)
-       TODO: check
+       NOT-FOR-US: Ericsson
 CVE-2025-40698 (SQL injection vulnerability in Prevengos v2.44 by Nedatec 
Consulting.  ...)
        TODO: check
 CVE-2025-36857 (Rapid7 Appspider Pro versions below 7.5.021, suffer from a 
broken acce ...)
        TODO: check
 CVE-2025-36601 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, 
contains an  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-34227 (Nagios XI < 2026R1 is vulnerable to an authenticated command 
injection ...)
        TODO: check
 CVE-2025-33116 (IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-29157 (An issue in petstore v.1.0.7 allows a remote attacker to 
execute arbit ...)
        TODO: check
 CVE-2025-29156 (Cross Site Scripting vulnerability in petstore v.1.0.7 allows 
a remote ...)
@@ -99,11 +99,11 @@ CVE-2025-29156 (Cross Site Scripting vulnerability in 
petstore v.1.0.7 allows a
 CVE-2025-29155 (An issue in petstore v.1.0.7 allows a remote attacker to 
execute arbit ...)
        TODO: check
 CVE-2025-27262 (Ericsson Indoor Connect 8855 contains a command injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Ericsson
 CVE-2025-27261 (Ericsson Indoor Connect 8855 contains a SQL injection 
vulnerability wh ...)
-       TODO: check
+       NOT-FOR-US: Ericsson
 CVE-2025-26333 (Dell Crypto-J generates an error message that includes 
sensitive infor ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-26278 (A prototype pollution in the lib.set function of dref v0.1.2 
allows at ...)
        TODO: check
 CVE-2025-20363 (A vulnerability in the web services of Cisco Secure Firewall 
Adaptive  ...)
@@ -113,19 +113,19 @@ CVE-2025-20362 (A vulnerability in the VPN web server of 
Cisco Secure Firewall A
 CVE-2025-20333 (A vulnerability in the VPN web server of Cisco Secure Firewall 
Adaptiv ...)
        TODO: check
 CVE-2025-10964 (A weakness has been identified in Wavlink NU516U1. Affected by 
this vu ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2025-10963 (A security flaw has been discovered in Wavlink NU516U1 
M16U1_V240425.  ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2025-10962 (A vulnerability was identified in Wavlink NU516U1 
M16U1_V240425. This  ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2025-10961 (A vulnerability was determined in Wavlink NU516U1 
M16U1_V240425. This  ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2025-10960 (A vulnerability was found in Wavlink NU516U1 M16U1_V240425. 
The impact ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2025-10959 (A vulnerability has been found in Wavlink NU516U1 
M16U1_V240425. The a ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2025-10958 (A flaw has been found in Wavlink NU516U1 M16U1_V240425. 
Impacted is th ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2025-10957 (This vulnerability exists in the Syrotech SY-GPON-2010-WADONT 
router d ...)
        TODO: check
 CVE-2025-10953 (A security vulnerability has been detected in UTT 1200GW and 
1250GW up ...)
@@ -139,7 +139,7 @@ CVE-2025-10950 (A vulnerability was determined in geyang 
ml-logger up to acf255b
 CVE-2025-10949 (A vulnerability was found in Changsha Developer Technology 
iView Edito ...)
        TODO: check
 CVE-2025-10948 (A vulnerability has been found in MikroTik RouterOS 7. This 
affects th ...)
-       TODO: check
+       NOT-FOR-US: MikroTik
 CVE-2025-10947 (A flaw has been found in Sistemas Pleno Gest\xe3o de 
Loca\xe7\xe3o up  ...)
        TODO: check
 CVE-2025-10946 (A vulnerability was detected in nuz007 smsboom up to 
01b2f35bbbc23f3e0 ...)
@@ -175,7 +175,7 @@ CVE-2025-10449 (Improper Limitation of a Pathname to a 
Restricted Directory ('Pa
 CVE-2025-10438 (Path Traversal: 'dir/../../filename' vulnerability in Yordam 
Informati ...)
        TODO: check
 CVE-2024-48014 (Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 
contain an O ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2020-36851 (Rob -- W / cors-anywhere instances configured as an open proxy 
allow u ...)
        TODO: check
 CVE-2025-59833 (Flag Forge is a Capture The Flag (CTF) platform. In versions 
from 2.1. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0baee8cd99478263eb87be20e9e0491ae62a34bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0baee8cd99478263eb87be20e9e0491ae62a34bc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to