[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 14 Oct 2025 01:13:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4fa0a10b by security tracker role at 2025-10-14T08:13:29+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
 CVE-2025-9713 (Path traversal in Ivanti Endpoint Manager allows a remote 
unauthentica ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-8594 (The Pz-LinkCard WordPress plugin before 2.5.7 does not validate 
a para ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-62392 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62391 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62390 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62389 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62388 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62387 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62386 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62385 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62384 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62383 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-62365 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network 
monitoring sy ...)
        TODO: check
 CVE-2025-62364 (text-generation-webui is an open-source web interface for 
running Larg ...)
@@ -31,25 +31,25 @@ CVE-2025-62363 (yt-grabber-tui is a terminal user interface 
application for down
 CVE-2025-62362 (gpp-burgerportaal is a Dutch government citizen portal 
application. In ...)
        TODO: check
 CVE-2025-62361 (WeGIA is an open source Web Manager for Institutions with a 
focus on P ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2025-62360 (WeGIA is an open source Web Manager for Institutions with a 
focus on P ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2025-62359 (WeGIA is an open source Web Manager for Institutions with a 
focus on P ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2025-62358 (WeGIA is an open source Web Manager for Institutions with a 
focus on P ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2025-62252 (Insecure Direct Object Reference (IDOR) vulnerability in 
Liferay Porta ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-62251 (Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 
2023.Q3.1 thro ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-62246 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
Liferay  ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2025-62179 (WeGIA is an open source Web Manager for Institutions with a 
focus on P ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2025-62178 (WeGIA is an open source Web Manager for Institutions with a 
focus on P ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2025-62177 (WeGIA is an open source Web Manager for Institutions with a 
focus on P ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2025-62176 (Mastodon is a free, open-source social network server based on 
Activit ...)
        TODO: check
 CVE-2025-62175 (Mastodon is a free, open-source social network server based on 
Activit ...)
@@ -65,33 +65,33 @@ CVE-2025-59836 (Omni manages Kubernetes on bare metal, 
virtual machines, or in a
 CVE-2025-55078 (In Eclipse ThreadX before version 6.4.3, an attacker can cause 
a denia ...)
        TODO: check
 CVE-2025-42939 (SAP S/4HANA (Manage Processing Rules - For Bank Statements) 
allows an  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-42937 (SAP Print Service (SAPSprint) performs insufficient validation 
of path ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-42910 (Due to missing verification of file type or content, SAP 
Supplier Rela ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-42909 (SAP Cloud Appliance Library Appliances allows an attacker with 
high pr ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-42908 (Due to a Cross-Site Request Forgery (CSRF) vulnerability in 
SAP NetWea ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-42906 (SAP Commerce Cloud contains a path traversal vulnerability 
that may al ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-42903 (A vulnerability in SAP Financial Service Claims Management RFC 
functio ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-42902 (Due to the memory corruption vulnerability in SAP NetWeaver AS 
ABAP an ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-42901 (SAP Application Server for ABAP allows an authenticated 
attacker to st ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-11731 (A flaw was found in the exsltFuncResultComp() function of 
libxslt, whi ...)
        TODO: check
 CVE-2025-11623 (SQL injection in Ivanti Endpoint Manager allows a remote 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-11622 (Insecure deserialization in Ivanti Endpoint Manager allows a 
local aut ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2025-10732 (The SureForms \u2013 Drag and Drop Form Builder for WordPress 
plugin f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-10357 (The Simple SEO WordPress plugin before 2.0.32 does not 
sanitise and es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6211
        REJECTED
 CVE-2025-9968 (A link following vulnerability exists in the UnifyScanner 
component of ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fa0a10b0d6c3a8f04bee08d66a88d058a017cbe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fa0a10b0d6c3a8f04bee08d66a88d058a017cbe
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to