[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 31 Mar 2025 15:04:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6d60fd8c by Salvatore Bonaccorso at 2025-03-31T22:44:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,29 +5,29 @@ CVE-2025-3047 (When running the AWS Serverless Application 
Model Command Line In
 CVE-2025-3027 (The vulnerability exists in the EJBCA service, version 8.0 
Enterprise. ...)
        TODO: check
 CVE-2025-3026 (The vulnerability exists in the EJBCA service, version 8.0 
Enterprise. ...)
-       TODO: check
+       NOT-FOR-US: EJBCA
 CVE-2025-3022 (Os command injection vulnerability in e-solutions e-management. 
This v ...)
-       TODO: check
+       NOT-FOR-US: e-solutions e-management
 CVE-2025-3021 (Path Traversal vulnerability in e-solutions e-management. This 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: e-solutions e-management
 CVE-2025-3010 (A vulnerability, which was classified as problematic, has been 
found i ...)
        TODO: check
 CVE-2025-3009 (A vulnerability classified as critical was found in Jinher 
Network OA  ...)
-       TODO: check
+       NOT-FOR-US: Jinher Network OA C6
 CVE-2025-3008 (A vulnerability classified as critical has been found in 
Novastar CX40 ...)
-       TODO: check
+       NOT-FOR-US: Novastar
 CVE-2025-3007 (A vulnerability was found in Novastar CX40 up to 2.44.0. It has 
been r ...)
-       TODO: check
+       NOT-FOR-US: Novastar
 CVE-2025-3006 (A vulnerability was found in PHPGurukul e-Diary Management 
System 1.0. ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-3005 (A vulnerability was found in Sayski ForestBlog up to 20250321 
and clas ...)
-       TODO: check
+       NOT-FOR-US: Sayski ForestBlog
 CVE-2025-3004 (A vulnerability has been found in Sayski ForestBlog up to 
20250321 and ...)
-       TODO: check
+       NOT-FOR-US: Sayski ForestBlog
 CVE-2025-3003 (A vulnerability, which was classified as critical, was found in 
ESAFEN ...)
        NOT-FOR-US: ESAFENET
 CVE-2025-3002 (A vulnerability, which was classified as critical, has been 
found in D ...)
-       TODO: check
+       NOT-FOR-US: Digital China
 CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch 
2.6.0. Thi ...)
        TODO: check
 CVE-2025-3000 (A vulnerability classified as critical has been found in 
PyTorch 2.6.0 ...)
@@ -193,11 +193,11 @@ CVE-2025-31128 (gifplayer is a customizable jquery plugin 
to play and stop anima
 CVE-2025-31125 (Vite is a frontend tooling framework for javascript. Vite 
exposes cont ...)
        - node-vite <itp> (bug #1053782)
 CVE-2025-31124 (Zitadel is open-source identity infrastructure software. 
ZITADEL admin ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2025-31123 (Zitadel is open-source identity infrastructure software. A 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2025-31122 (scratch-coding-hut.github.io is the website for Coding Hut. In 
1.0-bet ...)
-       TODO: check
+       NOT-FOR-US: scratch-coding-hut.github.io website for Coding Hut
 CVE-2025-31117 (OpenEMR is a free and open source electronic health records 
and medica ...)
        NOT-FOR-US: OpenEMR
 CVE-2025-31116 (Mobile Security Framework (MobSF) is a pen-testing, malware 
analysis a ...)
@@ -211,7 +211,7 @@ CVE-2025-30369 (Zulip is an open-source team collaboration 
tool. The API for del
 CVE-2025-30368 (Zulip is an open-source team collaboration tool. The API for 
deleting  ...)
        TODO: check
 CVE-2025-30223 (Beego is an open-source web framework for the Go programming 
language. ...)
-       TODO: check
+       NOT-FOR-US: Beego
 CVE-2025-30209 (Tuleap is an Open Source Suite to improve management of 
software devel ...)
        NOT-FOR-US: Tuleap
 CVE-2025-30203 (Tuleap is an Open Source Suite to improve management of 
software devel ...)
@@ -223,19 +223,19 @@ CVE-2025-30155 (Tuleap is an Open Source Suite to improve 
management of software
 CVE-2025-30149 (OpenEMR is a free and open source electronic health records 
and medica ...)
        NOT-FOR-US: OpenEMR
 CVE-2025-30095 (VyOS 1.3 through 1.5 or any Debian-based system using dropbear 
in comb ...)
-       TODO: check
+       NOT-FOR-US: VyOS
 CVE-2025-30006 (Xorcom CompletePBX is vulnerable to a reflected cross-site 
scripting ( ...)
-       TODO: check
+       NOT-FOR-US: Xorcom CompletePBX
 CVE-2025-30005 (Xorcom CompletePBX is vulnerable to a path traversal via the 
Diagnosti ...)
-       TODO: check
+       NOT-FOR-US: Xorcom CompletePBX
 CVE-2025-30004 (Xorcom CompletePBX is vulnerable to command injection in the 
administr ...)
-       TODO: check
+       NOT-FOR-US: Xorcom CompletePBX
 CVE-2025-2999 (A vulnerability was found in PyTorch 2.6.0. It has been rated 
as criti ...)
        TODO: check
 CVE-2025-2998 (A vulnerability was found in PyTorch 2.6.0. It has been 
declared as cr ...)
        TODO: check
 CVE-2025-2997 (A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It 
has been ...)
-       TODO: check
+       NOT-FOR-US: zhangyanbo2007 youkefu
 CVE-2025-2996 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and 
classified ...)
        NOT-FOR-US: Tenda
 CVE-2025-2995 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) 
and class ...)
@@ -257,15 +257,15 @@ CVE-2025-2985 (A vulnerability was found in code-projects 
Payroll Management Sys
 CVE-2025-2984 (A vulnerability was found in code-projects Payroll Management 
System 1 ...)
        NOT-FOR-US: code-projects
 CVE-2025-2794 (An unsafe reflection vulnerability in Kentico Xperience allows 
an unau ...)
-       TODO: check
+       NOT-FOR-US: Kentico
 CVE-2025-2586 (A flaw was found in the OpenShift Lightspeed Service, which is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: OpenShift Lightspeed Service
 CVE-2025-2292 (Xorcom CompletePBX is vulnerable to an authenticated path 
traversal, a ...)
-       TODO: check
+       NOT-FOR-US: Xorcom CompletePBX
 CVE-2025-2072 (A Reflected Cross-Site Scripting (XSS) vulnerability has been 
discover ...)
-       TODO: check
+       NOT-FOR-US: FAST LTA Silent Brick WebUI
 CVE-2025-2071 (A critical OS Command Injection vulnerability has been 
identified in t ...)
-       TODO: check
+       NOT-FOR-US: FAST LTA Silent Brick WebUI
 CVE-2025-29929 (Tuleap is an Open Source Suite to improve management of 
software devel ...)
        NOT-FOR-US: Tuleap
 CVE-2025-29908 (Netty QUIC codec is a QUIC codec for netty which makes use of 
quiche.  ...)
@@ -275,23 +275,23 @@ CVE-2025-29772 (OpenEMR is a free and open source 
electronic health records and
 CVE-2025-29766 (Tuleap is an Open Source Suite to improve management of 
software devel ...)
        NOT-FOR-US: Tuleap
 CVE-2025-29266 (Unraid 7.0.0 before 7.0.1 allows remote users to access the 
Unraid Web ...)
-       TODO: check
+       NOT-FOR-US: Unraid
 CVE-2025-27149 (Zulip server provides an open-source team chat that helps 
teams stay p ...)
        TODO: check
 CVE-2025-27095 (JumpServer is an open source bastion host and an operation and 
mainten ...)
-       TODO: check
+       NOT-FOR-US: JumpServer
 CVE-2025-23995 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-22941 (A command injection vulnerability in the web interface of 
Adtran 411 O ...)
-       TODO: check
+       NOT-FOR-US: Adtran 411 ONT
 CVE-2025-22940 (Incorrect access control in Adtran 411 ONT L80.00.0011.M2 
allows unaut ...)
-       TODO: check
+       NOT-FOR-US: Adtran 411 ONT
 CVE-2025-22939 (A command injection vulnerability in the telnet service of 
Adtran 411  ...)
-       TODO: check
+       NOT-FOR-US: Adtran 411 ONT
 CVE-2025-22938 (Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak 
default p ...)
-       TODO: check
+       NOT-FOR-US: Adtran 411 ONT
 CVE-2025-22937 (An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to 
escalat ...)
-       TODO: check
+       NOT-FOR-US: Adtran 411 ONT
 CVE-2025-1449 (A vulnerability exists in the Rockwell Automation Verve Asset 
Manager  ...)
        TODO: check
 CVE-2024-55093 (phpIPAM through 1.7.3 has a reflected Cross-Site Scripting 
(XSS) vulne ...)
@@ -381,7 +381,7 @@ CVE-2025-2964 (A vulnerability, which was classified as 
problematic, was found i
 CVE-2025-2963 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: ConcreteCMS
 CVE-2025-2961 (A vulnerability classified as problematic was found in 
opensolon up to ...)
-       TODO: check
+       NOT-FOR-US: opensolon
 CVE-2025-2960 (A vulnerability classified as problematic has been found in 
TRENDnet T ...)
        NOT-FOR-US: TRENDnet
 CVE-2025-2959 (A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It 
has been  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d60fd8c81427d49abc77c1846b1bb074a6879b8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d60fd8c81427d49abc77c1846b1bb074a6879b8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to