[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 02 Jun 2025 14:09:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ea19e086 by Salvatore Bonaccorso at 2025-06-02T22:43:08+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,29 +60,29 @@ CVE-2025-48866 (ModSecurity is an open source, cross 
platform web application fi
 CVE-2025-48745
        REJECTED
 CVE-2025-48495 (Gokapi is a self-hosted file sharing server with automatic 
expiration  ...)
-       TODO: check
+       NOT-FOR-US: Gokapi
 CVE-2025-48494 (Gokapi is a self-hosted file sharing server with automatic 
expiration  ...)
-       TODO: check
+       NOT-FOR-US: Gokapi
 CVE-2025-48387 (tar-fs provides filesystem bindings for tar-stream. Versions 
prior to  ...)
        TODO: check
 CVE-2025-47585 (Missing Authorization vulnerability in Mage people team 
Booking and Re ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-47289 (CE Phoenix is a free, open-source eCommerce platform. A stored 
cross-s ...)
-       TODO: check
+       NOT-FOR-US: CE Phoenix
 CVE-2025-47272 (The CE Phoenix eCommerce platform, starting in version 1.0.9.7 
and pri ...)
-       TODO: check
+       NOT-FOR-US: CE Phoenix
 CVE-2025-46807 (A Allocation of Resources Without Limits or Throttling 
vulnerability i ...)
        TODO: check
 CVE-2025-46806 (A Use of Out-of-range Pointer Offset vulnerability in sslh 
leads to de ...)
        TODO: check
 CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint 
of CloudC ...)
-       TODO: check
+       NOT-FOR-US: CloudClassroom-PHP-Project
 CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken 
Access  ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2025-44172 (Tenda AC6 V15.03.05.16 was discovered to contain a stack 
overflow via  ...)
        NOT-FOR-US: Tenda
 CVE-2025-44115 (A vulnerability has been found in Cotonti Siena v0.9.25. 
Affected by t ...)
-       TODO: check
+       NOT-FOR-US: Cotonti Siena
 CVE-2025-37096 (A command injection remote code execution vulnerability exists 
in HPE  ...)
        NOT-FOR-US: HPE
 CVE-2025-37095 (A directory traversal information disclosure 
vulnerabilityexists in HP ...)
@@ -102,21 +102,21 @@ CVE-2025-37089 (A command injection remote code execution 
vulnerability exists i
 CVE-2025-29785 (quic-go is an implementation of the QUIC protocol in Go. The 
loss reco ...)
        TODO: check
 CVE-2025-27956 (Directory Traversal vulnerability in WebLaudos 24.2 (04) 
allows a remo ...)
-       TODO: check
+       NOT-FOR-US: WebLaudos
 CVE-2025-27955 (Clinical Collaboration Platform 12.2.1.5 has a weak logout 
system wher ...)
-       TODO: check
+       NOT-FOR-US: Clinical Collaboration Platform
 CVE-2025-27954 (An issue in Clinical Collaboration Platform 12.2.1.5 allows a 
remote a ...)
-       TODO: check
+       NOT-FOR-US: Clinical Collaboration Platform
 CVE-2025-27953 (An issue in Clinical Collaboration Platform 12.2.1.5 allows a 
remote a ...)
-       TODO: check
+       NOT-FOR-US: Clinical Collaboration Platform
 CVE-2025-26396 (The SolarWinds Dameware Mini Remote Control was determined to 
be affec ...)
        NOT-FOR-US: SolarWinds
 CVE-2025-23105 (An issue was discovered in Samsung Mobile Processor Exynos 
2200, 1480, ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-23104 (An issue was discovered in Samsung Mobile Processor Exynos 
2200, 1480, ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-23099 (An issue was discovered in Samsung Mobile Processor Exynos 
1480 and 24 ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2025-20298 (In Universal Forwarder for Windows versions below 9.4.2, 
9.3.4, 9.2.6, ...)
        TODO: check
 CVE-2025-20297 (In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, 
and Splunk ...)
@@ -124,11 +124,11 @@ CVE-2025-20297 (In Splunk Enterprise versions below 
9.4.2, 9.3.4 and 9.2.6, and
 CVE-2025-20001 (An out-of-bounds read vulnerability exists in High-Logic 
FontCreator 1 ...)
        TODO: check
 CVE-2025-1750 (An SQL injection vulnerability exists in the delete function of 
DuckDB ...)
-       TODO: check
+       NOT-FOR-US: run-llama/llama_index
 CVE-2025-1246 (Improper Restriction of Operations within the Bounds of a 
Memory Buffe ...)
        TODO: check
 CVE-2025-1051 (Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Sonos Era 300
 CVE-2025-0819 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel 
Driver, Arm ...)
        TODO: check
 CVE-2025-0073 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel 
Driver, Arm ...)
@@ -142,19 +142,19 @@ CVE-2024-7073 (A server-side request forgery (SSRF) 
vulnerability exists in mult
 CVE-2024-57783 (The desktop application in Dot through 0.9.3 allows XSS and 
resultant  ...)
        TODO: check
 CVE-2024-57459 (A time-based SQL injection vulnerability exists in 
mydetailsstudent.ph ...)
-       TODO: check
+       NOT-FOR-US: CloudClassroom PHP Project
 CVE-2024-40114 (A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 
Wall Mo ...)
-       TODO: check
+       NOT-FOR-US: Sitecom WLX-2006 Wall Mount Range Extender N300
 CVE-2024-40113 (Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and 
before is vu ...)
-       TODO: check
+       NOT-FOR-US: Sitecom WLX-2006 Wall Mount Range Extender N300
 CVE-2024-40112 (A Local File Inclusion (LFI) vulnerability exists in Sitecom 
WLX-2006  ...)
-       TODO: check
+       NOT-FOR-US: Sitecom WLX-2006 Wall Mount Range Extender N300
 CVE-2024-3509 (A stored cross-site scripting (XSS) vulnerability exists in the 
Manage ...)
        NOT-FOR-US: WSO2
 CVE-2024-1440 (An open redirection vulnerability exists in multiple WSO2 
products due ...)
        NOT-FOR-US: WSO2
 CVE-2024-12168 (Yandex Telemost for Desktop before 2.7.0has a DLL Hijacking 
Vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Yandex Telemost for Desktop
 CVE-2024-52035 (An integer overflow vulnerability exists in the OLE Document 
File Allo ...)
        - catdoc <unfixed> (bug #1107168)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2131



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea19e086e790de503cf28f9e298cd8ee9a5abd91

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea19e086e790de503cf28f9e298cd8ee9a5abd91
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to