[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 12 Jun 2025 13:35:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
66de1a96 by Salvatore Bonaccorso at 2025-06-12T22:35:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,17 +13,17 @@ CVE-2025-5996 (An issue has been discovered in GitLab CE/EE 
affecting all versio
 CVE-2025-5982 (An issue has been discovered in GitLab EE affecting all 
versions from  ...)
        TODO: check
 CVE-2025-5485 (User names used to access the web management interface are 
limited to  ...)
-       TODO: check
+       NOT-FOR-US: SinoTrack
 CVE-2025-5484 (A username and password are required to authenticate to the 
central  S ...)
-       TODO: check
+       NOT-FOR-US: SinoTrack
 CVE-2025-5195 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
        TODO: check
 CVE-2025-4613 (Path traversal in Google Web Designer's template handling 
versions pri ...)
-       TODO: check
+       NOT-FOR-US: Google Web Designer
 CVE-2025-4418 (An improper validation of integrity check value vulnerability 
exists i ...)
-       TODO: check
+       NOT-FOR-US: AVEVA
 CVE-2025-4417 (A cross-site scripting vulnerability exists in  AVEVAPI 
Connector for  ...)
-       TODO: check
+       NOT-FOR-US: AVEVA
 CVE-2025-4278 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        TODO: check
 CVE-2025-49579 (Citizen is a MediaWiki skin that makes extensions part of the 
cohesive ...)
@@ -87,19 +87,19 @@ CVE-2025-48699
 CVE-2025-46035 (Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 
allows a remo ...)
        NOT-FOR-US: Tenda
 CVE-2025-44019 (AVEVA PI Data Archive products are vulnerable to an uncaught 
exception ...)
-       TODO: check
+       NOT-FOR-US: AVEVA
 CVE-2025-43866 (vantage6 is an open-source infrastructure for privacy 
preserving analy ...)
-       TODO: check
+       NOT-FOR-US: vantage6
 CVE-2025-43863 (vantage6 is an open source framework built to enable, manage 
and deplo ...)
-       TODO: check
+       NOT-FOR-US: vantage6
 CVE-2025-40592 (A vulnerability has been identified in Mendix Studio Pro 10 
(All versi ...)
        NOT-FOR-US: Siemens
 CVE-2025-36573 (Dell Smart Dock Firmware, versions prior to 01.00.08.01, 
contain an In ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-36539 (AVEVA PI Data Archive products  are vulnerable to an uncaught 
exceptio ...)
-       TODO: check
+       NOT-FOR-US: AVEVA
 CVE-2025-2745 (A cross-site scripting vulnerability exists in AVEVAPI Web API 
version ...)
-       TODO: check
+       NOT-FOR-US: AVEVA
 CVE-2025-2254 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
        TODO: check
 CVE-2025-29744 (pg-promise before 11.5.5 is vulnerable to SQL Injection due to 
imprope ...)
@@ -113,9 +113,9 @@ CVE-2025-0673 (An issue has been discovered in GitLab CE/EE 
affecting all versio
 CVE-2024-9512 (An issue has been discovered in GitLab EE affecting all 
versions prior ...)
        TODO: check
 CVE-2024-7562 (A potential elevated privilege issue has been reported with 
InstallShi ...)
-       TODO: check
+       NOT-FOR-US: InstallShield
 CVE-2024-56158 (XWiki is a generic wiki platform. It's possible to execute any 
SQL que ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2024-55567 (Improper input validation was discovered in UsbCoreDxe in 
Insyde Insyd ...)
        TODO: check
 CVE-2024-44906 (uptrace pgdriver v1.2.1 was discovered to contain a SQL 
injection vuln ...)
@@ -123,7 +123,7 @@ CVE-2024-44906 (uptrace pgdriver v1.2.1 was discovered to 
contain a SQL injectio
 CVE-2024-44905 (go-pg pg v10.13.0 was discovered to contain a SQL injection 
vulnerabil ...)
        TODO: check
 CVE-2023-45256 (Multiple SQL injection vulnerabilities in the EuroInformation 
Monetico ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2025-30399
        NOT-FOR-US: Microsoft .NET
 CVE-2025-6009 (A vulnerability was found in kiCode111 like-girl 5.2.0 and 
classified  ...)
@@ -165,7 +165,7 @@ CVE-2025-35978 (Improper restriction of communication 
channel to intended endpoi
 CVE-2023-36636
        REJECTED
 CVE-2022-4976 (Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains 
a bundl ...)
-       TODO: check
+       NOT-FOR-US: Archive::Unzip::Burst Perl module
 CVE-2025-6002 (An unrestricted file upload vulnerability exists in the Product 
Image  ...)
        NOT-FOR-US: VirtueMart
 CVE-2025-6001 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 
produc ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66de1a961a8b4056d4a2bd2f3b0d4d9e3a7e267e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66de1a961a8b4056d4a2bd2f3b0d4d9e3a7e267e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to