[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 29 Jul 2025 13:37:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c944f4f6 by Salvatore Bonaccorso at 2025-07-29T22:36:31+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,11 +31,11 @@ CVE-2025-6505 (Unauthorized access and impersonation can 
occur in versions4.6.2.
 CVE-2025-6504 (In HDP Server versions below 4.6.2.2978 on Linux, unauthorized 
access  ...)
        NOT-FOR-US: Progress Software
 CVE-2025-6175 (Improper Neutralization of CRLF Sequences ('CRLF Injection') 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: DECE Software Geodi
 CVE-2025-6060 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: DECE Software Geodi
 CVE-2025-5922 (Access to TSplus Remote Access Admin Toolis restricted to 
administrato ...)
-       TODO: check
+       NOT-FOR-US: TSplus Remote Access Admin Tool
 CVE-2025-5684 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form 
Builder f ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-5587 (The Appzend theme for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
@@ -47,7 +47,7 @@ CVE-2025-5038 (A maliciously crafted X_T file, when parsed 
through certain Autod
 CVE-2025-54432
        REJECTED
 CVE-2025-54422 (Sandboxie is a sandbox-based isolation software for 32-bit and 
64-bit  ...)
-       TODO: check
+       NOT-FOR-US: Sandboxie
 CVE-2025-54420
        REJECTED
 CVE-2025-53902 (Tuleap is an Open Source Suite created to facilitate 
management of sof ...)
@@ -69,39 +69,39 @@ CVE-2025-53102 (Discourse is an open-source community 
discussion platform. Prior
 CVE-2025-52899 (Tuleap is an Open Source Suite created to facilitate 
management of sof ...)
        NOT-FOR-US: Tuleap
 CVE-2025-52490 (An issue was discovered in Couchbase Sync Gateway before 
3.2.6. In sgc ...)
-       TODO: check
+       NOT-FOR-US: Couchbase Sync Gateway
 CVE-2025-52358 (A cross-site scripting vulnerability in Vivaldi United Group 
iCONTROL+ ...)
-       TODO: check
+       NOT-FOR-US: Vivaldi United Group iCONTROL+ Server
 CVE-2025-52284 (Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a 
command ...)
        NOT-FOR-US: TOTOLINK
 CVE-2025-51970 (A SQL Injection vulnerability exists in the action.php 
endpoint of Pun ...)
-       TODO: check
+       NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced
 CVE-2025-51045 (Phpgurukul Pre-School Enrollment System 1.0 contains a SQL 
injection v ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-51044 (phpgurukul Nipah virus (NiV) Testing Management System 1.0 
contains a  ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-50738 (The Memos application, up to version v0.24.3, allows for the 
embedding ...)
-       TODO: check
+       NOT-FOR-US: Memos application
 CVE-2025-46059 (langchain-ai v0.3.51 was discovered to contain an indirect 
prompt inje ...)
-       TODO: check
+       NOT-FOR-US: langchain-ai
 CVE-2025-45346 (SQL Injection vulnerability in Bacula-web before v.9.7.1 
allows a remo ...)
-       TODO: check
+       NOT-FOR-US: Bacula-web
 CVE-2025-44137 (MapTiler Tileserver-php v2.0 is vulnerable to Directory 
Traversal. The ...)
-       TODO: check
+       NOT-FOR-US: MapTiler Tileserver-php
 CVE-2025-44136 (MapTiler Tileserver-php v2.0 is vulnerable to Cross Site 
Scripting (XS ...)
-       TODO: check
+       NOT-FOR-US: MapTiler Tileserver-php
 CVE-2025-41241 (VMware vCenter contains a denial-of-service vulnerability.A 
malicious  ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2025-40686 (Reflected Cross-Site Scripting (XSS) in Human Resource 
Management Syst ...)
-       TODO: check
+       NOT-FOR-US: Human Resource Management System
 CVE-2025-40685 (Reflected Cross-Site Scripting (XSS) in Human Resource 
Management Syst ...)
-       TODO: check
+       NOT-FOR-US: Human Resource Management System
 CVE-2025-40684 (Reflected Cross-Site Scripting (XSS) in Human Resource 
Management Syst ...)
-       TODO: check
+       NOT-FOR-US: Human Resource Management System
 CVE-2025-40683 (Reflected Cross-Site Scripting (XSS) in Human Resource 
Management Syst ...)
-       TODO: check
+       NOT-FOR-US: Human Resource Management System
 CVE-2025-40682 (SQL injection vulnerability in Human Resource Management 
System versio ...)
-       TODO: check
+       NOT-FOR-US: Human Resource Management System
 CVE-2025-36071 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 11.5 ...)
        NOT-FOR-US: IBM
 CVE-2025-36010 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2   could allow an 
unauthen ...)
@@ -119,11 +119,11 @@ CVE-2025-2533 (IBM Db2 for Linux 12.1.0, 12.1.1, and 
12.1.2 is vulnerable to a d
 CVE-2025-2179 (An incorrect privilege assignment vulnerability in the Palo 
Alto Netwo ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2025-28172 (Grandstream Networks UCM6510 v1.0.20.52 and before is 
vulnerable to Im ...)
-       TODO: check
+       NOT-FOR-US: Grandstream Networks
 CVE-2025-28171 (An issue in Grandstream UCM6510 v.1.0.20.52 and before allows 
a remote ...)
-       TODO: check
+       NOT-FOR-US: Grandstream
 CVE-2025-28170 (Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to 
Incorrect Ac ...)
-       TODO: check
+       NOT-FOR-US: Grandstream
 CVE-2025-27514 (GLPI is a Free Asset and IT Management Software package, Data 
center m ...)
        TODO: check
 CVE-2025-26400 (SolarWinds Web Help Desk was reported to be affected by an XML 
Externa ...)
@@ -137,9 +137,9 @@ CVE-2024-49828 (IBM Db2 for Linux, UNIX and Windows 
(includes Db2 Connect Server
 CVE-2024-43018 (Piwigo 13.8.0 and below is vulnerable to SQL Injection in the 
paramete ...)
        TODO: check
 CVE-2024-42655 (An access control issue in NanoMQ v0.21.10 allows attackers to 
bypass  ...)
-       TODO: check
+       NOT-FOR-US: NanoMQ
 CVE-2024-42651 (NanoMQ v0.17.9 was discovered to contain a heap use-after-free 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: NanoMQ
 CVE-2024-42645 (An issue in FlashMQ v1.14.0 allows attackers to cause an 
assertion fai ...)
        TODO: check
 CVE-2024-42644 (FlashMQ v1.14.0 was discovered to contain an assertion failure 
in the  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c944f4f68db1a72eaa52d1d384e3af7135b1d887

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c944f4f68db1a72eaa52d1d384e3af7135b1d887
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to