[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 31 Jul 2025 00:41:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5e2ea7d1 by Salvatore Bonaccorso at 2025-07-31T09:41:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-8312 (Deadlock in PAM automatic check-in feature in 
Devolutions Server
 CVE-2025-6348 (The Smart Slider 3 plugin for WordPress is vulnerable to 
time-based SQ ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-54656 (** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization 
for Log ...)
-       TODO: check
+       NOT-FOR-US: Apache Struts Extras
 CVE-2025-54584 (GitProxy is an application that stands between developers and 
a Git re ...)
        NOT-FOR-US: GitProxy
 CVE-2025-54583 (GitProxy is an application that stands between developers and 
a Git re ...)
@@ -40,7 +40,7 @@ CVE-2025-54572 (The Ruby SAML library is for implementing the 
client side of a S
 CVE-2025-54433 (Bugsink is a self-hosted error tracking service. In versions 
1.4.2 and ...)
        NOT-FOR-US: Bugsink
 CVE-2025-54430 (dedupe is a python library that uses machine learning to 
perform fuzzy ...)
-       TODO: check
+       NOT-FOR-US: dedupe
 CVE-2025-54425 (Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 
15.0.0 t ...)
        NOT-FOR-US: Umbraco CMS
 CVE-2025-54410 (Moby is an open source container framework developed by Docker 
Inc. th ...)
@@ -80,7 +80,7 @@ CVE-2025-50464 (A buffer overflow vulnerability exists in the 
upload.cgi module
 CVE-2025-47001 (Adobe Experience Manager versions 6.5.22 and earlier are 
affected by a ...)
        NOT-FOR-US: Adobe
 CVE-2025-46811 (A Missing Authentication for Critical Function vulnerability 
in SUSE M ...)
-       TODO: check
+       NOT-FOR-US: SUSE Manager
 CVE-2025-45620 (An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote 
attacker to o ...)
        NOT-FOR-US: Aver
 CVE-2025-45619 (An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a 
remote atta ...)
@@ -126,7 +126,7 @@ CVE-2025-8321 (Tesla Wall Connector Firmware Downgrade 
Vulnerability. This vulne
 CVE-2025-8320 (Tesla Wall Connector Content-Length Header Improper Input 
Validation R ...)
        NOT-FOR-US: Tesla
 CVE-2025-8319 (the BMA login interface allows arbitrary JavaScript or HTML to 
be writ ...)
-       TODO: check
+       NOT-FOR-US: Barracuda Mail Archiver
 CVE-2025-8217 (The Amazon Q Developer Visual Studio Code (VS Code) extension 
v1.84.0  ...)
        NOT-FOR-US: Amazon
 CVE-2025-7849 (A memory corruption vulnerability due to improper error 
handling when  ...)
@@ -138,7 +138,7 @@ CVE-2025-7361 (A code injection vulnerability due to an 
improper initialization
 CVE-2025-54381 (BentoML is a Python library for building online serving 
systems optimi ...)
        NOT-FOR-US: BentoML
 CVE-2025-54126 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the 
executable ...)
-       TODO: check
+       NOT-FOR-US: wasm-micro-runtime
 CVE-2025-4426 (The vulnerability was identified in the code developed 
specifically fo ...)
        NOT-FOR-US: Insyde
 CVE-2025-4425 (The vulnerability was identified in the code developed 
specifically fo ...)
@@ -310,7 +310,7 @@ CVE-2025-31243 (A permissions issue was addressed with 
additional restrictions.
 CVE-2025-31229 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
        NOT-FOR-US: Apple
 CVE-2025-25011 (An uncontrolled search path element vulnerability can lead to 
local pr ...)
-       TODO: check
+       NOT-FOR-US: Beats (Windows Installer)
 CVE-2025-24224 (The issue was addressed with improved checks. This issue is 
fixed in t ...)
        NOT-FOR-US: Apple
 CVE-2025-24188 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
@@ -318,7 +318,7 @@ CVE-2025-24188 (A logic issue was addressed with improved 
checks. This issue is
 CVE-2025-24119 (This issue was addressed through improved state management. 
This issue ...)
        NOT-FOR-US: Apple
 CVE-2025-0712 (An uncontrolled search path element vulnerability can lead to 
local pr ...)
-       TODO: check
+       NOT-FOR-US: Beats (Windows Installer)
 CVE-2025-7777
        NOT-FOR-US: mirror-registry for Quay
 CVE-2025-8292 (Use after free in Media Stream in Google Chrome prior to 
138.0.7204.18 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2ea7d137e7fa045a944e19fd2c85778c47ba07

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2ea7d137e7fa045a944e19fd2c85778c47ba07
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to