[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 22 Aug 2025 01:18:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
af801236 by Salvatore Bonaccorso at 2025-08-22T10:18:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2025-8678 (The WP Crontrol plugin for WordPress is 
vulnerable to Server-Side
 CVE-2025-8281 (The WP Talroo WordPress plugin through 2.4 does not sanitise 
and escap ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-57699 (Western Digital Kitfox for Windows provided by Western Digital 
Corpora ...)
-       TODO: check
+       NOT-FOR-US: Western Digital Kitfox
 CVE-2025-51606 (hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its 
JWT (JSON  ...)
-       TODO: check
+       NOT-FOR-US: Hippo4j
 CVE-2025-43753 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
        NOT-FOR-US: Liferay
 CVE-2025-43752 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 
2025.Q1.0 thro ...)
@@ -13,9 +13,9 @@ CVE-2025-43752 (Liferay Portal 7.4.0 through 7.4.3.132, and 
Liferay DXP 2025.Q1.
 CVE-2025-43747 (A server-side request forgery (SSRF) vulnerability exists in 
the Lifer ...)
        NOT-FOR-US: Liferay
 CVE-2025-41452 (Post-authenticated external control of system web interface 
configurat ...)
-       TODO: check
+       NOT-FOR-US: Danfoss AK-SM8xxA Series
 CVE-2025-41451 (Improper neutralization of alarm-to-mail configuration fields 
used in  ...)
-       TODO: check
+       NOT-FOR-US: Danfoss AK-SM8xxA Series
 CVE-2023-4143
        REJECTED
 CVE-2023-4131
@@ -23,35 +23,35 @@ CVE-2023-4131
 CVE-2023-3948
        REJECTED
 CVE-2010-20123 (Steinberg MyMP3Player version 3.0 (build 3.0.0.67) is 
vulnerable to a  ...)
-       TODO: check
+       NOT-FOR-US: Steinberg MyMP3Player
 CVE-2010-20122 (Xftp FTP Client version up to and including 3.0 (build 0238) 
contain a ...)
-       TODO: check
+       NOT-FOR-US: Xftp FTP Client
 CVE-2010-20121 (EasyFTP Server versions up to 1.7.0.11 contain a stack-based 
buffer ov ...)
-       TODO: check
+       NOT-FOR-US: EasyFTP Server
 CVE-2010-20120 (Maple versions up to and including 13's Maplet framework 
allows embedd ...)
        TODO: check
 CVE-2010-20119 (CommuniCrypt Mail versions up to and including 1.16 contains a 
stack-b ...)
-       TODO: check
+       NOT-FOR-US: CommuniCrypt Mail
 CVE-2010-20115 (Arcane Software\u2019s Vermillion FTP Daemon (vftpd) versions 
up to an ...)
        TODO: check
 CVE-2010-20114 (VariCAD EN up to and including version 2010-2.05 is vulnerable 
to a st ...)
-       TODO: check
+       NOT-FOR-US: VariCAD
 CVE-2010-20113 (EasyFTP Server 1.7.0.11 and earlier contains a stack-based 
buffer over ...)
-       TODO: check
+       NOT-FOR-US: EasyFTP Server
 CVE-2010-20112 (Amlib\u2019s NetOpacs webquery.dll contains a stack-based 
buffer overf ...)
        TODO: check
 CVE-2010-20111 (Digital Music Pad v8.2.3.3.4 contains a stack-based buffer 
overflow vu ...)
-       TODO: check
+       NOT-FOR-US: Digital Music Pad
 CVE-2010-20109 (Barracuda products, confirmed in Spam & Virus Firewall, SSL 
VPN, and W ...)
        TODO: check
 CVE-2010-20108 (FTPPad <= 1.2.0 contains a stack-based buffer overflow 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: FTPPad
 CVE-2010-20107 (A stack-based buffer overflow exists in FTP Synchronizer 
Professional  ...)
-       TODO: check
+       NOT-FOR-US: FTP Synchronizer Professional
 CVE-2010-20034 (Gekko Manager FTP Client <= 0.77 contains a stack-based buffer 
overflo ...)
-       TODO: check
+       NOT-FOR-US: Gekko Manager FTP Client
 CVE-2010-20007 (Seagull FTP Client <= v3.3 Build 409 contains a stack-based 
buffer ove ...)
-       TODO: check
+       NOT-FOR-US: Seagull FTP Client
 CVE-2010-10015 (AOL versions up to and including 9.5 includes an ActiveX 
control (Phob ...)
        TODO: check
 CVE-2009-20004 (gAlan 0.2.1, a modular audio processing environment for 
Windows, is vu ...)
@@ -162,7 +162,7 @@ CVE-2025-55367 (Incorrect access control in the component 
\controller\SupplierCo
 CVE-2025-55366 (Incorrect access control in the component 
\controller\UserController.j ...)
        NOT-FOR-US: jshERP
 CVE-2025-55297 (ESF-IDF is the Espressif Internet of Things (IOT) Development 
Framewor ...)
-       TODO: check
+       NOT-FOR-US: ESF-IDF
 CVE-2025-55231 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2025-55230 (Untrusted pointer dereference in Windows MBT Transport driver 
allows a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af801236fd6af7ed21b8ba887f9ec479ecf49c0b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af801236fd6af7ed21b8ba887f9ec479ecf49c0b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to