[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 09 Sep 2025 22:37:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1a377add by Salvatore Bonaccorso at 2025-09-10T07:36:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -214,21 +214,21 @@ CVE-2025-55141 (Missing authorization in Ivanti Connect 
Secure before 22.7R2.9 o
 CVE-2025-55139 (SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, 
Ivanti Policy ...)
        NOT-FOR-US: Ivanti
 CVE-2025-55054 (CWE-79 Improper Neutralization of Input During Web Page 
Generation (XS ...)
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2025-55053 (CWE-328: Use of Weak Hash)
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2025-55052 (CWE-200 Exposure of Sensitive Information to an Unauthorized 
Actor)
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2025-55051 (CWE-1392: Use of Default Credentials)
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2025-55050 (CWE-1242: Inclusion of Undocumented Features)
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2025-55049 (Use of Default Cryptographic Key (CWE-1394))
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2025-55048 (Multiple CWE-78)
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2025-55047 (CWE-798 Use of Hard-coded Credentials)
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2025-54919 (Concurrent execution using shared resource with improper 
synchronizati ...)
        NOT-FOR-US: Microsoft
 CVE-2025-54918 (Improper authentication in Windows NTLM allows an authorized 
attacker  ...)
@@ -418,7 +418,7 @@ CVE-2025-48208 (Improper Neutralization of Special Elements 
used in an LDAP Quer
 CVE-2025-48101 (Deserialization of Untrusted Data vulnerability in 
webdevstudios Const ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47997 (Concurrent execution using shared resource with improper 
synchronizati ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47695 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47694 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -438,7 +438,7 @@ CVE-2025-47416 (A vulnerability exists in the 
ConsoleFindCommandMatchListfunctio
 CVE-2025-47415 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        NOT-FOR-US: Crestron
 CVE-2025-44594 (halo v2.20.17 and before is vulnerable to server-side request 
forgery  ...)
-       TODO: check
+       NOT-FOR-US: Halo
 CVE-2025-43786 (Enumeration of ERC from object entry in Liferay Portal 7.4.0 
through 7 ...)
        NOT-FOR-US: Liferay
 CVE-2025-43781 (Reflected cross-site scripting (XSS) vulnerability in Liferay 
Portal 7 ...)
@@ -448,7 +448,7 @@ CVE-2025-43776 (A Stored cross-site scripting vulnerability 
in the Liferay Porta
 CVE-2025-43775 (Stored cross-site scripting (XSS) vulnerability in Liferay 
Portal 7.4. ...)
        NOT-FOR-US: Liferay
 CVE-2025-41701 (An unauthenticated attacker can trick a local user into 
executing arbi ...)
-       TODO: check
+       NOT-FOR-US: Beckhoff Automation
 CVE-2025-40804 (A vulnerability has been identified in SIMATIC Virtualization 
as a Ser ...)
        NOT-FOR-US: Siemens
 CVE-2025-40803 (A vulnerability has been identified in RUGGEDCOM RST2428P 
(6GK6242-6PA ...)
@@ -478,13 +478,13 @@ CVE-2025-36125 (IBM Hardware Management Console - Power 
10.3.1050.0 and 11.1.111
 CVE-2025-36011 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does 
not set  ...)
        NOT-FOR-US: IBM
 CVE-2025-34175 (In pfSense CE/usr/local/www/suricata/suricata_filecheck.php, 
the value ...)
-       TODO: check
+       NOT-FOR-US: pfSense CE
 CVE-2025-34174 (In pfSense CE/usr/local/www/status_traffic_totals.php, the 
value of th ...)
-       TODO: check
+       NOT-FOR-US: pfSense CE
 CVE-2025-34173 (In pfSense CE/usr/local/www/snort/snort_ip_reputation.php, the 
value o ...)
-       TODO: check
+       NOT-FOR-US: pfSense CE
 CVE-2025-34172 (In pfSense CE/usr/local/www/haproxy/haproxy_stats.php, the 
value of th ...)
-       TODO: check
+       NOT-FOR-US: pfSense CE
 CVE-2025-33045 (APTIOV contains vulnerabilities in the BIOS where a privileged 
user ma ...)
        NOT-FOR-US: AMI
 CVE-2025-32689 (Improper Validation of Specified Quantity in Input 
vulnerability in Th ...)
@@ -500,19 +500,19 @@ CVE-2025-29089 (An issue in TP-Link AX10 Ax1500 v.1.3.10 
Build (20230130) allows
 CVE-2025-24404 (XML Injection RCE by parse http sitemap xml response 
vulnerability in  ...)
        TODO: check
 CVE-2025-10199 (A local privilege escalation vulnerability exists in Sunshine 
for Wind ...)
-       TODO: check
+       NOT-FOR-US: Sunshine for Windows
 CVE-2025-10198 (Sunshine for Windows, version v2025.122.141614, contains a DLL 
search- ...)
-       TODO: check
+       NOT-FOR-US: Sunshine for Windows
 CVE-2025-10183 (A blind XML External Entity (XXE) injection in the 
OpenMessaging webse ...)
-       TODO: check
+       NOT-FOR-US: TecCom TecConnect
 CVE-2025-10164 (A security flaw has been discovered in lmsys sglang 0.4.6. 
Affected by ...)
-       TODO: check
+       NOT-FOR-US: lmsys sglang
 CVE-2025-10134 (The Goza - Nonprofit Charity WordPress Theme theme for 
WordPress is vu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-10107 (A vulnerability has been found in TRENDnet TEW-831DR 1.0 
(601.130.1.14 ...)
        NOT-FOR-US: TRENDnet
 CVE-2025-10095 (A SQL injection vulnerability has been identified in the SMPP 
server c ...)
-       TODO: check
+       NOT-FOR-US: SMSEagle firmware
 CVE-2024-45325 (An improper neutralization of special elements used in an OS 
command ( ...)
        NOT-FOR-US: Fortinet
 CVE-2025-9542 (The AutomatorWP \u2013 Automator plugin for no-code 
automations, webho ...)
@@ -18405,7 +18405,7 @@ CVE-2025-52364 (Insecure Permissions vulnerability in 
Tenda CP3 Pro Firmware V22
 CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping 
diagnostic ...)
        NOT-FOR-US: FiberHome FD602GW-DX-R410 router
 CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was 
discovere ...)
-       TODO: check
+       NOT-FOR-US: Ameba-AIoT ameba-arduino-d
 CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to 
utilize i ...)
        NOT-FOR-US: Realtek
 CVE-2025-44525 (Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX 
SDK 7.41 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a377add24f4202a39de46dd18e22bc1a83e2e8a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a377add24f4202a39de46dd18e22bc1a83e2e8a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to