[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 23 21:42:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b91312b by Salvatore Bonaccorso at 2025-04-23T22:41:52+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,19 +15,19 @@ CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image d
 	- imagemagick 8:7.1.1.46+dfsg1-1
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 (7.1.1-44)
 CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk Managemen ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2025-42605 (This vulnerability exists in Meon Bidding Solutions due to improper au ...)
-	TODO: check
+	NOT-FOR-US: Meon Bidding Solutions
 CVE-2025-42604 (This vulnerability exists in Meon KYC solutions due to debug mode is e ...)
-	TODO: check
+	NOT-FOR-US: Meon KYC solutions
 CVE-2025-42603 (This vulnerability exists in the Meon KYC solutions due to transmissio ...)
-	TODO: check
+	NOT-FOR-US: Meon KYC solutions
 CVE-2025-42602 (This vulnerability exists in Meon KYC solutions due to improper handli ...)
-	TODO: check
+	NOT-FOR-US: Meon KYC solutions
 CVE-2025-42601 (This vulnerability exists in Meon KYC solutions due to insufficient se ...)
-	TODO: check
+	NOT-FOR-US: Meon KYC solutions
 CVE-2025-42600 (This vulnerability exists in Meon KYC solutions due to missing restric ...)
-	TODO: check
+	NOT-FOR-US: Meon KYC solutions
 CVE-2025-3907 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API S ...)
 	NOT-FOR-US: Drupal core and addons
 CVE-2025-3904 (Vulnerability in Drupal Sportsleague.This issue affects Sportsleague:  ...)
@@ -43,57 +43,57 @@ CVE-2025-3900 (Improper Neutralization of Input During Web Page Generation ('Cro
 CVE-2025-3673
 	REJECTED
 CVE-2025-32969 (XWiki is a generic wiki platform. In versions starting from 1.8 and pr ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-32968 (XWiki is a generic wiki platform. In versions starting from 1.6-milest ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-32966 (DataEase is an open-source BI tool alternative to Tableau. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: DataEase
 CVE-2025-32818 (A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual ...)
 	NOT-FOR-US: SonicWall
 CVE-2025-2773 (BEC Technologies Multiple Routers sys ping Command Injection Remote Co ...)
-	TODO: check
+	NOT-FOR-US: EC Technologies Routers
 CVE-2025-2772 (BEC Technologies Multiple Routers Insufficiently Protected Credentials ...)
-	TODO: check
+	NOT-FOR-US: EC Technologies Routers
 CVE-2025-2771 (BEC Technologies Multiple Routers Authentication Bypass Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: EC Technologies Routers
 CVE-2025-2770 (BEC Technologies Multiple Routers Cleartext Password Storage Informati ...)
-	TODO: check
+	NOT-FOR-US: EC Technologies Routers
 CVE-2025-2769 (Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escal ...)
-	TODO: check
+	NOT-FOR-US: Bdrive NetDrive
 CVE-2025-2768 (Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escal ...)
-	TODO: check
+	NOT-FOR-US: Bdrive NetDrive
 CVE-2025-2767 (Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Executi ...)
-	TODO: check
+	NOT-FOR-US: Arista NG Firewall User-Agent
 CVE-2025-2765 (CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authenti ...)
-	TODO: check
+	NOT-FOR-US: CarlinKit CPC200-CCPA Wireless Hotspot
 CVE-2025-2764 (CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographi ...)
-	TODO: check
+	NOT-FOR-US: CarlinKit CPC200-CCPA
 CVE-2025-2763 (CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature ...)
-	TODO: check
+	NOT-FOR-US: CarlinKit CPC200-CCPA
 CVE-2025-2762 (CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation ...)
-	TODO: check
+	NOT-FOR-US: CarlinKit CPC200-CCPA
 CVE-2025-2703 (The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Grafana plugin
 CVE-2025-29526 (A Cross-Site Scripting (XSS) vulnerability in the search function of Q ...)
-	TODO: check
+	NOT-FOR-US: Q4 Inc Investor Relations Platform
 CVE-2025-28169 (BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.23122 ...)
-	TODO: check
+	NOT-FOR-US: BYD QIN PLUS DM-i Dilink OS
 CVE-2025-28028 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-28025 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-28022 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-28021 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-28020 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer o ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-28019 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer o ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-28018 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer o ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-28017 (TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Inject ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-21605 (Redis is an open source, in-memory database that persists on disk. In  ...)
 	TODO: check
 CVE-2025-1522 (PostHog database_schema Server-Side Request Forgery Information Disclo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b91312bc5c88717babda0c09ecede98e8534b7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b91312bc5c88717babda0c09ecede98e8534b7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250423/734a673e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list