[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 4 21:24:08 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bbf10b7 by Salvatore Bonaccorso at 2025-08-04T22:23:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2025-8524 (A vulnerability was found in Boquan DotWallet App 2.15.2 on Android an ...)
-	TODO: check
+	NOT-FOR-US: Boquan DotWallet App
 CVE-2025-8523 (A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0  ...)
-	TODO: check
+	NOT-FOR-US: RiderLike Fruit Crush-Brain App
 CVE-2025-8522 (A vulnerability, which was classified as critical, was found in givanz ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvvebjs
 CVE-2025-8521 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-8520 (A vulnerability classified as critical was found in givanz Vvveb up to ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-8519 (A vulnerability classified as problematic has been found in givanz Vvv ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-8518 (A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as  ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-8517 (A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declare ...)
-	TODO: check
+	NOT-FOR-US: givanz Vvveb
 CVE-2025-8516 (A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Editi ...)
-	TODO: check
+	NOT-FOR-US: Kingdee Cloud-Starry-Sky Enterprise Edition
 CVE-2025-8515 (A vulnerability was found in Intelbras InControl 2.21.60.9 and classif ...)
 	NOT-FOR-US: Intelbras
 CVE-2025-8341 (Grafana is an open-source platform for monitoring and observability. T ...)
-	TODO: check
+	NOT-FOR-US: Grafana plugin
 CVE-2025-8109 (Software installed and run as a non-privileged user may conduct ptrace ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2025-6205 (A missing authorization vulnerability affecting DELMIA Apriso from Rel ...)
@@ -27,21 +27,21 @@ CVE-2025-6205 (A missing authorization vulnerability affecting DELMIA Apriso fro
 CVE-2025-6204 (An Improper Control of Generation of Code (Code Injection) vulnerabili ...)
 	NOT-FOR-US: Dassault Systemes
 CVE-2025-5988 (A flaw was found in the Ansible aap-gateway. Cross-site request forger ...)
-	TODO: check
+	NOT-FOR-US: Ansible Automation Platform
 CVE-2025-55014 (The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+ ...)
-	TODO: check
+	NOT-FOR-US: YouDao plugin for StarDict
 CVE-2025-53395 (Paramount Macrium Reflect through 2025-06-26 allows local attackers to ...)
-	TODO: check
+	NOT-FOR-US: Paramount Macrium Reflect
 CVE-2025-53394 (Paramount Macrium Reflect through 2025-06-26 allows attackers to execu ...)
-	TODO: check
+	NOT-FOR-US: Paramount Macrium Reflect
 CVE-2025-52239 (An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: ZKEACMS
 CVE-2025-51536 (Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered ...)
-	TODO: check
+	NOT-FOR-US: Austrian Archaeological Institute (AI) OpenAtlas
 CVE-2025-51535 (Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered ...)
-	TODO: check
+	NOT-FOR-US: Austrian Archaeological Institute (AI) OpenAtlas
 CVE-2025-51534 (A cross-site scripting (XSS) vulnerability in Austrian Archaeological  ...)
-	TODO: check
+	NOT-FOR-US: Austrian Archaeological Institute (AI) OpenAtlas
 CVE-2025-51390 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a com ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-50422 (An issue was discovered in freedesktop poppler v25.04.0. The heap memo ...)
@@ -53,23 +53,23 @@ CVE-2025-50340 (An Insecure Direct Object Reference (IDOR) vulnerability was dis
 CVE-2025-46206 (An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to c ...)
 	TODO: check
 CVE-2025-44963 (RUCKUS Network Director (RND) before 4.5 allows spoofing of an adminis ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44962 (RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ director ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44961 (In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command inje ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44960 (RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command i ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44958 (RUCKUS Network Director (RND) before 4.5 stores passwords in a recover ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44957 (Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authenticati ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44955 (RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44954 (RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44643 (Certain Draytek products are affected by Insecure Configuration. This  ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2025-41691 (An unauthenticated remote attacker may trigger a NULL pointer derefere ...)
 	NOT-FOR-US: CODESYS
 CVE-2025-41659 (A low-privileged attacker can remotely access the PKI folder of the CO ...)
@@ -91,7 +91,7 @@ CVE-2025-36604 (Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neu
 CVE-2025-36594 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-34147 (An unauthenticated OS command injection vulnerability exists in the Sh ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Aitemi M300 Wi-Fi Repeater
 CVE-2025-30099 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-30098 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
@@ -107,13 +107,13 @@ CVE-2025-26065 (A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v
 CVE-2025-21120 (Dell Avamar, versions prior to 19.12 with patch 338905, excluding vers ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-0932 (Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver,  ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2024-45183 (An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2013-10054 (An unauthenticated arbitrary file upload vulnerability exists in Libre ...)
-	TODO: check
+	NOT-FOR-US: LibrettoCMS
 CVE-2013-10052 (ZPanel includes a helper binary named zsudo, intended to allow restric ...)
-	TODO: check
+	NOT-FOR-US: ZPanel
 CVE-2025-54962 (/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows au ...)
 	TODO: check
 CVE-2025-48499 (Out-of-bounds write vulnerability exists in FUJIFILM Business Innovati ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bbf10b7957fabf1ef70da06ee664db5b06e5429

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bbf10b7957fabf1ef70da06ee664db5b06e5429
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250804/4090380d/attachment.htm>

More information about the debian-security-tracker-commits mailing list