[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 5 21:33:54 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e6f4e2e by Salvatore Bonaccorso at 2025-08-05T22:33:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,15 +5,15 @@ CVE-2025-8585 (A vulnerability, which was classified as critical, has been found
 CVE-2025-8584 (A vulnerability classified as problematic was found in libav up to 12. ...)
 	TODO: check
 CVE-2025-8555 (A vulnerability, which was classified as problematic, was found in atj ...)
-	TODO: check
+	NOT-FOR-US: atjiu pybbs
 CVE-2025-8554 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: atjiu pybbs
 CVE-2025-8553 (A vulnerability classified as problematic was found in atjiu pybbs up  ...)
-	TODO: check
+	NOT-FOR-US: atjiu pybbs
 CVE-2025-8552 (A vulnerability classified as problematic has been found in atjiu pybb ...)
-	TODO: check
+	NOT-FOR-US: atjiu pybbs
 CVE-2025-7674 (Improper Input Validation vulnerability in Roche Diagnostics navify Mo ...)
-	TODO: check
+	NOT-FOR-US: Roche Diagnostics navify Monitoring
 CVE-2025-7033 (A memory abuse issue exists in the Rockwell Automation Arena\xae Simul ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2025-7032 (A memory abuse issue exists in the Rockwell Automation Arena\xae Simul ...)
@@ -29,67 +29,67 @@ CVE-2025-54254 (Adobe Experience Manager versions 6.5.23 and earlier are affecte
 CVE-2025-54253 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2025-52078 (File upload vulnerability in Writebot AI Content Generator SaaS React  ...)
-	TODO: check
+	NOT-FOR-US: Writebot
 CVE-2025-51857 (The reconcile method in the AttachmentReconciler class of the Halo sys ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2025-51628 (Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler co ...)
-	TODO: check
+	NOT-FOR-US: Agenzia Impresa Eccobook
 CVE-2025-51627 (Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook  ...)
-	TODO: check
+	NOT-FOR-US: Agenzia Impresa Eccobook
 CVE-2025-51541 (A stored cross-site scripting (XSS) vulnerability exists in the Shopwa ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2025-51060 (An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use ...)
 	TODO: check
 CVE-2025-50707 (An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: thinkphp
 CVE-2025-50706 (An issue in thinkphp v.5.1 allows a remote attacker to execute arbitra ...)
-	TODO: check
+	NOT-FOR-US: thinkphp
 CVE-2025-50688 (A command injection vulnerability exists in TwistedWeb (version 14.0.0 ...)
-	TODO: check
+	NOT-FOR-US: TwistedWeb
 CVE-2025-50592 (Cross site scripting vulnerability in seacms before 13.2 via the vid p ...)
-	TODO: check
+	NOT-FOR-US: seacms
 CVE-2025-50454 (An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru  ...)
-	TODO: check
+	NOT-FOR-US: Blue Access
 CVE-2025-47152 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
 	NOT-FOR-US: PDF-XChange
 CVE-2025-46958 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2025-46658 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. T ...)
-	TODO: check
+	NOT-FOR-US: 4C Strategies Exonaut
 CVE-2025-45512 (A lack of signature verification in the bootloader of DENX Software En ...)
 	TODO: check
 CVE-2025-44964 (A lack of SSL certificate validation in BlueStacks v5.20 allows attack ...)
-	TODO: check
+	NOT-FOR-US: BlueStacks
 CVE-2025-43980 (An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN ...)
-	TODO: check
+	NOT-FOR-US: FIRSTNUM JC21A-04 devices
 CVE-2025-43979 (An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN ...)
-	TODO: check
+	NOT-FOR-US: FIRSTNUM JC21A-04 devices
 CVE-2025-43978 (Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind ...)
-	TODO: check
+	NOT-FOR-US: Jointelli
 CVE-2025-41698 (A low privileged local attacker can interact with the affected service ...)
-	TODO: check
+	NOT-FOR-US: Draeger ICMHelper
 CVE-2025-2810 (A low privileged local attacker can abuse the affected service by usin ...)
-	TODO: check
+	NOT-FOR-US: Draeger ICMHelper
 CVE-2025-2611 (The ICTBroadcast application unsafely passes session cookie data to sh ...)
-	TODO: check
+	NOT-FOR-US: ICTBroadcast application
 CVE-2025-29745 (A vulnerability affecting the scanning module in Emsisoft Anti-Malware ...)
-	TODO: check
+	NOT-FOR-US: Emsisoft Anti-Malware
 CVE-2025-27931 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
 	NOT-FOR-US: PDF-XChange
 CVE-2024-52890 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 cou ...)
 	NOT-FOR-US: IBM
 CVE-2014-125113 (An unrestricted file upload vulnerability exists in Dell (acquired by  ...)
-	TODO: check
+	NOT-FOR-US: Dell KACE K1000 System Management Appliance
 CVE-2013-10069 (The web interface of multiple D-Link routers, including DIR-600 rev B  ...)
 	NOT-FOR-US: D-Link
 CVE-2013-10068 (Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader Plugin
 CVE-2013-10064 (A stack-based buffer overflow vulnerability exists in ActFax Server ve ...)
-	TODO: check
+	NOT-FOR-US: ActFax Server
 CVE-2012-10034 (ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw d ...)
-	TODO: check
+	NOT-FOR-US: ClanSphere
 CVE-2012-10031 (BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buf ...)
-	TODO: check
+	NOT-FOR-US: BlazeVideo HDTV Player Pro
 CVE-2025-8583
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -231,29 +231,29 @@ CVE-2025-54119 (ADOdb is a PHP database class library that provides abstractions
 	NOTE: https://github.com/ADOdb/ADOdb/issues/1083
 	NOTE: Fixed by: https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03 (v5.22.10)
 CVE-2025-53544 (Trilium Notes is an open-source, cross-platform hierarchical note taki ...)
-	TODO: check
+	NOT-FOR-US: Trilium Notes
 CVE-2025-53417 (DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosur ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-52892 (EspoCRM is a web application with a frontend designed as a single-page ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2025-51726 (CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cr ...)
-	TODO: check
+	NOT-FOR-US: CyberGhostVPNSetup.exe (Windows installer)
 CVE-2025-51387 (The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injecti ...)
 	TODO: check
 CVE-2025-50754 (Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Unisite CMS
 CVE-2025-50341 (A Boolean-based SQL injection vulnerability was discovered in Axelor 5 ...)
-	TODO: check
+	NOT-FOR-US: Axelor
 CVE-2025-4604 (The vulnerable code can bypass the Captcha check in Liferay Portal 7.4 ...)
 	NOT-FOR-US: Liferay
 CVE-2025-4599 (The fragment preview functionality in Liferay Portal 7.4.3.61 through  ...)
 	NOT-FOR-US: Liferay
 CVE-2025-46093 (LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid ...)
-	TODO: check
+	NOT-FOR-US: LiquidFiles
 CVE-2025-27212 (An Improper Input Validation in certain UniFi Access devices could all ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2025-27211 (An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and ...)
-	TODO: check
+	NOT-FOR-US: EdgeMAX EdgeSwitch
 CVE-2025-46094 (LiquidFiles before 4.1.2 allows directory traversal by configuring the ...)
 	NOT-FOR-US: LiquidFiles
 CVE-2025-8524 (A vulnerability was found in Boquan DotWallet App 2.15.2 on Android an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e6f4e2e905067cf171d9dd07d4acfc39a3f1128

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e6f4e2e905067cf171d9dd07d4acfc39a3f1128
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250805/e45d8407/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list