[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 6 21:45:45 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec9c0919 by Salvatore Bonaccorso at 2025-08-06T22:45:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,35 +13,35 @@ CVE-2025-8130
 CVE-2025-7771 (ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces th ...)
 	NOT-FOR-US: ThrottleStop.sys
 CVE-2025-7202 (A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related ...)
-	TODO: check
+	NOT-FOR-US: Elgato Key Light firmware
 CVE-2025-6013 (Vault and Vault Enterprise\u2019s (\u201cVault\u201d) ldap auth method ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2025-5197 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: huggingface/transformers
 CVE-2025-53786 (On April 18th 2025, Microsoft announced Exchange Server Security Chang ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-51624 (Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.)
-	TODO: check
+	NOT-FOR-US: Zone Bitaqati
 CVE-2025-51532 (Incorrect access control in Sage DPW v2024.12.003 allows unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: Sage DPW
 CVE-2025-51531 (A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024 ...)
-	TODO: check
+	NOT-FOR-US: Sage DPW
 CVE-2025-51308 (In Gatling Enterprise versions below 1.25.0, a low-privileged user tha ...)
-	TODO: check
+	NOT-FOR-US: Gatling Enterprise
 CVE-2025-51306 (In Gatling Enterprise versions below 1.25.0, a user logging-out can st ...)
-	TODO: check
+	NOT-FOR-US: Gatling Enterprise
 CVE-2025-51040 (Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized a ...)
-	TODO: check
+	NOT-FOR-US: Electrolink FM/DAB/TV Transmitter
 CVE-2025-50286 (A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2025-50234 (MCCMS v2.7.0 has an SSRF vulnerability located in the index() method o ...)
-	TODO: check
+	NOT-FOR-US: MCCMS
 CVE-2025-50233 (A vulnerability in QCMS version 6.0.5 allows authenticated users to re ...)
-	TODO: check
+	NOT-FOR-US: QCMS
 CVE-2025-48394 (An attacker with authenticated and privileged access could modify the  ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2025-48393 (The server identity check mechanism for firmware upgrade performed via ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2025-46391 (CWE-284: Improper Access Control)
 	TODO: check
 CVE-2025-46390 (CWE-204: Observable Response Discrepancy)
@@ -69,57 +69,57 @@ CVE-2025-38746 (Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, cont
 CVE-2025-36020 (IBM Guardium Data Protection could allow a remote attacker to obtain s ...)
 	NOT-FOR-US: IBM
 CVE-2025-30127 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Onc ...)
-	TODO: check
+	NOT-FOR-US: Marbella KR8s Dashcam FF
 CVE-2025-2028 (Lack of TLS validation when downloading a CSV file including mapping f ...)
 	TODO: check
 CVE-2025-23335 (NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23334 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23333 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23331 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23327 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23326 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23325 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23324 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23323 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23322 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23321 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23320 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23319 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23318 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23317 (NVIDIA Triton Inference Server contains a vulnerability in the HTTP se ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23311 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23310 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-22470 (CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versio ...)
-	TODO: check
+	NOT-FOR-US: CL4/6NX Plus and CL4/6NX-J Plus (Japan model)
 CVE-2025-22469 (OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX- ...)
-	TODO: check
+	NOT-FOR-US: CL4/6NX Plus and CL4/6NX-J Plus (Japan model)
 CVE-2025-20332 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20331 (A vulnerability in the web-based management interface of Cisco ISE and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20215 (A vulnerability in the meeting-join functionality of Cisco Webex Meeti ...)
 	NOT-FOR-US: Cisco
 CVE-2024-8244 (The filepath.Walk and filepath.WalkDir functions are documented as not ...)
 	TODO: check
 CVE-2024-52885 (The Mobile Access Portal's File Share application is vulnerable to a d ...)
-	TODO: check
+	NOT-FOR-US: Mobile Access Portal
 CVE-2025-8656 (Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulne ...)
 	NOT-FOR-US: Kenwood
 CVE-2025-8655 (Kenwood DMX958XR libSystemLib Command injection Remote Code Execution  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec9c09197922e446729c5c7bde48b82ae1b7c51f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec9c09197922e446729c5c7bde48b82ae1b7c51f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250806/1920cfc9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list