[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 7 09:24:32 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65adea1b by Salvatore Bonaccorso at 2025-08-07T10:24:08+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-8086
 	REJECTED
 CVE-2025-7770 (Tigo Energy's CCA device is vulnerable to insecure session ID generati ...)
-	TODO: check
+	NOT-FOR-US: Tigo Energy CCA device
 CVE-2025-7769 (Tigo Energy's CCA is vulnerable to a command injection vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Tigo Energy CCA device
 CVE-2025-7768 (Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded  ...)
-	TODO: check
+	NOT-FOR-US: Tigo Energy CCA device
 CVE-2025-6634 (A maliciously crafted TGA file, when linked or imported into Autodesk  ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-6633 (A maliciously crafted RBG file, when parsed through Autodesk 3ds Max,  ...)
@@ -13,61 +13,61 @@ CVE-2025-6633 (A maliciously crafted RBG file, when parsed through Autodesk 3ds
 CVE-2025-6632 (A maliciously crafted PSD file, when linked or imported into Autodesk  ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-54885 (Thinbus Javascript Secure Remote Password is a browser SRP6a implement ...)
-	TODO: check
+	NOT-FOR-US: Thinbus Javascript Secure Remote Password
 CVE-2025-54882 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
-	TODO: check
+	NOT-FOR-US: Himmelblau
 CVE-2025-54799 (Let's Encrypt client and ACME library written in Go (Lego). In version ...)
 	TODO: check
 CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In versions ...)
 	TODO: check
 CVE-2025-54788 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-54786 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-54785 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-54784 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-54783 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2025-51058 (Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-sid ...)
-	TODO: check
+	NOT-FOR-US: Bottinelli Informatical Vedo Suite
 CVE-2025-51057 (A local file inclusion (LFI) vulnerability in Vedo Suite version 2024. ...)
-	TODO: check
+	NOT-FOR-US: Bottinelli Informatical Vedo Suite
 CVE-2025-51056 (An unrestricted file upload vulnerability in Vedo Suite version 2024.1 ...)
-	TODO: check
+	NOT-FOR-US: Bottinelli Informatical Vedo Suite
 CVE-2025-51055 (Insecure Data Storage of credentials has been found in /api_vedo/confi ...)
-	TODO: check
+	NOT-FOR-US: Bottinelli Informatical Vedo Suite
 CVE-2025-51054 (Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which al ...)
-	TODO: check
+	NOT-FOR-US: Bottinelli Informatical Vedo Suite
 CVE-2025-51053 (A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite ...)
-	TODO: check
+	NOT-FOR-US: Bottinelli Informatical Vedo Suite
 CVE-2025-51052 (A path traversal vulnerability in Vedo Suite 2024.17 allows remote aut ...)
-	TODO: check
+	NOT-FOR-US: Bottinelli Informatical Vedo Suite
 CVE-2025-50740 (AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site s ...)
-	TODO: check
+	NOT-FOR-US: AutoConnect
 CVE-2025-47908 (Middleware causes a prohibitive amount of heap allocations when proces ...)
 	TODO: check
 CVE-2025-46660 (An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stor ...)
-	TODO: check
+	NOT-FOR-US: 4C Strategies
 CVE-2025-46659 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. I ...)
-	TODO: check
+	NOT-FOR-US: 4C Strategies
 CVE-2025-3770 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
 	TODO: check
 CVE-2025-35970 (On multiple products of SEIKO EPSON and FUJIFILM Corporation, the init ...)
-	TODO: check
+	NOT-FOR-US: SEIKO EPSON and FUJIFILM Corporation products
 CVE-2025-32094 (An issue was discovered in Akamai Ghost, as used for the Akamai CDN pl ...)
-	TODO: check
+	NOT-FOR-US: Akamai
 CVE-2025-29866 (: External Control of File Name or Path vulnerability in TAGFREE X-Fre ...)
-	TODO: check
+	NOT-FOR-US: TAGFREE X-Free Uploader XFU
 CVE-2025-29865 (: Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
-	TODO: check
+	NOT-FOR-US: TAGFREE X-Free Uploader XFU
 CVE-2024-55402 (4C Strategies Exonaut before v22.4 was discovered to contain an access ...)
-	TODO: check
+	NOT-FOR-US: 4C Strategies
 CVE-2024-55399 (4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a S ...)
-	TODO: check
+	NOT-FOR-US: 4C Strategies
 CVE-2024-55398 (4C Strategies Exonaut before v22.4 was discovered to contain insecure  ...)
-	TODO: check
+	NOT-FOR-US: 4C Strategies
 CVE-2023-3194
 	REJECTED
 CVE-2025-8667 (A vulnerability, which was classified as critical, was found in Skywor ...)
@@ -131,7 +131,7 @@ CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak encryption.)
 	NOTE: https://github.com/pocoproject/poco/issues/4921
 	TODO: check upstream status, might not be a bug in poco
 CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: thi ...)
-	TODO: check
+	NOT-FOR-US: jsrsasign
 CVE-2025-3354 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulne ...)
 	NOT-FOR-US: IBM
 CVE-2025-3320 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65adea1b35648c19f4114ac1b689618070320a2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65adea1b35648c19f4114ac1b689618070320a2b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250807/f4431558/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list