[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 7 20:00:33 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33f83df9 by Salvatore Bonaccorso at 2025-08-07T21:00:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -141,17 +141,17 @@ CVE-2025-48394 (An attacker with authenticated and privileged access could modif
 CVE-2025-48393 (The server identity check mechanism for firmware upgrade performed via ...)
 	NOT-FOR-US: Eaton
 CVE-2025-46391 (CWE-284: Improper Access Control)
-	TODO: check
+	NOT-FOR-US: Emby MediaBrowser
 CVE-2025-46390 (CWE-204: Observable Response Discrepancy)
-	TODO: check
+	NOT-FOR-US: Emby MediaBrowser
 CVE-2025-46389 (CWE-620: Unverified Password Change)
-	TODO: check
+	NOT-FOR-US: Emby MediaBrowser
 CVE-2025-46388 (CWE-200 Exposure of Sensitive Information to an Unauthorized Actor)
-	TODO: check
+	NOT-FOR-US: Emby MediaBrowser
 CVE-2025-46387 (CWE-639 Authorization Bypass Through User-Controlled Key)
-	TODO: check
+	NOT-FOR-US: Emby MediaBrowser
 CVE-2025-46386 (CWE-639 Authorization Bypass Through User-Controlled Key)
-	TODO: check
+	NOT-FOR-US: Emby MediaBrowser
 CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak encryption.)
 	- poco <undetermined>
 	NOTE: https://github.com/pocoproject/poco/issues/4921
@@ -171,7 +171,7 @@ CVE-2025-36020 (IBM Guardium Data Protection could allow a remote attacker to ob
 CVE-2025-30127 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Onc ...)
 	NOT-FOR-US: Marbella KR8s Dashcam FF
 CVE-2025-2028 (Lack of TLS validation when downloading a CSV file including mapping f ...)
-	TODO: check
+	NOT-FOR-US: Check Point
 CVE-2025-23335 (NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT ...)
 	NOT-FOR-US: NVIDIA
 CVE-2025-23334 (NVIDIA Triton Inference Server for Windows and Linux contains a vulner ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33f83df9e977ad58633529d061ba24d67520f094

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33f83df9e977ad58633529d061ba24d67520f094
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250807/12221816/attachment.htm>

More information about the debian-security-tracker-commits mailing list