[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 7 21:27:58 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea702303 by Salvatore Bonaccorso at 2025-08-07T22:27:34+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,47 +1,47 @@
 CVE-2025-8697 (A vulnerability was found in agentUniverse up to 0.0.18 and classified ...)
-	TODO: check
+	NOT-FOR-US: agentUniverse
 CVE-2025-8533 (A vulnerability was identified in the XPC services of Fantastical. The ...)
-	TODO: check
+	NOT-FOR-US: Fantastical
 CVE-2025-7195 (Early versions of Operator-SDK provided an insecure method to allow op ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Operator-SDK
 CVE-2025-7054 (Cloudflare quiche was discovered to be vulnerable to an infinite loop  ...)
 	TODO: check
 CVE-2025-55138 (LinkJoin through 882f196 mishandles token ownership in password reset.)
-	TODO: check
+	NOT-FOR-US: LinkJoin
 CVE-2025-55137 (LinkJoin through 882f196 mishandles lacks type checking in password re ...)
-	TODO: check
+	NOT-FOR-US: LinkJoin
 CVE-2025-55136 (ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure ...)
-	TODO: check
+	NOT-FOR-US: ERC (aka Emotion Recognition in Conversation)
 CVE-2025-55135 (In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS v ...)
-	TODO: check
+	NOT-FOR-US: Agora
 CVE-2025-55134 (In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS v ...)
-	TODO: check
+	NOT-FOR-US: Agora
 CVE-2025-55133 (In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS v ...)
-	TODO: check
+	NOT-FOR-US: Agora
 CVE-2025-55077 (Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to esca ...)
-	TODO: check
+	NOT-FOR-US: Tyler Technologies ERP Pro 9 SaaS
 CVE-2025-54397 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 1 ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Directory Manager
 CVE-2025-54396 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 1 ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Directory Manager
 CVE-2025-54395 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 1 ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Directory Manager
 CVE-2025-54394 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 1 ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Directory Manager
 CVE-2025-54393 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 1 ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Directory Manager
 CVE-2025-54392 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 1 ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Directory Manager
 CVE-2025-51629 (A cross-site scripting (XSS) vulnerability in the PdfViewer component  ...)
-	TODO: check
+	NOT-FOR-US: Agenzia Impresa Eccobook
 CVE-2025-51533 (An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 an ...)
 	TODO: check
 CVE-2025-50952 (openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference  ...)
 	TODO: check
 CVE-2025-50692 (FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file ...)
-	TODO: check
+	NOT-FOR-US: FoxCMS
 CVE-2025-50675 (GPMAW 14, a bioinformatics software, has a critical vulnerability rela ...)
-	TODO: check
+	NOT-FOR-US: GPMAW
 CVE-2025-47808 (In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line ...)
 	TODO: check
 CVE-2025-47807 (In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_for ...)
@@ -51,61 +51,61 @@ CVE-2025-47806 (In GStreamer through 1.26.1, the subparse plugin's parse_subrip_
 CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak fu ...)
 	TODO: check
 CVE-2025-47188 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Serie ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2025-47183 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree fu ...)
 	TODO: check
 CVE-2025-44779 (An issue in Ollama v0.1.33 allows attackers to delete arbitrary files  ...)
 	TODO: check
 CVE-2025-34152 (An unauthenticated OS command injection vulnerability exists in the Sh ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Aitemi M300 Wi-Fi Repeater
 CVE-2025-34151 (A command injection vulnerability exists in the 'passwd' parameter of  ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Aitemi M300 Wi-Fi Repeater
 CVE-2025-34150 (The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Re ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Aitemi M300 Wi-Fi Repeater
 CVE-2025-34149 (A command injection vulnerability affects the Shenzhen Aitemi M300 Wi- ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Aitemi M300 Wi-Fi Repeater
 CVE-2025-34148 (An unauthenticated OS command injection vulnerability exists in the Sh ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Aitemi M300 Wi-Fi Repeater
 CVE-2025-24000 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2024-56339 (IBM WebSphere Application Server 9.0 and WebSphere Application Server  ...)
 	NOT-FOR-US: IBM
 CVE-2024-55401 (An issue in 4C Strategies Exonaut before v22.4 allows attackers to exe ...)
-	TODO: check
+	NOT-FOR-US: 4C Strategies
 CVE-2024-52680 (EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.ph ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2024-42048 (OpenOrange Business Framework 1.15.5 provides unprivileged users with  ...)
-	TODO: check
+	NOT-FOR-US: OpenOrange Business Framework
 CVE-2023-41532 (Hospital Management System v4 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-41531 (Hospital Management System v4 was discovered to contain multiple SQL i ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-41530 (Hospital Management System v4 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-41529 (Hospital Management System v4 was discovered to contain multiple cross ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-41528 (Hospital Management System v4 was discovered to contain multiple SQL i ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-41527 (Hospital Management System v4 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-41526 (Hospital Management System v4 was discovered to contain multiple SQL i ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-41525 (Hospital Management System v4 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-41524 (Student Attendance Management System v1 was discovered to contain a SQ ...)
-	TODO: check
+	NOT-FOR-US: Student Attendance Management System
 CVE-2023-41523 (Student Attendance Management System v1 was discovered to contain a SQ ...)
-	TODO: check
+	NOT-FOR-US: Student Attendance Management System
 CVE-2023-41522 (Student Attendance Management System v1 was discovered to contain mult ...)
-	TODO: check
+	NOT-FOR-US: Student Attendance Management System
 CVE-2023-41521 (Student Attendance Management System v1 was discovered to contain mult ...)
-	TODO: check
+	NOT-FOR-US: Student Attendance Management System
 CVE-2023-41520 (Student Attendance Management System v1 was discovered to contain mult ...)
-	TODO: check
+	NOT-FOR-US: Student Attendance Management System
 CVE-2023-41519 (Student Attendance Management System v1 was discovered to contain a cr ...)
-	TODO: check
+	NOT-FOR-US: Student Attendance Management System
 CVE-2023-40992 (Hospital Management System 4 is vulnerable to a SQL injection in /Hosp ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2025-47907 (Cancelling a query (e.g. by cancelling the context passed to one of th ...)
 	- golang-1.24 <unfixed>
 	- golang-1.23 <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea70230344cf5a3cb20b8b77e01fedaa5a746f11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea70230344cf5a3cb20b8b77e01fedaa5a746f11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250807/579c7658/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list