[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 8 21:38:33 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab96ceb9 by Salvatore Bonaccorso at 2025-08-08T22:37:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,41 +29,41 @@ CVE-2025-8731 (A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL
 CVE-2025-8730 (A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.0 ...)
 	NOT-FOR-US: Belkin
 CVE-2025-8729 (A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classifie ...)
-	TODO: check
+	NOT-FOR-US: MigoXLab LMeterX
 CVE-2025-8393 (A TLS vulnerability exists in the phone application used to manage a   ...)
-	TODO: check
+	NOT-FOR-US: Dreame Technology
 CVE-2025-8356 (In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path T ...)
 	NOT-FOR-US: Xerox
 CVE-2025-8355 (In Xerox FreeFlow Core version 8.0.4, improper handling of XML input a ...)
 	NOT-FOR-US: Xerox
 CVE-2025-8284 (By default, the Packet Power Monitoring and Control Web Interface do n ...)
-	TODO: check
+	NOT-FOR-US: Packet Power
 CVE-2025-8088 (A path traversal vulnerability affecting the Windows version of WinRAR ...)
 	TODO: check
 CVE-2025-5095 (Burk Technology ARC Solo's password change mechanism can be utilized w ...)
-	TODO: check
+	NOT-FOR-US: Burk Technology
 CVE-2025-53606 (Deserialization of Untrusted Data vulnerability in Apache Seata (incub ...)
-	TODO: check
+	NOT-FOR-US: Apache Seata
 CVE-2025-53520 (The affected product allows firmware updates to be downloaded from EG4 ...)
-	TODO: check
+	NOT-FOR-US: EG4
 CVE-2025-52914 (A vulnerability in the Suite Applications Services component of Mitel  ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2025-52913 (A vulnerability in the NuPoint Unified Messaging (NPM) component of Mi ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2025-52586 (The MOD3 command traffic between the monitoring application and the  i ...)
-	TODO: check
+	NOT-FOR-US: EG4
 CVE-2025-50928 (Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a ...)
-	TODO: check
+	NOT-FOR-US: Easy Hosting Control Panel EHCP
 CVE-2025-50927 (A reflected cross-site scripting (XSS) vulnerability in the List All F ...)
-	TODO: check
+	NOT-FOR-US: Easy Hosting Control Panel EHCP
 CVE-2025-50468 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
-	TODO: check
+	NOT-FOR-US: OpenMetadata
 CVE-2025-50467 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
-	TODO: check
+	NOT-FOR-US: OpenMetadata
 CVE-2025-50466 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
-	TODO: check
+	NOT-FOR-US: OpenMetadata
 CVE-2025-50465 (OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can e ...)
-	TODO: check
+	NOT-FOR-US: OpenMetadata
 CVE-2025-4796 (The Eventin plugin for WordPress is vulnerable to privilege escalation ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4576 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
@@ -71,41 +71,41 @@ CVE-2025-4576 (A reflected cross-site scripting (XSS) vulnerability in the Lifer
 CVE-2025-48913 (If untrusted users are allowed to configure JMS for Apache CXF, previo ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-47872 (The public-facing product registration endpoint server responds  diffe ...)
-	TODO: check
+	NOT-FOR-US: EG4
 CVE-2025-46414 (The affected product does not limit the number of attempts for inputti ...)
-	TODO: check
+	NOT-FOR-US: EG4
 CVE-2025-36119 (IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obta ...)
 	NOT-FOR-US: IBM
 CVE-2025-36023 (IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and  ...)
 	NOT-FOR-US: IBM
 CVE-2012-10053 (Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulne ...)
-	TODO: check
+	NOT-FOR-US: Simple Web Server
 CVE-2012-10052 (EGallery version 1.2 contains an unauthenticated arbitrary file upload ...)
-	TODO: check
+	NOT-FOR-US: EGallery
 CVE-2012-10051 (Photodex ProShow Producer version 5.0.3256 contains a stack-based buff ...)
-	TODO: check
+	NOT-FOR-US: Photodex ProShow Producer
 CVE-2012-10050 (CuteFlow version 2.11.2 and earlier contains an arbitrary file upload  ...)
 	TODO: check
 CVE-2012-10049 (WebPageTest version 2.6 and earlier contains an arbitrary file upload  ...)
-	TODO: check
+	NOT-FOR-US: WebPageTest
 CVE-2012-10048 (Zenoss Core 3.x contains a command injection vulnerability in the show ...)
 	TODO: check
 CVE-2012-10047 (Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: Cyclope Employee Surveillance Solution
 CVE-2012-10046 (The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2 ...)
-	TODO: check
+	NOT-FOR-US: E-Mail Security Virtual Appliance (ESVA)
 CVE-2012-10045 (XODA version 0.4.5 contains an unauthenticated file upload vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: XODA
 CVE-2012-10044 (MobileCartly version 1.0 contains an arbitrary file creation vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: MobileCartly
 CVE-2012-10043 (A stack-based buffer overflow vulnerability exists in ActFax Server ve ...)
-	TODO: check
+	NOT-FOR-US: ActFax Server
 CVE-2012-10042 (Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnera ...)
-	TODO: check
+	NOT-FOR-US: Sflog! CMS
 CVE-2012-10041 (WAN Emulator v2.3 contains two unauthenticated command execution vulne ...)
-	TODO: check
+	NOT-FOR-US: WAN Emulator
 CVE-2012-10036 (Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary f ...)
-	TODO: check
+	NOT-FOR-US: Project Pier
 CVE-2010-10013 (An unauthenticated remote command execution vulnerability exists in Aj ...)
 	TODO: check
 CVE-2025-8708 (A vulnerability was found in Antabot White-Jotter 0.22. It has been de ...)
@@ -446690,7 +446690,7 @@ CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Captur
 CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...)
 	NOT-FOR-US: Aquaforest TIFF Server
 CVE-2020-9322 (The /users endpoint in Statamic Core before 2.11.8 allows XSS to add a ...)
-	TODO: check
+	NOT-FOR-US: Statamic
 CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
 	- traefik <itp> (bug #983289)
 CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab96ceb928ca8da9d5c0fbf30575e5516478304b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab96ceb928ca8da9d5c0fbf30575e5516478304b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250808/9d4f1d05/attachment.htm>

More information about the debian-security-tracker-commits mailing list