[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 13 21:24:35 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cec9826a by Salvatore Bonaccorso at 2025-08-13T22:23:59+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,21 +27,21 @@ CVE-2025-8916 (Allocation of Resources Without Limits or Throttling vulnerabilit
 	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/310b30a4fbf36d13f6cc201ffa7771715641e67e (r1rv79)
 	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/ff444a479942d88de64004dc82c3ee32a9e9075a (r1rv79)
 CVE-2025-8914 (Organization Portal System developed by WellChoose has a SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2025-8913 (Organization Portal System developed by WellChoose has a Local File In ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2025-8912 (Organization Portal System developed by WellChoose has an Arbitrary Fi ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2025-8911 (Organization Portal System developed by WellChoose has a Reflected Cro ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2025-8910 (Organization Portal System developed by WellChoose has a Reflected Cro ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2025-8909 (Organization Portal System developed by WellChoose has an Arbitrary Fi ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2025-8908 (A vulnerability was determined in Shanghai Lingdang Information Techno ...)
-	TODO: check
+	NOT-FOR-US: Shanghai Lingdang Information Technology Lingdang CRM
 CVE-2025-8907 (A vulnerability was found in H3C M2 NAS V100R006. Affected by this vul ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-8904 (Amazon EMR Secret Agent creates a keytab file containing Kerberos cred ...)
 	NOT-FOR-US: Amazon
 CVE-2025-8770 (An issue has been discovered in GitLab EE affecting all versions from  ...)
@@ -63,9 +63,9 @@ CVE-2025-55668 (Session Fixation vulnerability in Apache Tomcat via rewrite valv
 CVE-2025-55345 (Using Codex CLI in workspace-write mode inside a malicious context (re ...)
 	TODO: check
 CVE-2025-55280 (This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi crede ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco
 CVE-2025-55279 (This vulnerability exists in ZKTeco WL20 due to hard-coded private key ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco
 CVE-2025-55163 (Netty is an asynchronous, event-driven network application framework.  ...)
 	TODO: check
 CVE-2025-55160 (ImageMagick is free and open-source software used for editing and mani ...)
@@ -77,27 +77,27 @@ CVE-2025-55005 (ImageMagick is free and open-source software used for editing an
 CVE-2025-55004 (ImageMagick is free and open-source software used for editing and mani ...)
 	TODO: check
 CVE-2025-54809 (F5 Access for Android before version 3.1.2 which uses HTTPS does not v ...)
-	TODO: check
+	NOT-FOR-US: F5 Access for Android
 CVE-2025-54791 (OMERO.web provides a web based client and plugin infrastructure. Prior ...)
-	TODO: check
+	NOT-FOR-US: OMERO.web
 CVE-2025-54500 (An HTTP/2 implementation flaw allows a denial-of-service (DoS) that us ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2025-54465 (This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT creden ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco
 CVE-2025-54464 (This vulnerability exists in ZKTeco WL20 due to storage of admin and u ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco
 CVE-2025-54382 (Cherry Studio is a desktop client that supports for multiple LLM provi ...)
-	TODO: check
+	NOT-FOR-US: Cherry Studio
 CVE-2025-54074 (Cherry Studio is a desktop client that supports for multiple LLM provi ...)
-	TODO: check
+	NOT-FOR-US: Cherry Studio
 CVE-2025-52585 (When a BIG-IP LTM Client SSL profile is configured on a virtual server ...)
 	NOT-FOR-US: F5
 CVE-2025-52392 (Soosyze CMS 2.0 allows brute-force login attacks via the /user/login e ...)
-	TODO: check
+	NOT-FOR-US: Soosyze CMS
 CVE-2025-52386 (CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a c ...)
-	TODO: check
+	NOT-FOR-US: CycloneDX Sunshine
 CVE-2025-52385 (An issue in Studio 3T v.2025.1.0 and before allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: Studio 3T
 CVE-2025-51691 (Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d ...)
 	TODO: check
 CVE-2025-51452 (In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can byp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec9826a5c6159b92b918accbf076b995da9e867

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec9826a5c6159b92b918accbf076b995da9e867
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250813/3cca506e/attachment.htm>

More information about the debian-security-tracker-commits mailing list