[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 14 06:30:51 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b0c4a33 by Salvatore Bonaccorso at 2025-08-14T07:29:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -121,41 +121,41 @@ CVE-2025-52386 (CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection v
 CVE-2025-52385 (An issue in Studio 3T v.2025.1.0 and before allows a remote attacker t ...)
 	NOT-FOR-US: Studio 3T
 CVE-2025-51691 (Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d ...)
-	TODO: check
+	NOT-FOR-US: MarkTwoMarkTwo
 CVE-2025-51452 (In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can byp ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-51451 (In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass logi ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-50946 (OS Command Injection in Olivetin 2025.4.22 Custom Themes via the Parse ...)
-	TODO: check
+	NOT-FOR-US: Olivetin
 CVE-2025-50690 (A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference. ...)
-	TODO: check
+	NOT-FOR-US: SpatialReference.org (OSGeo/spatialreference.org)
 CVE-2025-50635 (A null pointer dereference vulnerability was discovered in Netis WF278 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50617 (A buffer overflow vulnerability has been discovered in Netis WF2880 v2 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50616 (A buffer overflow vulnerability has been discovered in Netis WF2880 v2 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50615 (A buffer overflow vulnerability has been discovered in Netis WF2880 v2 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50614 (A buffer overflow vulnerability has been discovered in the Netis WF288 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50613 (A buffer overflow vulnerability has been discovered in Netis WF2880 v2 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50612 (A buffer overflow vulnerability has been discovered in the Netis WF288 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50611 (A buffer overflow vulnerability has been discovered in Netis WF2880 v2 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50610 (A buffer overflow vulnerability has been discovered in Netis WF2880 v2 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50609 (A buffer overflow vulnerability has been discovered in Netis WF2880 v2 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50608 (A buffer overflow vulnerability has been discovered in Netis WF2880 v2 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-50594 (An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settin ...)
-	TODO: check
+	NOT-FOR-US: Danphe Health Hospital Management System EMR
 CVE-2025-50251 (Server side request forgery (SSRF) vulnerability in makeplane plane 0. ...)
-	TODO: check
+	NOT-FOR-US: makeplane plane
 CVE-2025-48989 (Improper Resource Shutdown or Release vulnerability in Apache Tomcat m ...)
 	- tomcat11 <unfixed>
 	- tomcat10 <unfixed>
@@ -165,21 +165,21 @@ CVE-2025-48989 (Improper Resource Shutdown or Release vulnerability in Apache To
 	NOTE: https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255 (10.1.44)
 	NOTE: https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf (9.0.108)
 CVE-2025-48500 (A missing file integrity check vulnerability exists on MacOS F5 VPN br ...)
-	TODO: check
+	NOT-FOR-US: MacOS F5 VPN browser client installer
 CVE-2025-46405 (When Network Access is configured on a BIG-IP APM virtual server, undi ...)
 	NOT-FOR-US: F5
 CVE-2025-45317 (A zip slip vulnerability in the /modules/ImportModule.php component of ...)
-	TODO: check
+	NOT-FOR-US: hortusfox-web
 CVE-2025-45316 (A cross-site scripting (XSS) vulnerability in the TextBlockModule.php  ...)
-	TODO: check
+	NOT-FOR-US: hortusfox-web
 CVE-2025-45315 (A cross-site scripting (XSS) vulnerability in the /controller/admin.ph ...)
-	TODO: check
+	NOT-FOR-US: hortusfox-web
 CVE-2025-45314 (A cross-site scripting (XSS) vulnerability in the /Calendar endpoint o ...)
-	TODO: check
+	NOT-FOR-US: hortusfox-web
 CVE-2025-45313 (A cross-site scripting (XSS) vulnerability in the /tasks endpoint of h ...)
-	TODO: check
+	NOT-FOR-US: hortusfox-web
 CVE-2025-43989 (The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA  ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Tuoshi
 CVE-2025-43988 (KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API en ...)
 	TODO: check
 CVE-2025-43986 (An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 de ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b0c4a3309922f03aed5c6041b27320da59ef8ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b0c4a3309922f03aed5c6041b27320da59ef8ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250814/dbe353c0/attachment.htm>

More information about the debian-security-tracker-commits mailing list