[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 15 21:36:21 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2964fc47 by Salvatore Bonaccorso at 2025-08-15T22:35:57+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2025-5046 (A maliciously crafted DGN file, when linked or imported into Auto
 CVE-2025-55285 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
 	TODO: check
 CVE-2025-55207 (Astro is a web framework for content-driven websites. Following CVE-20 ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2025-55203 (Plane is open-source project management software. Prior to version 0.2 ...)
-	TODO: check
+	NOT-FOR-US: Plane
 CVE-2025-54989 (Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, an ...)
 	TODO: check
 CVE-2025-54475 (A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4 ...)
@@ -83,7 +83,7 @@ CVE-2025-54474 (A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 fo
 CVE-2025-54473 (An authenticated RCE vulnerability in Phoca Commander component 1.0.0- ...)
 	NOT-FOR-US: Joomla
 CVE-2025-54466 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Apache OFBiz scrum plugin
 CVE-2025-49898 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49897 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -99,7 +99,7 @@ CVE-2025-26709 (There is an unauthorized access vulnerability in ZTE F50. Due to
 CVE-2025-24975 (Firebird is a relational database. Prior to snapshot versions 4.0.6.31 ...)
 	TODO: check
 CVE-2025-1929 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Reel SEktor hazine ve Risk Yonetimi Yazilimi
 CVE-2024-12573
 	REJECTED
 CVE-2025-9022 (A vulnerability was identified in SourceCodester Online Bank Managemen ...)
@@ -876,7 +876,7 @@ CVE-2012-10059 (Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-a
 CVE-2012-10058 (RabidHamster R4 v1.25 contains astack-based buffer overflow vulnerabil ...)
 	NOT-FOR-US: RabidHamster
 CVE-2012-10057 (Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow  ...)
-	TODO: check
+	NOT-FOR-US: Lattice Semiconductor ispVM System
 CVE-2012-10056 (PHP Volunteer Management System v1.0.2 contains an arbitrary file uplo ...)
 	NOT-FOR-US: PHP Volunteer Management System
 CVE-2012-10055 (ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2964fc47a9d3b5e0b2f0625a086bc8def639f37e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2964fc47a9d3b5e0b2f0625a086bc8def639f37e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250815/827c4305/attachment.htm>

More information about the debian-security-tracker-commits mailing list