[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 18 21:23:14 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52d6179a by Salvatore Bonaccorso at 2025-08-18T22:22:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,43 +17,43 @@ CVE-2025-55585 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain
 CVE-2025-55584 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecu ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-55300 (Komari is a lightweight, self-hosted server monitoring tool designed t ...)
-	TODO: check
+	NOT-FOR-US: Komari
 CVE-2025-55299 (VaulTLS is a modern solution for managing mTLS (mutual TLS) certificat ...)
-	TODO: check
+	NOT-FOR-US: VaulTLS
 CVE-2025-55296 (librenms is a community-based GPL-licensed network monitoring system.  ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2025-55293 (Meshtastic is an open source mesh networking solution. Prior to v2.6.3 ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic
 CVE-2025-55291 (Shaarli is a minimalist bookmark manager and link sharing service. Pri ...)
 	- shaarli <unfixed>
 	NOTE: https://github.com/shaarli/Shaarli/security/advisories/GHSA-7w7w-pw4j-265h
 	NOTE: https://github.com/shaarli/Shaarli/commit/66faa61335a6e72184be64092ff1242ffa4fe5b6 (v0.15.0)
 CVE-2025-55288 (Genealogy is a family tree PHP application. Prior to 4.4.0, Authentica ...)
-	TODO: check
+	NOT-FOR-US: Genealogy
 CVE-2025-55287 (Genealogy is a family tree PHP application. Prior to 4.4.0, Authentica ...)
-	TODO: check
+	NOT-FOR-US: Genealogy
 CVE-2025-55283 (aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7,  ...)
-	TODO: check
+	NOT-FOR-US: Aiven database migration tool
 CVE-2025-55282 (aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7,  ...)
-	TODO: check
+	NOT-FOR-US: Aiven database migration tool
 CVE-2025-55214 (Copier library and CLI app for rendering project templates. From 7.1.0 ...)
 	TODO: check
 CVE-2025-55213 (OpenFGA is a high-performance and flexible authorization/permission en ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2025-55205 (Capsule is a multi-tenancy and policy-based framework for Kubernetes.  ...)
 	TODO: check
 CVE-2025-55201 (Copier library and CLI app for rendering project templates. Prior to 9 ...)
 	TODO: check
 CVE-2025-54421 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-54234 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected  ...)
 	NOT-FOR-US: Adobe
 CVE-2025-54118 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-54117 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-4962 (An Insecure Direct Object Reference (IDOR) vulnerability was identifie ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2025-47206 (An out-of-bounds write vulnerability has been reported to affect File  ...)
 	NOT-FOR-US: QNAP
 CVE-2025-43733 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
@@ -73,7 +73,7 @@ CVE-2025-33100 (IBM Concert Software 1.0.0 through 1.1.0   contains hard-coded c
 CVE-2025-33090 (IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker ...)
 	NOT-FOR-US: IBM
 CVE-2025-32992 (Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Cont ...)
-	TODO: check
+	NOT-FOR-US: Thermo Fisher Scientific ePort
 CVE-2025-27909 (IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sh ...)
 	NOT-FOR-US: IBM
 CVE-2025-1759 (IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker ...)
@@ -34680,7 +34680,7 @@ CVE-2025-32982 (NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorizatio
 CVE-2025-32981 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage  ...)
 	NOT-FOR-US: NETSCOUT
 CVE-2025-32980 (NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configurati ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT nGeniusONE
 CVE-2025-32979 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation  ...)
 	NOT-FOR-US: NETSCOUT
 CVE-2025-2907 (The Order Delivery Date WordPress plugin before 12.3.1 does not have a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52d6179a9cecdaace87f989ea708a70465e0e750

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52d6179a9cecdaace87f989ea708a70465e0e750
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250818/6636d586/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list