[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 21 22:13:42 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
efeb32d6 by Salvatore Bonaccorso at 2025-08-21T23:12:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -86,7 +86,7 @@ CVE-2025-55521 (An issue in the component /settings/localisation of Akaunting v3
 CVE-2025-55420 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /ind ...)
 	NOT-FOR-US: FoxCMS
 CVE-2025-55383 (Moss before v0.15 has a file upload vulnerability. The "upload" functi ...)
-	TODO: check
+	NOT-FOR-US: Moss
 CVE-2025-55371 (Incorrect access control in the component /controller/PersonController ...)
 	NOT-FOR-US: jshERP
 CVE-2025-55370 (Incorrect access control in the component \controller\ResourceControll ...)
@@ -100,47 +100,47 @@ CVE-2025-55366 (Incorrect access control in the component \controller\UserContro
 CVE-2025-55297 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
 	TODO: check
 CVE-2025-55231 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-55230 (Untrusted pointer dereference in Windows MBT Transport driver allows a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-55229 (Improper verification of cryptographic signature in Windows Certificat ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-55107 (There is a stored   Cross-site Scripting vulnerability in Esri Portal  ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2025-55106 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2025-55105 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2025-55104 (A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB an ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2025-55103 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2025-54460 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2025-53795 (Improper authorization in Microsoft PC Manager allows an unauthorized  ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-53763 (Improper access control in Azure Databricks allows an unauthorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-53251 (Unrestricted Upload of File with Dangerous Type vulnerability in An-Th ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52395 (An issue in Roadcute API v.1 allows a remote attacker to execute arbit ...)
-	TODO: check
+	NOT-FOR-US: Roadcute
 CVE-2025-52352 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a conf ...)
-	TODO: check
+	NOT-FOR-US: Aikaan IoT management platform
 CVE-2025-52351 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly g ...)
-	TODO: check
+	NOT-FOR-US: Aikaan IoT management platform
 CVE-2025-52194 (A buffer overflow vulnerability exists in libsndfile version 1.2.2 and ...)
 	TODO: check
 CVE-2025-51989 (HTML injection vulnerability in the registration interface in Evolutio ...)
-	TODO: check
+	NOT-FOR-US: HRmaster
 CVE-2025-51818 (MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.ph ...)
-	TODO: check
+	NOT-FOR-US: MCCMS
 CVE-2025-50860 (SQL Injection in the listdomains function in Easy Hosting Control Pane ...)
-	TODO: check
+	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
 CVE-2025-48956 (vLLM is an inference and serving engine for large language models (LLM ...)
 	TODO: check
 CVE-2025-47184 (An XML external entities (XXE) injection vulnerability in the /init AP ...)
-	TODO: check
+	NOT-FOR-US: Exagid EX10
 CVE-2025-43756 (<!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}- ...)
 	NOT-FOR-US: Liferay
 CVE-2025-43755 (A Stored cross-site scripting vulnerability in the Liferay Portal 7.4. ...)
@@ -148,25 +148,25 @@ CVE-2025-43755 (A Stored cross-site scripting vulnerability in the Liferay Porta
 CVE-2025-43754 (Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4 ...)
 	NOT-FOR-US: Liferay
 CVE-2025-41415 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2025-3128 (A remote unauthenticated attacker who has bypassed authentication coul ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi Electric
 CVE-2025-38743 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-38742 (Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-34158 (Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affecte ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-27721 (Unauthorized users can access INFINITT PACS System Managerwithout prop ...)
-	TODO: check
+	NOT-FOR-US: INFINITT Healthcare
 CVE-2025-27714 (An attacker could exploit this vulnerability by uploading arbitrary  f ...)
-	TODO: check
+	NOT-FOR-US: INFINITT Healthcare
 CVE-2025-24489 (An attacker could exploit this vulnerability by uploading arbitrary  f ...)
-	TODO: check
+	NOT-FOR-US: INFINITT Healthcare
 CVE-2024-50641 (An authentication bypass vulnerability in PandoraNext-TokensTool v0.6. ...)
-	TODO: check
+	NOT-FOR-US: PandoraNext-TokensTool
 CVE-2024-45438 (An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8. ...)
-	TODO: check
+	NOT-FOR-US: TitanHQ SpamTitan Email Security Gateway
 CVE-2025-XXXX [OSSN-0094]
 	- nova 2:31.0.0-7 (bug #1111689)
 	- watcher 14.0.0-3 (bug #1111692)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efeb32d69c050dbcb08ea3617e9b8f8208d0d488

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efeb32d69c050dbcb08ea3617e9b8f8208d0d488
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250821/ab11263e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list