[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 22 09:18:36 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af801236 by Salvatore Bonaccorso at 2025-08-22T10:18:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2025-8678 (The WP Crontrol plugin for WordPress is vulnerable to Server-Side
 CVE-2025-8281 (The WP Talroo WordPress plugin through 2.4 does not sanitise and escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-57699 (Western Digital Kitfox for Windows provided by Western Digital Corpora ...)
-	TODO: check
+	NOT-FOR-US: Western Digital Kitfox
 CVE-2025-51606 (hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON  ...)
-	TODO: check
+	NOT-FOR-US: Hippo4j
 CVE-2025-43753 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
 	NOT-FOR-US: Liferay
 CVE-2025-43752 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro ...)
@@ -13,9 +13,9 @@ CVE-2025-43752 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.
 CVE-2025-43747 (A server-side request forgery (SSRF) vulnerability exists in the Lifer ...)
 	NOT-FOR-US: Liferay
 CVE-2025-41452 (Post-authenticated external control of system web interface configurat ...)
-	TODO: check
+	NOT-FOR-US: Danfoss AK-SM8xxA Series
 CVE-2025-41451 (Improper neutralization of alarm-to-mail configuration fields used in  ...)
-	TODO: check
+	NOT-FOR-US: Danfoss AK-SM8xxA Series
 CVE-2023-4143
 	REJECTED
 CVE-2023-4131
@@ -23,35 +23,35 @@ CVE-2023-4131
 CVE-2023-3948
 	REJECTED
 CVE-2010-20123 (Steinberg MyMP3Player version 3.0 (build 3.0.0.67) is vulnerable to a  ...)
-	TODO: check
+	NOT-FOR-US: Steinberg MyMP3Player
 CVE-2010-20122 (Xftp FTP Client version up to and including 3.0 (build 0238) contain a ...)
-	TODO: check
+	NOT-FOR-US: Xftp FTP Client
 CVE-2010-20121 (EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer ov ...)
-	TODO: check
+	NOT-FOR-US: EasyFTP Server
 CVE-2010-20120 (Maple versions up to and including 13's Maplet framework allows embedd ...)
 	TODO: check
 CVE-2010-20119 (CommuniCrypt Mail versions up to and including 1.16 contains a stack-b ...)
-	TODO: check
+	NOT-FOR-US: CommuniCrypt Mail
 CVE-2010-20115 (Arcane Software\u2019s Vermillion FTP Daemon (vftpd) versions up to an ...)
 	TODO: check
 CVE-2010-20114 (VariCAD EN up to and including version 2010-2.05 is vulnerable to a st ...)
-	TODO: check
+	NOT-FOR-US: VariCAD
 CVE-2010-20113 (EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer over ...)
-	TODO: check
+	NOT-FOR-US: EasyFTP Server
 CVE-2010-20112 (Amlib\u2019s NetOpacs webquery.dll contains a stack-based buffer overf ...)
 	TODO: check
 CVE-2010-20111 (Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vu ...)
-	TODO: check
+	NOT-FOR-US: Digital Music Pad
 CVE-2010-20109 (Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and W ...)
 	TODO: check
 CVE-2010-20108 (FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: FTPPad
 CVE-2010-20107 (A stack-based buffer overflow exists in FTP Synchronizer Professional  ...)
-	TODO: check
+	NOT-FOR-US: FTP Synchronizer Professional
 CVE-2010-20034 (Gekko Manager FTP Client <= 0.77 contains a stack-based buffer overflo ...)
-	TODO: check
+	NOT-FOR-US: Gekko Manager FTP Client
 CVE-2010-20007 (Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer ove ...)
-	TODO: check
+	NOT-FOR-US: Seagull FTP Client
 CVE-2010-10015 (AOL versions up to and including 9.5 includes an ActiveX control (Phob ...)
 	TODO: check
 CVE-2009-20004 (gAlan 0.2.1, a modular audio processing environment for Windows, is vu ...)
@@ -162,7 +162,7 @@ CVE-2025-55367 (Incorrect access control in the component \controller\SupplierCo
 CVE-2025-55366 (Incorrect access control in the component \controller\UserController.j ...)
 	NOT-FOR-US: jshERP
 CVE-2025-55297 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
-	TODO: check
+	NOT-FOR-US: ESF-IDF
 CVE-2025-55231 (Concurrent execution using shared resource with improper synchronizati ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-55230 (Untrusted pointer dereference in Windows MBT Transport driver allows a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af801236fd6af7ed21b8ba887f9ec479ecf49c0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af801236fd6af7ed21b8ba887f9ec479ecf49c0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250822/a62d25a8/attachment.htm>

More information about the debian-security-tracker-commits mailing list