[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Aug 22 21:24:37 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba9ba947 by Salvatore Bonaccorso at 2025-08-22T22:24:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,17 +5,17 @@ CVE-2025-9340 (Out-of-bounds Write vulnerability in Legion of the Bouncy Castle
 CVE-2025-9331 (The Spacious theme for WordPress is vulnerable to unauthorized modific ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9259 (WebITR developed by Uniong has an Arbitrary File Reading vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WebITR
 CVE-2025-9258 (WebITR developed by Uniong has an Arbitrary File Reading vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WebITR
 CVE-2025-9257 (WebITR developed by Uniong has an Arbitrary File Reading vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WebITR
 CVE-2025-9256 (WebITR developed by Uniong has an Arbitrary File Reading vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WebITR
 CVE-2025-9255 (WebITR developed by Uniong has a SQL Injection vulnerability, allowing ...)
-	TODO: check
+	NOT-FOR-US: WebITR
 CVE-2025-9254 (WebITR developed by Uniong has a Missing Authentication vulnerability, ...)
-	TODO: check
+	NOT-FOR-US: WebITR
 CVE-2025-6791 (On the monitoring event logs page, it is possible to alter the http re ...)
 	NOT-FOR-US: Centreon
 CVE-2025-57896 (Missing Authorization vulnerability in andy_moyle Church Admin allows  ...)
@@ -43,47 +43,47 @@ CVE-2025-57885 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jew
 CVE-2025-57884 (Missing Authorization vulnerability in wpsoul Greenshift allows Exploi ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-57801 (gnark is a zero-knowledge proof system framework. In versions prior to ...)
-	TODO: check
+	NOT-FOR-US: gnark
 CVE-2025-57800 (Audiobookshelf is an open-source self-hosted audiobook server. In vers ...)
-	TODO: check
+	NOT-FOR-US: Audiobookshelf
 CVE-2025-57771 (Roo Code is an AI-powered autonomous coding agent that lives in users' ...)
-	TODO: check
+	NOT-FOR-US: Roo Code
 CVE-2025-57770 (The open-source identity infrastructure software Zitadel allows admini ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2025-57105 (The DI-7400G+ router has a command injection vulnerability, which allo ...)
-	TODO: check
+	NOT-FOR-US: DI-7400G+ router
 CVE-2025-55745 (UnoPim is an open-source Product Information Management (PIM) system b ...)
-	TODO: check
+	NOT-FOR-US: UnoPim
 CVE-2025-55741 (UnoPim is an open-source Product Information Management (PIM) system b ...)
-	TODO: check
+	NOT-FOR-US: UnoPim
 CVE-2025-55637 (Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55634 (Incorrect access control in the RTMP server settings of Reolink Smart  ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55631 (Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55630 (A discrepancy in the error message returned by the login function of R ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55629 (Insecure permissions in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55627 (Insufficient privilege verification in Reolink Smart 2K+ Plug-in Wi-Fi ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55626 (An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Sm ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55625 (An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows at ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55624 (An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allo ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55623 (An issue in the lock screen component of Reolink v4.54.0.4.20250526 al ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55622 (Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking  ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55621 (An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4 ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55620 (A cross-site scripting (XSS) vulnerability in the valuateJavascript()  ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55619 (Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encry ...)
-	TODO: check
+	NOT-FOR-US: Reolink
 CVE-2025-55613 (Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the from ...)
 	NOT-FOR-US: Tenda
 CVE-2025-55611 (D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLa ...)
@@ -101,11 +101,11 @@ CVE-2025-55599 (D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the
 CVE-2025-55581 (D-Link DCS-825L firmware version 1.08.01 and possibly prior versions c ...)
 	NOT-FOR-US: D-Link
 CVE-2025-55573 (QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (X ...)
-	TODO: check
+	NOT-FOR-US: QuantumNous new-api
 CVE-2025-55454 (An authenticated arbitrary file upload vulnerability in the component  ...)
-	TODO: check
+	NOT-FOR-US: DooTask
 CVE-2025-55398 (An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - ...)
-	TODO: check
+	NOT-FOR-US: mouse07410 asn1c
 CVE-2025-54813 (Improper Output Neutralization for Logs vulnerability in Apache Log4cx ...)
 	TODO: check
 CVE-2025-54812 (Improper Output Neutralization for Logs vulnerability in Apache Log4cx ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba9ba9471d293319762c02430b1d4fc5d5726a10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba9ba9471d293319762c02430b1d4fc5d5726a10
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250822/7ea6c352/attachment.htm>
