[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9352c338 by Salvatore Bonaccorso at 2025-08-22T22:41:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-9341 (Uncontrolled Resource Consumption vulnerability in Legion of the Bounc ...)
-	TODO: check
+	NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle
 CVE-2025-9340 (Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc.  ...)
-	TODO: check
+	NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle
 CVE-2025-9331 (The Spacious theme for WordPress is vulnerable to unauthorized modific ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9259 (WebITR developed by Uniong has an Arbitrary File Reading vulnerability ...)
@@ -111,31 +111,31 @@ CVE-2025-54813 (Improper Output Neutralization for Logs vulnerability in Apache
 CVE-2025-54812 (Improper Output Neutralization for Logs vulnerability in Apache Log4cx ...)
 	TODO: check
 CVE-2025-53363 (dpanel is an open source server management panel written in Go. In ver ...)
-	TODO: check
+	NOT-FOR-US: Dpanel
 CVE-2025-52287 (OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: OperaMasks SDK ELite Script Engine
 CVE-2025-52095 (An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate ...)
-	TODO: check
+	NOT-FOR-US: PDQ Smart Deploy
 CVE-2025-52094 (Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allo ...)
-	TODO: check
+	NOT-FOR-US: PDQ Smart Deploy
 CVE-2025-52085 (An SQL injection vulnerability in Yoosee application v6.32.4 allows au ...)
-	TODO: check
+	NOT-FOR-US: Yoosee application
 CVE-2025-51825 (JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL  ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2025-51605 (An issue was discovered in Shopizer 3.2.7. The server's CORS implement ...)
-	TODO: check
+	NOT-FOR-US: Shopizer
 CVE-2025-51092 (The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: LogIn-SignUp project
 CVE-2025-50859 (Reflected Cross-Site Scripting in the Change Template function in Easy ...)
-	TODO: check
+	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
 CVE-2025-50858 (Reflected Cross-Site Scripting in the List MySQL Databases function in ...)
-	TODO: check
+	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
 CVE-2025-50733 (NextChat contains a cross-site scripting (XSS) vulnerability in the HT ...)
 	TODO: check
 CVE-2025-50691 (MCSManager 10.5.3 daemon process runs as a root account by default, an ...)
-	TODO: check
+	NOT-FOR-US: MCSManager
 CVE-2025-50674 (An issue was discovered in the changePassword method in file /usr/shar ...)
-	TODO: check
+	NOT-FOR-US: OpenMediaVault
 CVE-2025-4650 (User with high privileges is able to introduce a SQLi using the Meta S ...)
 	NOT-FOR-US: Centreon
 CVE-2025-43762 (Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro ...)
@@ -157,19 +157,19 @@ CVE-2025-29366 (In mupen64plus v2.6.0 there is an array overflow vulnerability i
 CVE-2025-29365 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow ...)
 	TODO: check
 CVE-2024-56179 (In MindManager Windows versions prior to 24.1.150, attackers could pot ...)
-	TODO: check
+	NOT-FOR-US: MindManager Windows
 CVE-2024-53499 (Jeewms v3.7 was discovered to contain a SQL injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: Jeewms
 CVE-2024-53496 (Incorrect access control in the doFilter function of my-site v1.0.2.RE ...)
-	TODO: check
+	NOT-FOR-US: my-site
 CVE-2024-53494 (Incorrect access control in the preHandle function of SpringBootBlog v ...)
-	TODO: check
+	NOT-FOR-US: SpringBootBlog
 CVE-2024-52786 (An authentication bypass vulnerability in anji-plus AJ-Report up to v1 ...)
-	TODO: check
+	NOT-FOR-US: anji-plus AJ-Report
 CVE-2024-50645 (MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An  ...)
-	TODO: check
+	NOT-FOR-US: MallChat
 CVE-2024-50644 (zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: zhisheng17 blog
 CVE-2024-48988 (SQL Injection vulnerability in Apache StreamPark.  This issue affects  ...)
 	TODO: check
 CVE-2009-10006 (UFO: Alien Invasion versions up to and including 2.2.1 contain a buffe ...)
@@ -259592,7 +259592,7 @@ CVE-2022-43112
 CVE-2022-43111
 	RESERVED
 CVE-2022-43110 (Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard  ...)
-	TODO: check
+	NOT-FOR-US: Voltronic Power ViewPower
 CVE-2022-43109 (D-Link DIR-823G v1.0.2 was found to contain a command injection vulner ...)
 	NOT-FOR-US: D-Link
 CVE-2022-43108 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow  ...)
@@ -291883,7 +291883,7 @@ CVE-2022-31493 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_i
 CVE-2022-31492 (Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0  ...)
 	NOT-FOR-US: LibreHealth EHR Base
 CVE-2022-31491 (Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2. ...)
-	TODO: check
+	NOT-FOR-US: Voltronic Power ViewPower
 CVE-2022-31490
 	RESERVED
 CVE-2022-31489 (Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inouti ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9352c338a591067f6275d3a08704d7403b5d86ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9352c338a591067f6275d3a08704d7403b5d86ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250822/0cc5d8ac/attachment-0001.htm>