[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Aug 26 10:11:51 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9492ff1f by Moritz Muehlenhoff at 2025-08-26T11:11:24+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2025-5931 (The Dokan Pro plugin for WordPress is vulnerable to privilege esc
 CVE-2025-57814 (request-filtering-agent is an http(s).Agent implementation that blocks ...)
 	TODO: check
 CVE-2025-57809 (XGrammar is an open-source library for efficient, flexible, and portab ...)
-	TODO: check
+	NOT-FOR-US: XGrammar
 CVE-2025-57805 (The Scratch Channel is a news website. In versions 1 and 1.1, a POST r ...)
-	TODO: check
+	NOT-FOR-US: CVE-2025-57805 (The Scratch Channel
 CVE-2025-57804 (h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ...)
 	TODO: check
 CVE-2025-57704 (Delta Electronics EIP Builder version 1.11 is vulnerable to a File Par ...)
@@ -83,7 +83,7 @@ CVE-2025-53419 (Delta Electronics COMMGR has Code Injection vulnerability.)
 CVE-2025-53418 (Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-41702 (The JWT secret key is embedded in the egOS WebGUI backend and is reada ...)
-	TODO: check
+	NOT-FOR-US: egOS WebGUI
 CVE-2024-8860 (The Tourfic plugin for WordPress is vulnerable to unauthorized modific ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9417 (A weakness has been identified in itsourcecode Apartment Management Sy ...)
@@ -113,7 +113,7 @@ CVE-2025-7426 (Information disclosure and exposure of authentication FTP credent
 CVE-2025-6737 (Securden\u2019s Unified PAM Remote Vendor Gateway access portal shares ...)
 	NOT-FOR-US: Securden's Unified PAM Remote Vendor Gateway access portal
 CVE-2025-5302 (A denial of service vulnerability exists in the JSONReader component o ...)
-	TODO: check
+	NOT-FOR-US: run-llama/llama_index
 CVE-2025-57811 (Craft is a platform for creating digital experiences. From versions 4. ...)
 	NOT-FOR-US: Craft CMS
 CVE-2025-57802 (Airlink's Daemon interfaces with Docker and the Panel to provide secur ...)
@@ -193,16 +193,16 @@ CVE-2025-54481 (A stack-based buffer overflow vulnerability exists in the MFER p
 	NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
 	NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
 CVE-2025-54370 (PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing ...)
-	TODO: check
+	NOT-FOR-US: PHPOffice
 CVE-2025-53510 (A memory corruption vulnerability exists in the PSD Image Decoding fun ...)
 	- sail <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218
 CVE-2025-53120 (A path traversal vulnerability in unauthenticated upload functionality ...)
-	TODO: check
+	NOT-FOR-US: Securden Unified PAM
 CVE-2025-53119 (An unauthenticated unrestricted file upload vulnerability allows an at ...)
-	TODO: check
+	NOT-FOR-US: Securden Unified PAM
 CVE-2025-53118 (An authentication bypass vulnerability exists which allows an unauthen ...)
-	TODO: check
+	NOT-FOR-US: Securden Unified PAM
 CVE-2025-53085 (A memory corruption vulnerability exists in the PSD RLE Decoding funct ...)
 	- sail <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219
@@ -213,15 +213,15 @@ CVE-2025-52456 (A memory corruption vulnerability exists in the WebP Image Decod
 	- sail <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224
 CVE-2025-52130 (File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controll ...)
-	TODO: check
+	NOT-FOR-US: WebErpMesv2
 CVE-2025-51281 (D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en` ...)
 	NOT-FOR-US: D-Link
 CVE-2025-50900 (An issue was discovered in getrebuild/rebuild 4.0.4. The affected sour ...)
-	TODO: check
+	NOT-FOR-US: getrebuild/rebuild
 CVE-2025-50722 (Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: sparkshop
 CVE-2025-50383 (alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQ ...)
-	TODO: check
+	NOT-FOR-US: alextselegidis Easy!Appointments
 CVE-2025-50129 (A memory corruption vulnerability exists in the PCX Image Decoding fun ...)
 	- sail <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220
@@ -231,11 +231,11 @@ CVE-2025-46407 (A memory corruption vulnerability exists in the BMPv3 Palette De
 	- sail <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215
 CVE-2025-45968 (An issue in System PDV v1.0 allows a remote attacker to obtain sensiti ...)
-	TODO: check
+	NOT-FOR-US: System PDV
 CVE-2025-44179 (Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: Hitron CGNF-TWN
 CVE-2025-44178 (DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access  ...)
-	TODO: check
+	NOT-FOR-US: DASAN GPON ONU H660WM
 CVE-2025-43960 (Adminer 4.8.1, when using Monolog for logging, allows a Denial of Serv ...)
 	TODO: check
 CVE-2025-3478 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified  ...)
@@ -249,9 +249,9 @@ CVE-2025-32468 (A memory corruption vulnerability exists in the BMPv3 Image Deco
 	- sail <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216
 CVE-2025-29525 (DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5- ...)
-	TODO: check
+	NOT-FOR-US: DASAN GPON ONU H660WM
 CVE-2025-29524 (Incorrect access control in the component /cgi-bin/system_diagnostic_m ...)
-	TODO: check
+	NOT-FOR-US: DASAN GPON ONU H660WM
 CVE-2025-29523 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discover ...)
 	NOT-FOR-US: D-Link
 CVE-2025-29522 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discover ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9492ff1f6f37703cc54f880a9fbafaabada3f50a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9492ff1f6f37703cc54f880a9fbafaabada3f50a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250826/e349c256/attachment.htm>

More information about the debian-security-tracker-commits mailing list