[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 27 21:41:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38225ff2 by Salvatore Bonaccorso at 2025-08-27T22:37:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,43 +69,43 @@ CVE-2025-58192 (Missing Authorization vulnerability in Xylus Themes WP Bulk Dele
 CVE-2025-57821 (Basecamp's Google Sign-In adds Google sign-in to Rails applications. P ...)
 	TODO: check
 CVE-2025-56694 (Client-side password validation (CWE-602) in lumasoft fotoShare Cloud  ...)
-	TODO: check
+	NOT-FOR-US: lumasoft fotoShare Cloud
 CVE-2025-55618 (In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker ca ...)
-	TODO: check
+	NOT-FOR-US: Hyundai
 CVE-2025-55582 (D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watc ...)
 	NOT-FOR-US: D-Link
 CVE-2025-55495 (Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overfl ...)
 	NOT-FOR-US: Tenda
 CVE-2025-55422 (In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulne ...)
-	TODO: check
+	NOT-FOR-US: FoxCMS
 CVE-2025-54598 (The Bevy Event service through 2025-07-22, as used for eBay Seller Eve ...)
-	TODO: check
+	NOT-FOR-US: Bevy Event service
 CVE-2025-53105 (GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a F ...)
 	TODO: check
 CVE-2025-52122 (Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an S ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS plugin
 CVE-2025-51667 (An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The / ...)
 	TODO: check
 CVE-2025-50989 (OPNsense 25.1 contains an authenticated command injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OPNsense
 CVE-2025-50986 (diskover-web v2.3.0 Community Edition suffers from multiple stored cro ...)
-	TODO: check
+	NOT-FOR-US: diskover-web
 CVE-2025-50985 (diskover-web v2.3.0 Community Edition is vulnerable to multiple reflec ...)
-	TODO: check
+	NOT-FOR-US: diskover-web
 CVE-2025-50984 (diskover-web v2.3.0 Community Edition is vulnerable to multiple boolea ...)
-	TODO: check
+	NOT-FOR-US: diskover-web
 CVE-2025-50983 (SQL Injection vulnerability exists in the sortKey parameter of the GET ...)
-	TODO: check
+	NOT-FOR-US: readarr
 CVE-2025-50979 (NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories  ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2025-50978 (In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Gitblit
 CVE-2025-50977 (A template injection vulnerability leading to reflected cross-site scr ...)
 	TODO: check
 CVE-2025-50972 (SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: AbanteCart
 CVE-2025-50428 (In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: RaspAP
 CVE-2025-4225 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	TODO: check
 CVE-2025-43882 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified ...)
@@ -161,31 +161,31 @@ CVE-2025-2313 (In the Print.pl service, the "uhcPrintServerPrint" function allow
 CVE-2025-2246 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
 	TODO: check
 CVE-2025-20348 (A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20347 (A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20344 (A vulnerability in the backup restore functionality of Cisco Nexus Das ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20342 (A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connectio ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20317 (A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connectio ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20296 (A vulnerability in the web-based management interface of Cisco UCS Man ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20295 (A vulnerability in the CLI of Cisco UCS Manager Software could allow a ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20294 (Multiple vulnerabilities in the CLI and web-based management interface ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20292 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20290 (A vulnerability in the logging feature of Cisco NX-OS Software for Cis ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20262 (A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20241 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...)
 	NOT-FOR-US: Cisco
 CVE-2024-37777 (O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vu ...)
-	TODO: check
+	NOT-FOR-US: O2OA
 CVE-2025-58050 (The PCRE2 library is a set of C functions that implement regular expre ...)
 	- pcre2 <unfixed>
 	[bookworm] - pcre2 <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38225ff2a979fb83e11dad66be51ff195386af59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38225ff2a979fb83e11dad66be51ff195386af59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250827/0c7a1ca8/attachment.htm>

More information about the debian-security-tracker-commits mailing list