[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Aug 29 07:46:56 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7856660d by Moritz Muehlenhoff at 2025-08-29T08:46:32+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -343,19 +343,19 @@ CVE-2025-39496 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-36003 (IBM Security Verify Governance Identity Manager 10.0.2 could allow a r ...)
 	NOT-FOR-US: IBM
 CVE-2025-34523 (A heap-based buffer overflow vulnerability exists in the exists in the ...)
-	TODO: check
+	NOT-FOR-US: Arcserve
 CVE-2025-34522 (A heap-based buffer overflow vulnerability exists in the input parsing ...)
-	TODO: check
+	NOT-FOR-US: Arcserve
 CVE-2025-34521 (A reflected cross-site scripting (XSS) vulnerability exists in the web ...)
-	TODO: check
+	NOT-FOR-US: Arcserve
 CVE-2025-34520 (An authentication bypass vulnerability in Arcserve Unified Data Protec ...)
-	TODO: check
+	NOT-FOR-US: Arcserve
 CVE-2025-34163 (Dongsheng Logistics Software exposes an unauthenticated endpoint at /C ...)
-	TODO: check
+	NOT-FOR-US: Dongsheng Logistics Software
 CVE-2025-34162 (An unauthenticated SQL injection vulnerability exists in the GetLyfsBy ...)
-	TODO: check
+	NOT-FOR-US: Bian Que Feijiu Intelligent Emergency and Quality Control System
 CVE-2025-34160 (AnyShare contains a critical unauthenticated remote code execution vul ...)
-	TODO: check
+	NOT-FOR-US: AnyShare
 CVE-2025-31979 (A File Upload Validation Bypass vulnerability has been identified in t ...)
 	NOT-FOR-US: HCL
 CVE-2025-31977 (HCL BigFix SM is affected by cryptographic weakness due to weak or out ...)
@@ -367,7 +367,7 @@ CVE-2025-31971 (AIML Solutions for HCL SX is vulnerable to a URL validation vuln
 CVE-2025-29364 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow ...)
 	TODO: check
 CVE-2025-25010 (Incorrect authorization in Kibana can lead to privilege escalation via ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2025-0951 (Multiple plugins and/or themes for WordPress by LiquidThemes are vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9648 (The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file  ...)
@@ -375,29 +375,29 @@ CVE-2024-9648 (The WP ULike Pro plugin for WordPress is vulnerable to arbitrary
 CVE-2024-49790 (IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to c ...)
 	NOT-FOR-US: IBM
 CVE-2024-48908 (lychee link checking action checks links in Markdown, HTML, and text f ...)
-	TODO: check
+	NOT-FOR-US: lychee link
 CVE-2024-13986 (Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2024-13985 (A command injection vulnerability in Dahua EIMS versions prior to 2240 ...)
-	TODO: check
+	NOT-FOR-US: Dahua EIMS
 CVE-2024-13984 (QiAnXin TianQing Management Center versions up to and including 6.7.0. ...)
-	TODO: check
+	NOT-FOR-US: QiAnXin TianQing Management Center
 CVE-2024-13982 (SPON IP Network Broadcast System, a digital audio transmission platfor ...)
-	TODO: check
+	NOT-FOR-US: SPON IP Network Broadcast System
 CVE-2024-13981 (LiveBOS, an object-oriented business architecture middleware suite dev ...)
-	TODO: check
+	NOT-FOR-US: LiveBOS
 CVE-2024-13980 (H3C Intelligent Management Center (IMC) versions up to and including E ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2024-13979 (A SQL injection vulnerability exists in the St. Joe ERP system ("\u572 ...)
-	TODO: check
+	NOT-FOR-US: St. Joe ERP system
 CVE-2024-13807 (The Xagio SEO plugin for WordPress is vulnerable to Sensitive Informat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7309 (A path traversal vulnerability exists in the Dahua Smart Park Integrat ...)
-	TODO: check
+	NOT-FOR-US: Dahua Smart Park Integration
 CVE-2023-7308 (SecGate3600, a network firewall product developed by NSFOCUS, contains ...)
-	TODO: check
+	NOT-FOR-US: SecGate3600
 CVE-2023-7307 (Sangfor Behavior Management System (also referred to as DC Management  ...)
-	TODO: check
+	NOT-FOR-US: Sangfor Behavior Management System
 CVE-2018-25115 (Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-60 ...)
 	NOT-FOR-US: D-Link
 CVE-2025-XXXX [RUSTSEC-2025-0051]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7856660d0b016b26685d5604e4a63d3684fe88af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7856660d0b016b26685d5604e4a63d3684fe88af
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250829/3d76471a/attachment.htm>

More information about the debian-security-tracker-commits mailing list