[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 29 22:13:42 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d45f7448 by Salvatore Bonaccorso at 2025-08-29T23:12:59+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72,7 +72,7 @@ CVE-2025-7071 (Padding oracle attack vulnerability in Oberon microsystem AG\u201
 CVE-2025-5808 (Improper Input Validation vulnerability in OpenText Self Service Passw ...)
 	NOT-FOR-US: OpenText
 CVE-2025-58158 (Harness Open Source is an end-to-end developer platform with Source Co ...)
-	TODO: check
+	NOT-FOR-US: Harness Open Source
 CVE-2025-56577 (An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain se ...)
 	NOT-FOR-US: Evope Core
 CVE-2025-55763 (Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (lates ...)
@@ -80,17 +80,17 @@ CVE-2025-55763 (Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16
 	NOTE: https://github.com/krispybyte/CVE-2025-55763
 	NOTE: https://github.com/civetweb/civetweb/pull/1347
 CVE-2025-55750 (Gitpod is a developer platform for cloud development environments. In  ...)
-	TODO: check
+	NOT-FOR-US: Gitpod
 CVE-2025-55580 (SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting ( ...)
-	TODO: check
+	NOT-FOR-US: SolidInvoice
 CVE-2025-55579 (SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Sc ...)
-	TODO: check
+	NOT-FOR-US: SolidInvoice
 CVE-2025-55304 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
 	TODO: check
 CVE-2025-55202 (Opencast is a free, open-source platform to support the management of  ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2025-55177 (Incomplete authorization of linked device synchronization messages in  ...)
-	TODO: check
+	NOT-FOR-US: WhatsApp
 CVE-2025-54877 (Tuleap is an Open Source Suite created to facilitate management of sof ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-54080 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
@@ -100,33 +100,33 @@ CVE-2025-52861 (A path traversal vulnerability has been reported to affect VioSt
 CVE-2025-52856 (An improper authentication vulnerability has been reported to affect V ...)
 	NOT-FOR-US: QNAP
 CVE-2025-4644 (A Session Fixation vulnerability existed in Payload's SQLite adapter d ...)
-	TODO: check
+	NOT-FOR-US: Payload
 CVE-2025-4643 (Payload uses JSON Web Tokens (JWT) for authentication. After log out J ...)
-	TODO: check
+	NOT-FOR-US: Payload
 CVE-2025-47909 (Hosts listed in TrustedOrigins implicitly allow requests from the corr ...)
 	TODO: check
 CVE-2025-44033 (SQL injection vulnerability in oa_system oasys v.1.1 allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: oa_system oasys
 CVE-2025-44015 (A command injection vulnerability has been reported to affect HybridDe ...)
 	NOT-FOR-US: QNAP
 CVE-2025-43773 (Liferay Portal  7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 20 ...)
 	NOT-FOR-US: Liferay
 CVE-2025-40709 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the  ...)
-	TODO: check
+	NOT-FOR-US: OpenAtlas
 CVE-2025-40708 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the  ...)
-	TODO: check
+	NOT-FOR-US: OpenAtlas
 CVE-2025-40707 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the  ...)
-	TODO: check
+	NOT-FOR-US: OpenAtlas
 CVE-2025-40706 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the  ...)
-	TODO: check
+	NOT-FOR-US: OpenAtlas
 CVE-2025-40705 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the  ...)
-	TODO: check
+	NOT-FOR-US: OpenAtlas
 CVE-2025-40704 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the  ...)
-	TODO: check
+	NOT-FOR-US: OpenAtlas
 CVE-2025-40703 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the  ...)
-	TODO: check
+	NOT-FOR-US: OpenAtlas
 CVE-2025-40702 (Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the  ...)
-	TODO: check
+	NOT-FOR-US: OpenAtlas
 CVE-2025-33038 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
 	NOT-FOR-US: QNAP
 CVE-2025-33037 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
@@ -202,9 +202,9 @@ CVE-2025-29874 (A NULL pointer dereference vulnerability has been reported to af
 CVE-2025-22483 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
 	NOT-FOR-US: QNAP
 CVE-2024-46917 (Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not val ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite
 CVE-2024-46916 (Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains fun ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite
 CVE-2024-46484 (TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injec ...)
 	NOT-FOR-US: TRENDnet
 CVE-2024-13342 (The Booster for WooCommerce plugin for WordPress is vulnerable to arbi ...)
@@ -212,7 +212,7 @@ CVE-2024-13342 (The Booster for WooCommerce plugin for WordPress is vulnerable t
 CVE-2024-12923 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
 	NOT-FOR-US: QNAP
 CVE-2023-41471 (Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local ...)
-	TODO: check
+	NOT-FOR-US: copyparty
 CVE-2025-9639 (The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulne ...)
 	NOT-FOR-US: Ai3 QbiCRMGateway
 CVE-2025-9619 (A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d45f7448c9785f4ec65a91ef67b5c3f9a2fb1ff8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d45f7448c9785f4ec65a91ef67b5c3f9a2fb1ff8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250829/d6c8d845/attachment.htm>

More information about the debian-security-tracker-commits mailing list