[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 1 22:08:48 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2f593c5 by Salvatore Bonaccorso at 2025-07-01T22:58:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2025-50641 (Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in
 CVE-2025-50405 (Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect  ...)
 	NOT-FOR-US: Intelbras
 CVE-2025-50404 (Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Ov ...)
-	TODO: check
+	NOT-FOR-US: Intelbras
 CVE-2025-49492 (Out-of-bounds write in ASR180x  in lte-telephony, May cause a buffer u ...)
 	NOT-FOR-US: ASR Microelectronics
 CVE-2025-49491 (Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linu ...)
@@ -77,13 +77,13 @@ CVE-2025-48379 (Pillow is a Python imaging library. In versions 11.2.0 to before
 CVE-2025-46259 (Missing Authorization vulnerability in POSIMYTH Innovation The Plus Ad ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-45872 (zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery ( ...)
-	TODO: check
+	NOT-FOR-US: zrlog
 CVE-2025-45083 (Incorrect access control in Ullu (Android version v2.9.929 and IOS ver ...)
-	TODO: check
+	NOT-FOR-US: Ullu
 CVE-2025-45081 (Misconfigured settings in IITB SSO v1.1.0 allow attackers to access se ...)
-	TODO: check
+	NOT-FOR-US: IITB SSO
 CVE-2025-45080 (YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypt ...)
-	TODO: check
+	NOT-FOR-US: YONO SBI
 CVE-2025-45006 (Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Pr ...)
 	TODO: check
 CVE-2025-41656 (An unauthenticated remote attacker can run arbitrary commands on the a ...)
@@ -99,13 +99,13 @@ CVE-2025-37097 (A vulnerability in HPE Insight Remote Support (IRS) prior to v7.
 CVE-2025-36582 (Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of  ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-34081 (The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() ...)
-	TODO: check
+	NOT-FOR-US: Contec Co.,Ltd. CONPROSYS HMI System (CHS)
 CVE-2025-34080 (The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: Contec Co.,Ltd. CONPROSYS HMI System (CHS)
 CVE-2025-34066 (An improper certificate validation vulnerability exists in AVTECH IP c ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-34065 (An authentication bypass vulnerability exists in AVTECH IP camera, DVR ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-34064 (A cloud infrastructure misconfiguration in OneLogin AD Connector resul ...)
 	TODO: check
 CVE-2025-34063 (A cryptographic authentication bypass vulnerability exists in OneLogin ...)
@@ -115,25 +115,25 @@ CVE-2025-34062 (An information disclosure vulnerability exists in OneLogin AD Co
 CVE-2025-34060 (A PHP objection injection vulnerability exists in the Monero Project\u ...)
 	TODO: check
 CVE-2025-34059 (An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway ...)
-	TODO: check
+	NOT-FOR-US: Dahua Smart Cloud Gateway Registration Management Platform
 CVE-2025-34058 (Hikvision Streaming Media Management Server v2.3.5 uses default creden ...)
-	TODO: check
+	NOT-FOR-US: Hikvision
 CVE-2025-34056 (An OS command injection vulnerability exists in AVTECH IP camera, DVR, ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-34055 (An OS command injection vulnerability exists in AVTECH DVR, NVR, and I ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-34054 (An unauthenticated command injection vulnerability exists in AVTECH DV ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-34053 (An authentication bypass vulnerability exists in AVTECH IP camera, DVR ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-34052 (An unauthenticated information disclosure vulnerability exists in AVTE ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-34051 (A server-side request forgery vulnerability exists in multiple firmwar ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-34050 (Across-site request forgery (CSRF) vulnerability exists in the web int ...)
-	TODO: check
+	NOT-FOR-US: AVTECH
 CVE-2025-27153 (Escalade GLPI plugin is a ticket escalation process helper for GLPI. P ...)
-	TODO: check
+	NOT-FOR-US: Escalade GLPI plugin
 CVE-2024-35164
 	- guacamole-client <removed>
 CVE-2024-39954



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f593c5318a12741c53d1acde4cf06d28111313

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f593c5318a12741c53d1acde4cf06d28111313
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250701/20a64d19/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list