[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 2 21:55:54 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbda1ae6 by Salvatore Bonaccorso at 2025-07-02T22:55:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -73,43 +73,43 @@ CVE-2025-34091 (A padding oracle vulnerability exists in Google Chrome\u2019s Ap
 CVE-2025-34090 (A security bypass vulnerability exists in Google Chrome AppBound cooki ...)
 	TODO: check
 CVE-2025-34079 (An authenticated remote code execution vulnerability exists in NSClien ...)
-	TODO: check
+	NOT-FOR-US: NSClient++
 CVE-2025-34078 (A local privilege escalation vulnerability exists in NSClient++ 0.5.2. ...)
-	TODO: check
+	NOT-FOR-US: NSClient++
 CVE-2025-34076 (An authenticated local file inclusion vulnerability exists in Microweb ...)
 	NOT-FOR-US: microweber
 CVE-2025-34075 (An authenticated virtual machine escape vulnerability exists in HashiC ...)
 	TODO: check
 CVE-2025-34074 (An authenticated remote code execution vulnerability exists in Lucee\u ...)
-	TODO: check
+	NOT-FOR-US: Lucee
 CVE-2025-34073 (An unauthenticated command injection vulnerability exists in stamparm/ ...)
-	TODO: check
+	NOT-FOR-US: stamparm/maltrail (Maltrail)
 CVE-2025-34072 (A data exfiltration vulnerability exists in Anthropic\u2019s deprecate ...)
-	TODO: check
+	NOT-FOR-US: Slack Model Context Protocol (MCP) Server
 CVE-2025-34071 (A remote code execution vulnerability in GFI Kerio Control 9.4.5 allow ...)
-	TODO: check
+	NOT-FOR-US: GFI Kerio Control
 CVE-2025-34070 (A missing authentication vulnerability in the GFIAgent component of GF ...)
-	TODO: check
+	NOT-FOR-US: GFI Kerio Control
 CVE-2025-34069 (An authentication bypass vulnerability exists in GFI Kerio Control 9.4 ...)
-	TODO: check
+	NOT-FOR-US: GFI Kerio Control
 CVE-2025-34067 (An unauthenticated remote command execution vulnerability exists in th ...)
-	TODO: check
+	NOT-FOR-US: Hikvision
 CVE-2025-34057 (An information disclosure vulnerability exists in Ruijie NBR series ro ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2025-2330 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-27026 (A missing double-check feature in the WebGUI for CLI deactivation in I ...)
-	TODO: check
+	NOT-FOR-US: Infinera G42
 CVE-2025-27025 (The target device exposes a service on a specific TCP port with a conf ...)
 	TODO: check
 CVE-2025-27024 (Unrestricted access to OS file system in SFTP service in Infinera G42  ...)
-	TODO: check
+	NOT-FOR-US: Infinera G42
 CVE-2025-27023 (Lack or insufficent input validation in WebGUI CLI web in Infinera G42 ...)
-	TODO: check
+	NOT-FOR-US: Infinera G42
 CVE-2025-27022 (A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera ...)
-	TODO: check
+	NOT-FOR-US: Infinera G42
 CVE-2025-27021 (The misconfiguration in the sudoers configuration of the operating sys ...)
-	TODO: check
+	NOT-FOR-US: Infinera G42
 CVE-2025-24335 (Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 M ...)
 	NOT-FOR-US: Nokia
 CVE-2025-24334 (The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can ...)
@@ -125,13 +125,13 @@ CVE-2025-24330 (Sending a crafted SOAP "provision" operation message PlanId fiel
 CVE-2025-24329 (Sending a crafted SOAP "provision" operation message archive field wit ...)
 	NOT-FOR-US: Nokia
 CVE-2025-20310 (A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20309 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20308 (A vulnerability in Cisco Spaces Connector could allow an authenticated ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20307 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-38093 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbda1ae6ad48da820206267c0e209eca8c79d941

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbda1ae6ad48da820206267c0e209eca8c79d941
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250702/53750840/attachment.htm>

More information about the debian-security-tracker-commits mailing list