[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16d917b1 by Salvatore Bonaccorso at 2025-07-03T22:27:59+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-6587 (System environment variables are recorded in Docker Desktop diagnostic ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop
 CVE-2025-6563 (A cross-site scripting vulnerability is present in the hotspot of Mikr ...)
 	NOT-FOR-US: MikroTik
 CVE-2025-6074 (Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB  ...)
@@ -37,39 +37,39 @@ CVE-2025-50260 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in
 CVE-2025-50258 (Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the S ...)
 	NOT-FOR-US: Tenda
 CVE-2025-49846 (wire-ios is an iOS client for the Wire secure messaging application. F ...)
-	TODO: check
+	NOT-FOR-US: wire-ios
 CVE-2025-49618 (In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php c ...)
-	TODO: check
+	NOT-FOR-US: Plesk Obsidian
 CVE-2025-49595 (n8n is a workflow automation platform. Prior to version 1.99.0, there  ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2025-49032 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48939 (tarteaucitron.js is a compliant and accessible cookie banner. Prior to ...)
-	TODO: check
+	NOT-FOR-US: tarteaucitron
 CVE-2025-45938 (Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross S ...)
-	TODO: check
+	NOT-FOR-US: Akeles Out of Office Assistant for Jira
 CVE-2025-45809 (BerriAI litellm v1.65.4 was discovered to contain a SQL injection vuln ...)
-	TODO: check
+	NOT-FOR-US: BerriAI/litellm
 CVE-2025-43713 (ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization ...)
-	TODO: check
+	NOT-FOR-US: ASNA Assist and ASNA Registrar
 CVE-2025-40723 (Stored Cross-Site Scripting (XSS) vulnerability in versions prior to F ...)
-	TODO: check
+	NOT-FOR-US: Flatboard
 CVE-2025-40722 (Stored Cross-Site Scripting (XSS) vulnerability in versions prior to F ...)
-	TODO: check
+	NOT-FOR-US: Flatboard
 CVE-2025-3702 (Missing Authorization vulnerability in Melapress Melapress File Monito ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-34089 (An unauthenticated remote code execution vulnerability exists in Remot ...)
 	TODO: check
 CVE-2025-34088 (An authenticated remote code execution vulnerability exists in Pandora ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2025-34087 (An authenticated command injection vulnerability exists in Pi-hole ver ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2025-34086 (Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2025-34082 (A command injection vulnerability exists in IGEL OS versions prior to  ...)
-	TODO: check
+	NOT-FOR-US: IGEL OS
 CVE-2025-34061 (A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: PHPStudy
 CVE-2025-2932 (The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file dele ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2540 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16d917b1020404fb5e2b537f0e3c9586171b1172

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16d917b1020404fb5e2b537f0e3c9586171b1172
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250703/57476848/attachment.htm>