[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 8 13:56:02 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92a9a112 by Moritz Mühlenhoff at 2025-07-08T14:55:43+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -133,13 +133,13 @@ CVE-2025-42953 (SAP Netweaver System Configuration does not perform necessary au
 CVE-2025-42952 (SAP Business Warehouse and SAP Plug-In Basis allows an authenticated a ...)
 	NOT-FOR-US: SAP
 CVE-2025-41668 (A low privileged remote attacker with file access can replace a critic ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-41667 (A low privileged remote attacker with file access can replace a critic ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-41666 (A low privileged remote attacker with file access can replace a critic ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-41665 (An low privileged remote attacker can enforce the watchdog of the affe ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-38237 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	TODO: check
 CVE-2025-38236 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
@@ -147,23 +147,23 @@ CVE-2025-38236 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-31326 (SAP\ufffdBusinessObjects Business\ufffdIntelligence Platform (Web Inte ...)
 	NOT-FOR-US: SAP
 CVE-2025-25271 (An unauthenticated adjacent attacker is able to configure a new OCPP b ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-25270 (An unauthenticated remote attacker can alter the device configuration  ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-25269 (An unauthenticated local attacker can inject a command that is subsequ ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-25268 (An unauthenticated adjacent attacker can modify configuration by sendi ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-24006 (A low privileged local attacker can leverage insecure permissions via  ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-24005 (A local attacker with a local user account can leverage a vulnerable s ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-24004 (A physical attacker with access to the device display via USB-C can se ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-24003 (An unauthenticated remote attacker can use MQTT messages to trigger ou ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-24002 (An unauthenticated remote attacker can use MQTT messages to crash a se ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2025-20695 (In Bluetooth FW, there is a possible system crash due to an uncaught e ...)
 	NOT-FOR-US: MediaTek
 CVE-2025-20694 (In Bluetooth FW, there is a possible system crash due to an uncaught e ...)
@@ -249,9 +249,9 @@ CVE-2025-7120 (A vulnerability was found in Campcodes Complaint Management Syste
 CVE-2025-7119 (A vulnerability has been found in Campcodes Complaint Management Syste ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-7057 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension Quiz
 CVE-2025-7056 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension UrlShortener
 CVE-2025-6811 (Mescius ActiveReports.NET TypeResolutionService Deserialization of Unt ...)
 	NOT-FOR-US: Mescius ActiveReports.NET
 CVE-2025-6810 (Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data  ...)
@@ -336,25 +336,25 @@ CVE-2025-53526 (WeGIA is a web manager for charitable institutions. An XSS Injec
 CVE-2025-53525 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-53499 (: Missing Authorization vulnerability in Wikimedia Foundation Mediawik ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension AbuseFilter
 CVE-2025-53498 (: Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension AbuseFilter
 CVE-2025-53497 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension RelatedArticles
 CVE-2025-53496 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension MediaSearch
 CVE-2025-53495 (Missing Authorization vulnerability in Wikimedia Foundation Mediawiki  ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension AbuseFilter
 CVE-2025-53491 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension FlaggedRevs
 CVE-2025-53488 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension WikiHiero
 CVE-2025-53487 (The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS i ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension ApprovedRevs
 CVE-2025-53486 (The WikiCategoryTagCloud extension is vulnerable to reflected XSS via  ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension WikiCategoryTagCloud
 CVE-2025-53478 (The CheckUser extension\u2019s Special:Investigate interface is vulner ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension CheckUser
 CVE-2025-53377 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-53376 (Dokploy is a self-hostable Platform as a Service (PaaS) that simplifie ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92a9a1127c3d3f6fa383cd728d3739331ab3da5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92a9a1127c3d3f6fa383cd728d3739331ab3da5b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250708/634a3eaa/attachment.htm>

More information about the debian-security-tracker-commits mailing list