[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 9 21:36:32 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2523fc88 by Salvatore Bonaccorso at 2025-07-09T22:35:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-7381 (ImpactThis is an information disclosure vulnerability originating from ...)
- TODO: check
+ NOT-FOR-US: Docker Image for Mautic
CVE-2025-7379 (A security bypass vulnerability allows exploitation via Reverse Tabnab ...)
NOT-FOR-US: Asustor
CVE-2025-7204 (In ConnectWise PSA versions older than 2025.9, a vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2025-6514 (mcp-remote is exposed to OS command injection when connecting to untru ...)
- TODO: check
+ NOT-FOR-US: mcp-remote
CVE-2025-53743 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applit ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-53742 (Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools AP ...)
@@ -79,15 +79,15 @@ CVE-2025-53546 (Folo organizes feeds content into one timeline. Using pull_reque
CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.9 ...)
NOT-FOR-US: Tenda
CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic ...)
- TODO: check
+ NOT-FOR-US: FiberHome FD602GW-DX-R410 router
CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was discovere ...)
TODO: check
CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize i ...)
TODO: check
CVE-2025-44525 (Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41 ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK
CVE-2025-44177 (A directory traversal vulnerability was discovered in White Star Softw ...)
- TODO: check
+ NOT-FOR-US: White Star Software Protop
CVE-2025-3499 (The device has two web servers that expose unauthenticated REST APIs o ...)
TODO: check
CVE-2025-3498 (An unauthenticated user with management network access can get and mo ...)
@@ -900,7 +900,7 @@ CVE-2025-21426 (Memory corruption while processing camera TPG write request.)
CVE-2025-21422 (Cryptographic issue while processing crypto API calls, missing checks ...)
NOT-FOR-US: Qualcomm
CVE-2025-21195 (Improper link resolution before file access ('link following') in Serv ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-21168 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
NOT-FOR-US: Adobe
CVE-2025-21167 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
@@ -360325,7 +360325,7 @@ CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any use
CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4. ...)
- grafana <removed>
CVE-2021-27961 (evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the inde ...)
- TODO: check
+ NOT-FOR-US: evesys
CVE-2021-27960
RESERVED
CVE-2021-27959
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2523fc8851f646975fb724537137922b41d89046
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2523fc8851f646975fb724537137922b41d89046
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250709/5cdfe702/attachment.htm>
More information about the debian-security-tracker-commits
mailing list