[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca2d280f by Moritz Muehlenhoff at 2025-07-11T10:04:32+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2025-53862
+	NOT-FOR-US: Ansible Automation Platform
+CVE-2025-53861
+	NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flags are ...)
 	- libxslt <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379274
@@ -53,11 +57,11 @@ CVE-2025-53629 (cpp-httplib is a C++11 single-file header-only cross platform HT
 CVE-2025-53628 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
 	TODO: check
 CVE-2025-53626 (pdfme is a TypeScript-based PDF generator and React-based UI. The expr ...)
-	TODO: check
+	NOT-FOR-US: pdfme
 CVE-2025-53625 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension DynamicPageList3
 CVE-2025-53549 (The Matrix Rust SDK is a collection of libraries that make it easier t ...)
-	TODO: check
+	NOT-FOR-US: matrix-sdk Rust crate
 CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command injection vulne ...)
 	TODO: check
 CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...)
@@ -73,7 +77,7 @@ CVE-2025-53503 (Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalat
 CVE-2025-53378 (A missing authentication vulnerability in Trend Micro Worry-Free Busin ...)
 	NOT-FOR-US: Trend Micro
 CVE-2025-53371 (DiscordNotifications is an extension for MediaWiki that sends notifica ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension DiscordNotifications
 CVE-2025-53364 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2025-53020 (Late Release of Memory after Effective Lifetime vulnerability in Apach ...)
@@ -114,7 +118,7 @@ CVE-2025-49463 (Insufficient control flow management in certain Zoom Clients for
 CVE-2025-49462 (Cross-site scripting in certain Zoom Clients  before version 6.4.5 may ...)
 	NOT-FOR-US: Zoom
 CVE-2025-47813 (loginok.html in Wing FTP Server before 7.4.4 discloses the full local  ...)
-	TODO: check
+	NOT-FOR-US: Wing FTP Server
 CVE-2025-47812 (In Wing FTP Server before 7.4.4. the user and admin web interfaces mis ...)
 	NOT-FOR-US: Wing FTP Server
 CVE-2025-47811 (In Wing FTP Server through 7.4.4, the administrative web interface (li ...)
@@ -124,7 +128,7 @@ CVE-2025-46789 (Classic buffer overflow in certain Zoom Clients for Windows may
 CVE-2025-46788 (Improper certificate validation in Zoom Workplace for Linux before ver ...)
 	NOT-FOR-US: Zoom
 CVE-2025-45662 (A cross-site scripting (XSS) vulnerability in the component /master/lo ...)
-	TODO: check
+	NOT-FOR-US: mpgram-web
 CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext duri ...)
 	NOT-FOR-US: Ecovacs
 CVE-2025-3396 (An issue has been discovered in GitLab EE affecting all versions from  ...)
@@ -132,9 +136,9 @@ CVE-2025-3396 (An issue has been discovered in GitLab EE affecting all versions
 CVE-2025-36090 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote  ...)
 	NOT-FOR-US: IBM
 CVE-2025-34102 (A remote code execution vulnerability exists in CryptoLog (PHP version ...)
-	TODO: check
+	NOT-FOR-US: CryptoLog
 CVE-2025-34101 (An unauthenticated command injection vulnerability exists in Serviio M ...)
-	TODO: check
+	NOT-FOR-US: Serviio Media Server
 CVE-2025-34100 (An unrestricted file upload vulnerability exists in BuilderEngine 3.5. ...)
 	TODO: check
 CVE-2025-34099 (An unauthenticated command injection vulnerability exists in VICIdial  ...)
@@ -152,13 +156,13 @@ CVE-2025-34093 (An authenticated command injection vulnerability exists in the P
 CVE-2025-2520 (The Honeywell Experion PKS contains an Uninitialized Variable in the c ...)
 	NOT-FOR-US: Honeywell
 CVE-2025-28245 (Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.46 ...)
-	TODO: check
+	NOT-FOR-US: Alteryx Server
 CVE-2025-28244 (Insecure Permissions vulnerability in the Local Storage in Alteryx Ser ...)
-	TODO: check
+	NOT-FOR-US: Alteryx Server
 CVE-2025-28243 (An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a  ...)
-	TODO: check
+	NOT-FOR-US: Alteryx Server
 CVE-2025-27889 (Wing FTP Server before 7.4.4 does not properly validate and sanitize t ...)
-	TODO: check
+	NOT-FOR-US: Wing FTP Server
 CVE-2025-23048 (In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to ...)
 	- apache2 <unfixed>
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-23048
@@ -184,7 +188,7 @@ CVE-2024-38327 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable t
 CVE-2024-37524 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote  ...)
 	NOT-FOR-US: IBM
 CVE-2024-36697 (A cross-site scripting (XSS) vulnerability in the Admin Login page of  ...)
-	TODO: check
+	NOT-FOR-US: Allworx System Software
 CVE-2025-38348 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.12.35-1
 	NOTE: https://git.kernel.org/linus/da1b9a55ff116cb040528ef664c70a4eec03ae99 (6.16-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca2d280f43f97ea510aaf66ed4e637ce67dade1e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca2d280f43f97ea510aaf66ed4e637ce67dade1e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250711/890aef79/attachment.htm>