[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 11 11:38:17 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d6345a1 by Moritz Muehlenhoff at 2025-07-11T12:34:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-7442 (The WPGYM - Wordpress Gym Management System plugin for WordPress
 CVE-2025-7436 (A vulnerability was found in Campcodes Online Recruitment Management S ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-7435 (A vulnerability was found in LiveHelperChat lhc-php-resque Extension u ...)
-	TODO: check
+	NOT-FOR-US: LiveHelperChat
 CVE-2025-7434 (A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified  ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7423 (A vulnerability classified as critical was found in Tenda O3V2 1.0.0.1 ...)
@@ -51,7 +51,7 @@ CVE-2025-5241 (Overly Restrictive Account Lockout Mechanism vulnerability in Mit
 CVE-2025-5028 (Installation file of ESET security products on Windows   allow an atta ...)
 	NOT-FOR-US: ESET
 CVE-2025-53864 (Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: Connect2id
 CVE-2025-53852
 	REJECTED
 CVE-2025-53851
@@ -63,7 +63,7 @@ CVE-2025-53849
 CVE-2025-53848
 	REJECTED
 CVE-2025-53637 (Meshtastic is an open source mesh networking solution. The main_matrix ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic
 CVE-2025-53519 (A vulnerability exists in Advantech iView versions prior to 5.7.05 bui ...)
 	NOT-FOR-US: Advantech
 CVE-2025-53515 (A vulnerability exists in Advantech iView that allows for SQL injectio ...)
@@ -121,9 +121,9 @@ CVE-2025-2522 (The Honeywell Experion PKSand OneWireless WDM    contains Sensiti
 CVE-2025-2521 (The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffe ...)
 	NOT-FOR-US: Honeywell
 CVE-2025-24798 (Meshtastic is an open source mesh networking solution. From 1.2.1 unti ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic
 CVE-2025-1727 (The protocol used for remote linking over RF for End-of-Train and  Hea ...)
-	TODO: check
+	NOT-FOR-US: End-of-Train and Head-of-Train remote linking protocol
 CVE-2025-53862
 	NOT-FOR-US: Ansible Automation Platform
 CVE-2025-53861
@@ -179,9 +179,9 @@ CVE-2025-53630 (llama.cpp is an inference of several LLM models in C/C++. Intege
 	NOTE: https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8
 	NOTE: Fixed by: https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579 (b5854)
 CVE-2025-53629 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
-	TODO: check
+	- cpp-httplib <unfixed>
 CVE-2025-53628 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
-	TODO: check
+	- cpp-httplib <unfixed>
 CVE-2025-53626 (pdfme is a TypeScript-based PDF generator and React-based UI. The expr ...)
 	NOT-FOR-US: pdfme
 CVE-2025-53625 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
@@ -189,7 +189,7 @@ CVE-2025-53625 (The DynamicPageList3 extension is a reporting tool for MediaWiki
 CVE-2025-53549 (The Matrix Rust SDK is a collection of libraries that make it easier t ...)
 	NOT-FOR-US: matrix-sdk Rust crate
 CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Headlamp
 CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...)
 	- tomcat11 <unfixed>
 	- tomcat10 <unfixed>
@@ -266,19 +266,19 @@ CVE-2025-34102 (A remote code execution vulnerability exists in CryptoLog (PHP v
 CVE-2025-34101 (An unauthenticated command injection vulnerability exists in Serviio M ...)
 	NOT-FOR-US: Serviio Media Server
 CVE-2025-34100 (An unrestricted file upload vulnerability exists in BuilderEngine 3.5. ...)
-	TODO: check
+	NOT-FOR-US: BuilderEngine
 CVE-2025-34099 (An unauthenticated command injection vulnerability exists in VICIdial  ...)
-	TODO: check
+	NOT-FOR-US: VICIdial
 CVE-2025-34098 (A path traversal vulnerability exists in Riverbed SteelHead VCXapplian ...)
-	TODO: check
+	NOT-FOR-US: Riverbed SteelHead VCX appliances
 CVE-2025-34097 (An unrestricted file upload vulnerability exists in ProcessMaker versi ...)
-	TODO: check
+	NOT-FOR-US: ProcessMaker
 CVE-2025-34096 (A stack-based buffer overflow vulnerability exists in Easy File Sharin ...)
-	TODO: check
+	NOT-FOR-US: Easy File Sharing HTTP Server
 CVE-2025-34095 (An OS command injection vulnerability exists in Mako Server versions 2 ...)
-	TODO: check
+	NOT-FOR-US: Mako server (different from src:mako)
 CVE-2025-34093 (An authenticated command injection vulnerability exists in the Polycom ...)
-	TODO: check
+	NOT-FOR-US: Polycom HDX
 CVE-2025-2520 (The Honeywell Experion PKS contains an Uninitialized Variable in the c ...)
 	NOT-FOR-US: Honeywell
 CVE-2025-28245 (Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.46 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d6345a1d54765864225d99e7552b3f3ecc6a6f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d6345a1d54765864225d99e7552b3f3ecc6a6f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250711/33dbdd8e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list