[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d50ea0c by Moritz Muehlenhoff at 2025-07-14T22:43:58+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -115,7 +115,8 @@ CVE-2025-50756 (Wavlink WN535K3 20191010 was found to contain a command injectio
 CVE-2025-27582 (The Secure Password extension in One Identity Password Manager before  ...)
 	TODO: check
 CVE-2025-24391 (A vulnerability in the External Interface of OTRS allows conclusions t ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
 CVE-2024-51770 (An information disclosure vulnerability exists in HPE AutoPass License ...)
 	NOT-FOR-US: HPE
 CVE-2024-51769 (An information disclosure vulnerability exists in HPE AutoPass License ...)
@@ -125,17 +126,17 @@ CVE-2024-51768 (An hsqldb-related remote code execution vulnerability exists in
 CVE-2024-51767 (An authentication bypass vulnerability exists in HPE AutoPass License  ...)
 	NOT-FOR-US: HPE
 CVE-2024-42649 (NanoMQ v0.22.10 was discovered to contain a memory leak which allows a ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2024-42648 (NanoMQ v0.22.10 was discovered to contain a heap overflow which allows ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2024-42646 (A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a De ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2024-26293 (The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented  ...)
-	TODO: check
+	NOT-FOR-US: Avid Nexis
 CVE-2024-26292 (An authenticated Arbitrary File Deletion vulnerability enables an atta ...)
-	TODO: check
+	NOT-FOR-US: Avid Nexis
 CVE-2024-26291 (An Unauthenticated Arbitrary File Read vulnerability affects the Agent ...)
-	TODO: check
+	NOT-FOR-US: Avid Nexis
 CVE-2025-XXXX [uscan must not skip OpenPGP check after failed check in previous run]
 	- devscripts <unfixed> (bug #1109251)
 CVE-2025-7620 (The cross-browser document creation component produced by Digitware Sy ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d50ea0cc5d22efe733240c7760621090b8c9dbb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d50ea0cc5d22efe733240c7760621090b8c9dbb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250714/96904eb6/attachment.htm>