[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f072978f by Salvatore Bonaccorso at 2025-07-18T22:45:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -110,11 +110,11 @@ CVE-2025-5754 (The Useful Tab Block \u2013 Responsive & AMP-Compatible plugin fo
 CVE-2025-5752 (The Vertical scroll image slideshow gallery plugin for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5346 (Bluebird devices contain a pre-loaded barcode scanner application. Thi ...)
-	TODO: check
+	NOT-FOR-US: Bluebird devices
 CVE-2025-5345 (Bluebird devices contain a pre-loaded file manager application. This a ...)
-	TODO: check
+	NOT-FOR-US: Bluebird devices
 CVE-2025-5344 (Bluebird devices contain a pre-loaded kiosk application. This applicat ...)
-	TODO: check
+	NOT-FOR-US: Bluebird devices
 CVE-2025-54070 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2025-54068 (Livewire is a full-stack framework for Laravel. In Livewire v3 up to a ...)
@@ -164,23 +164,23 @@ CVE-2025-53816 (7-Zip is a file archiver with a high compression ratio. Zeroes w
 	NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
 	NOTE: depending on 7zip. Mark this version as fixed version.
 CVE-2025-53638 (Solady is software that provides Solidity snippets with APIs. Starting ...)
-	TODO: check
+	NOT-FOR-US: Solady
 CVE-2025-52933
 	REJECTED
 CVE-2025-52046 (Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2025-51630 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buf ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-51497 (An issue was discovered in AdGuard plugin before 1.11.22 for Safari on ...)
-	TODO: check
+	NOT-FOR-US: AdGuard plugin
 CVE-2025-50240 (nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: nbcio-boot
 CVE-2025-4657 (A buffer overflow vulnerability was reported in the Lenovo Protection  ...)
 	NOT-FOR-US: Lenovo
 CVE-2025-47189 (Netwrix Directory Manager through 2025-05-01 allows XSS.)
-	TODO: check
+	NOT-FOR-US: Netwrix Directory Manager
 CVE-2025-46102 (Cross Site Scripting vulnerability in Beakon Software Beakon Learning  ...)
-	TODO: check
+	NOT-FOR-US: Beakon Software Beakon Learning Management System
 CVE-2025-3753 (A code execution vulnerability has been identified in the Robot Operat ...)
 	TODO: check
 CVE-2025-3740 (The School Management System for Wordpress plugin for WordPress is vul ...)
@@ -199,13 +199,13 @@ CVE-2025-26854 (A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.
 CVE-2025-25257 (An improper neutralization of special elements used in an SQL command  ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-23270 (NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode,  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23269 (NVIDIA Jetson Linux contains a vulnerability in the kernel where an at ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23266 (NVIDIA Container Toolkit for all platforms contains a vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Container Toolkit
 CVE-2025-23263 (NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-1729 (A DLL hijacking vulnerability was reported in TrackPoint Quick Menu so ...)
 	NOT-FOR-US: Lenovo
 CVE-2025-1700 (A DLL hijacking vulnerability was reported in the Motorola Software Fi ...)
@@ -223,17 +223,17 @@ CVE-2024-39835 (A code injection vulnerability has been identified in the Robot
 CVE-2024-39289 (A code execution vulnerability has been discovered in the Robot Operat ...)
 	TODO: check
 CVE-2024-32323 (SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: cnhcit.com Haichang OA
 CVE-2024-32124 (An improper access control vulnerability [CWE-284] in FortiIsolator ve ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-27779 (An insufficient session expiration vulnerability [CWE-613] in FortiSan ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-13972 (A vulnerability related to registry permissions in the Intercept X for ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2023-47356 (Mingyu Security Gateway before v3.0-5.3p was discovered to contain a r ...)
-	TODO: check
+	NOT-FOR-US: Mingyu Security Gateway
 CVE-2023-41566 (OA EKP v16 was discovered to contain an arbitrary download vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: OA EKP
 CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions prior to 4. ...)
 	- opencv 3.2.0+dfsg-1
 	NOTE: https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
@@ -584,7 +584,7 @@ CVE-2025-24777 (Deserialization of Untrusted Data vulnerability in awethemes Hil
 CVE-2025-24759 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-22227 (In some specific scenarios with chained redirects, Reactor Netty HTTP  ...)
-	TODO: check
+	NOT-FOR-US: Reactor Netty HTTP Server
 CVE-2025-20337 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20288 (A vulnerability in the web-based management interface of Cisco Unified ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f072978f66d9a1feab00bff94b0df1bac285012d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f072978f66d9a1feab00bff94b0df1bac285012d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250718/e139c592/attachment.htm>