[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 19 13:38:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c2e3661 by Salvatore Bonaccorso at 2025-07-19T14:38:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,15 +7,15 @@ CVE-2025-7806 (A vulnerability classified as critical was found in Tenda FH451 1
 CVE-2025-7805 (A vulnerability classified as critical has been found in Tenda FH451 1 ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7803 (A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec ...)
-	TODO: check
+	NOT-FOR-US: descreekert wx-discuz
 CVE-2025-7802 (A vulnerability was found in PHPGurukul Complaint Management System 2. ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-7801 (A vulnerability has been found in BossSoft CRM 6.0 and classified as c ...)
-	TODO: check
+	NOT-FOR-US: BossSoft CRM
 CVE-2025-7800 (A vulnerability classified as problematic was found in cgpandey hotelm ...)
-	TODO: check
+	NOT-FOR-US: cgpandey hotelmis
 CVE-2025-7798 (A vulnerability classified as critical has been found in Beijing Shenz ...)
-	TODO: check
+	NOT-FOR-US: Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System
 CVE-2025-7797 (A vulnerability was found in GPAC up to 2.4. It has been rated as prob ...)
 	TODO: check
 CVE-2025-7796 (A vulnerability, which was classified as critical, was found in Tenda  ...)
@@ -33,15 +33,15 @@ CVE-2025-7791 (A vulnerability was found in PHPGurukul Online Security Guards Hi
 CVE-2025-7790 (A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been cl ...)
 	NOT-FOR-US: D-Link
 CVE-2025-7789 (A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classifie ...)
-	TODO: check
+	NOT-FOR-US: XXL-Job
 CVE-2025-7788 (A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and clas ...)
-	TODO: check
+	NOT-FOR-US: XXL-Job
 CVE-2025-7787 (A vulnerability, which was classified as critical, was found in Xuxuel ...)
-	TODO: check
+	NOT-FOR-US: XXL-Job
 CVE-2025-7786 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Gnuboard
 CVE-2025-7785 (A vulnerability classified as problematic was found in thinkgem JeeSit ...)
-	TODO: check
+	NOT-FOR-US: thinkgem JeeSite
 CVE-2025-7784 (A flaw was found in the Keycloak identity and access management system ...)
 	TODO: check
 CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data allows  ...)
@@ -79,7 +79,7 @@ CVE-2025-6227 (Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to n
 CVE-2025-6226 (Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7 ...)
 	TODO: check
 CVE-2025-54309 (CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy  ...)
-	TODO: check
+	NOT-FOR-US: CrushFTP
 CVE-2025-54079 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-54078 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
@@ -91,7 +91,7 @@ CVE-2025-54076 (WeGIA is an open source web manager with a focus on the Portugue
 CVE-2025-54075 (MDC is a tool to take regular Markdown and write documents interacting ...)
 	TODO: check
 CVE-2025-54073 (mcp-package-docs is an MCP (Model Context Protocol) server that provid ...)
-	TODO: check
+	NOT-FOR-US: mcp-package-docs
 CVE-2025-54059 (melange allows users to build apk packages using declarative pipelines ...)
 	TODO: check
 CVE-2025-53945 (apko allows users to build and publish OCI container images built from ...)
@@ -99,37 +99,37 @@ CVE-2025-53945 (apko allows users to build and publish OCI container images buil
 CVE-2025-53901 (Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0. ...)
 	TODO: check
 CVE-2025-53888 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
-	TODO: check
+	NOT-FOR-US: RIOT-OS
 CVE-2025-53762 (Permissive list of allowed inputs in Microsoft Purview allows an autho ...)
 	TODO: check
 CVE-2025-52924 (In One Identity OneLogin before 2025.2.0, the SQL connection "applicat ...)
-	TODO: check
+	NOT-FOR-US: One Identity OneLogin
 CVE-2025-52169 (agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovere ...)
-	TODO: check
+	NOT-FOR-US: agorum Software GmbH Agorum core open
 CVE-2025-52168 (Incorrect access control in the dynawebservice component of agorum Sof ...)
-	TODO: check
+	NOT-FOR-US: agorum Software GmbH Agorum core open
 CVE-2025-52166 (Incorrect access control in Software GmbH Agorum core open v11.9.2 & v ...)
-	TODO: check
+	NOT-FOR-US: agorum Software GmbH Agorum core open
 CVE-2025-52164 (Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to st ...)
-	TODO: check
+	NOT-FOR-US: agorum Software GmbH Agorum core open
 CVE-2025-52163 (A Server-Side Request Forgery (SSRF) in the component TunnelServlet of ...)
-	TODO: check
+	NOT-FOR-US: agorum Software GmbH Agorum core open
 CVE-2025-52162 (agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovere ...)
-	TODO: check
+	NOT-FOR-US: agorum Software GmbH Agorum core open
 CVE-2025-50708 (An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to o ...)
-	TODO: check
+	NOT-FOR-US: Perplexity AI GPT-4
 CVE-2025-50586 (StudentManage v1.0 was discovered to contain Cross-Site Request Forger ...)
-	TODO: check
+	NOT-FOR-US: StudentManage
 CVE-2025-50585 (StudentManage v1.0 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: StudentManage
 CVE-2025-50584 (StudentManage v1.0 was discovered to contain a cross-site scripting (X ...)
-	TODO: check
+	NOT-FOR-US: StudentManage
 CVE-2025-50583 (StudentManage v1.0 was discovered to contain a cross-site scripting (X ...)
-	TODO: check
+	NOT-FOR-US: StudentManage
 CVE-2025-50582 (StudentManage v1.0 was discovered to contain a cross-site scripting (X ...)
-	TODO: check
+	NOT-FOR-US: StudentManage
 CVE-2025-50581 (MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: MRCMS
 CVE-2025-50126 (A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joom ...)
 	NOT-FOR-US: Joomla
 CVE-2025-50058 (A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 J ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c2e3661550bfb24377d870c21801569ef0002c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c2e3661550bfb24377d870c21801569ef0002c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250719/3b01689d/attachment.htm>

More information about the debian-security-tracker-commits mailing list