[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 21 13:27:36 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50e069c7 by Salvatore Bonaccorso at 2025-07-21T14:26:48+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2025-7921 (Certain modem models developed by Askey has a Stack-based Buffer Overf ...)
-	TODO: check
+	NOT-FOR-US: Askey
 CVE-2025-7920 (WinMatrix3 Web package developed by Simopro Technology has a Reflected ...)
-	TODO: check
+	NOT-FOR-US: Simopro Technology
 CVE-2025-7919 (WinMatrix3 Web package developed by Simopro Technology has a SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Simopro Technology
 CVE-2025-7918 (WinMatrix3 Web package developed by Simopro Technology has a SQL Injec ...)
-	TODO: check
+	NOT-FOR-US: Simopro Technology
 CVE-2025-7917 (WinMatrix3 Web package developed by Simopro Technology has an Arbitrar ...)
-	TODO: check
+	NOT-FOR-US: Simopro Technology
 CVE-2025-7916 (WinMatrix3 developed by Simopro Technology has an Insecure Deserializa ...)
-	TODO: check
+	NOT-FOR-US: Simopro Technology
 CVE-2025-7915 (A vulnerability was found in Chanjet CRM 1.0 and classified as critica ...)
-	TODO: check
+	NOT-FOR-US: Chanjet CRM
 CVE-2025-7914 (A vulnerability has been found in Tenda AC6 15.03.06.50 and classified ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7913 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-7912 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-7911 (A vulnerability classified as critical was found in D-Link DI-8100 1.0 ...)
 	NOT-FOR-US: D-Link
 CVE-2025-7910 (A vulnerability classified as critical has been found in D-Link DIR-51 ...)
@@ -27,21 +27,21 @@ CVE-2025-7909 (A vulnerability was found in D-Link DIR-513 1.0. It has been rate
 CVE-2025-7908 (A vulnerability was found in D-Link DI-8100 1.0. It has been declared  ...)
 	NOT-FOR-US: D-Link
 CVE-2025-7907 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has b ...)
-	TODO: check
+	NOT-FOR-US: yangzongzhuan RuoYi
 CVE-2025-7369 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7354 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7344 (The EAI developed by Digiwin has a Privilege Escalation vulnerability, ...)
-	TODO: check
+	NOT-FOR-US: Digiwin
 CVE-2025-7343 (The SFT developed by Digiwin has a SQL Injection vulnerability, allowi ...)
-	TODO: check
+	NOT-FOR-US: Digiwin
 CVE-2025-54352 (WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of ...)
 	TODO: check
 CVE-2025-54319 (An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A th ...)
-	TODO: check
+	NOT-FOR-US: Westermo WeOS
 CVE-2025-53771 (Improper limitation of a pathname to a restricted directory ('path tra ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-4685 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4570 (An insecure sensitive key storage issue was found in MyASUS.potentiall ...)
@@ -49,7 +49,7 @@ CVE-2025-4570 (An insecure sensitive key storage issue was found in MyASUS.poten
 CVE-2025-4569 (An insecure sensitive key storage issue was found in MyASUS.potentiall ...)
 	NOT-FOR-US: ASUS
 CVE-2025-4049 (Use of hard-coded, the same among all vulnerable installations SQLite  ...)
-	TODO: check
+	NOT-FOR-US: SIGNUM-NET FARA
 CVE-2025-24938 (The web application allows user input to pass unfiltered to a command  ...)
 	NOT-FOR-US: Nokia
 CVE-2025-24937 (File contents could be read from the local file system by an attacker. ...)
@@ -57,7 +57,7 @@ CVE-2025-24937 (File contents could be read from the local file system by an att
 CVE-2025-24936 (The web application allows user input to pass unfiltered to a command  ...)
 	NOT-FOR-US: Nokia
 CVE-2025-0664 (A locally authenticated, privileged user can craft a malicious OpenSSL ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2025-7906 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and class ...)
 	NOT-FOR-US: yangzongzhuan RuoYi
 CVE-2025-7905 (A vulnerability has been found in itsourcecode Insurance Management Sy ...)
@@ -117,13 +117,13 @@ CVE-2025-54317 (An issue was discovered in Logpoint before 7.6.0. An attacker wi
 CVE-2025-54316 (An issue was discovered in Logpoint before 7.6.0. When creating report ...)
 	NOT-FOR-US: Logpoint
 CVE-2025-46385 (CWE-918 Server-Side Request Forgery (SSRF))
-	TODO: check
+	NOT-FOR-US: Emby Windows
 CVE-2025-46384 (CWE-434 Unrestricted Upload of File with Dangerous Type)
-	TODO: check
+	NOT-FOR-US: Emby Windows
 CVE-2025-46383 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
-	TODO: check
+	NOT-FOR-US: Emby Windows
 CVE-2025-46382 (CWE-200 Exposure of Sensitive Information to an Unauthorized Actor)
-	TODO: check
+	NOT-FOR-US: CyberArk IDP
 CVE-2025-7738
 	NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7877 (A vulnerability, which was classified as critical, has been found in M ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50e069c7af531ce54ca7d7531c64d5ada68eab1c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50e069c7af531ce54ca7d7531c64d5ada68eab1c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250721/7af753cf/attachment.htm>

More information about the debian-security-tracker-commits mailing list