[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 21 21:35:43 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e764e170 by Salvatore Bonaccorso at 2025-07-21T22:35:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -258,33 +258,33 @@ CVE-2025-54121 (Starlette is a lightweight ASGI (Asynchronous Server Gateway Int
 CVE-2025-54082 (marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nov ...)
 	TODO: check
 CVE-2025-54071 (RomM (ROM Manager) allows users to scan, enrich, browse and play their ...)
-	TODO: check
+	NOT-FOR-US: RomM
 CVE-2025-52575 (EspoCRM is an Open Source CRM (Customer Relationship Management) softw ...)
 	NOT-FOR-US: EspoCRM
 CVE-2025-52374 (Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8 ...)
-	TODO: check
+	NOT-FOR-US: hMailServer
 CVE-2025-52373 (Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8. ...)
-	TODO: check
+	NOT-FOR-US: hMailServer
 CVE-2025-52372 (An issue in hMailServer v.5.8.6 allows a local attacker to obtain sens ...)
-	TODO: check
+	NOT-FOR-US: hMailServer
 CVE-2025-52362 (Server-Side Request Forgery (SSRF) vulnerability exists in the URL pro ...)
-	TODO: check
+	NOT-FOR-US: PHProxy
 CVE-2025-51869 (Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 20 ...)
-	TODO: check
+	NOT-FOR-US: Liner
 CVE-2025-51868 (Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.d ...)
-	TODO: check
+	NOT-FOR-US: Dippy
 CVE-2025-51403 (A stored cross-site scripting (XSS) vulnerability in the department as ...)
-	TODO: check
+	NOT-FOR-US: Live Helper Chat
 CVE-2025-51401 (A stored cross-site scripting (XSS) vulnerability in the chat transfer ...)
-	TODO: check
+	NOT-FOR-US: Live Helper Chat
 CVE-2025-51400 (A stored cross-site scripting (XSS) vulnerability in the Personal Cann ...)
-	TODO: check
+	NOT-FOR-US: Live Helper Chat
 CVE-2025-51398 (A stored cross-site scripting (XSS) vulnerability in the Facebook regi ...)
-	TODO: check
+	NOT-FOR-US: Live Helper Chat
 CVE-2025-51397 (A stored cross-site scripting (XSS) vulnerability in the Facebook Chat ...)
-	TODO: check
+	NOT-FOR-US: Live Helper Chat
 CVE-2025-51396 (A stored cross-site scripting (XSS) vulnerability in Live Helper Chat  ...)
-	TODO: check
+	NOT-FOR-US: Live Helper Chat
 CVE-2025-50151 (File access paths in configuration files uploaded by users with admini ...)
 	TODO: check
 CVE-2025-4130 (Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allo ...)
@@ -294,33 +294,33 @@ CVE-2025-4129 (Authorization Bypass Through User-Controlled Key vulnerability in
 CVE-2025-4040 (Authorization Bypass Through User-Controlled Key vulnerability in Turp ...)
 	TODO: check
 CVE-2025-49656 (Users with administrator access can create databases files outside the ...)
-	TODO: check
+	NOT-FOR-US: Fuseki
 CVE-2025-46123 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-46122 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-46121 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-46120 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.14. ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-46119 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-46118 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-46117 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-46116 (An issue was discovered in CommScope Ruckus Unleashed prior to 200.15. ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-44658 (In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability  ...)
 	NOT-FOR-US: Netgear
 CVE-2025-44657 (In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in t ...)
 	NOT-FOR-US: Linksys
 CVE-2025-44655 (In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_ ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44654 (In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled i ...)
 	NOT-FOR-US: Linksys
 CVE-2025-44653 (In H3C GR2200 MiniGR1A0V100R016, the USERLIMIT_GLOBAL option is set to ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2025-44652 (In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 ...)
 	NOT-FOR-US: Netgear
 CVE-2025-44651 (In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 i ...)
@@ -332,11 +332,11 @@ CVE-2025-44649 (In the configuration file of racoon in the TRENDnet TEW-WLC100P
 CVE-2025-44647 (In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_us ...)
 	NOT-FOR-US: TRENDnet
 CVE-2025-43977 (The com.skt.prod.dialer application through 12.5.0 for Android enables ...)
-	TODO: check
+	NOT-FOR-US: com.skt.prod.dialer
 CVE-2025-43976 (The com.enflick.android.tn2ndLine application through 24.17.1.0 for An ...)
-	TODO: check
+	NOT-FOR-US: com.enflick.android.tn2ndLine application
 CVE-2025-43720 (Headwind MDM before 5.33.1 makes configuration details accessible to u ...)
-	TODO: check
+	NOT-FOR-US: Headwind MDM
 CVE-2025-41681 (A high privileged remote attacker can gain persistent XSS via POST req ...)
 	TODO: check
 CVE-2025-41679 (An unauthenticated remote attacker could exploit a buffer overflow vul ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e764e170a454656e8f98c8e32a0c9a5e41233e27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e764e170a454656e8f98c8e32a0c9a5e41233e27
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250721/75a0a3e1/attachment.htm>

More information about the debian-security-tracker-commits mailing list