[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 24 14:35:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf503b35 by Salvatore Bonaccorso at 2025-07-24T15:29:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-8107 (In OceanBase's Oracle tenant mode, a malicious user with specific priv ...)
-	TODO: check
+	NOT-FOR-US: OceanBase
 CVE-2025-8009 (The Security Ninja \u2013 WordPress Security Plugin & Firewall plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7852 (The WPBookit plugin for WordPress is vulnerable to arbitrary file uplo ...)
@@ -15,7 +15,7 @@ CVE-2025-54377 (Roo Code is an AI-powered autonomous coding agent that lives in
 CVE-2025-54371
 	REJECTED
 CVE-2025-54365 (fastapi-guard is a security library for FastAPI that provides middlewa ...)
-	TODO: check
+	NOT-FOR-US: fastapi-guard
 CVE-2025-53942 (authentik is an open-source Identity Provider that emphasizes flexibil ...)
 	NOT-FOR-US: authentik
 CVE-2025-53537 (LibHTP is a security-aware parser for the HTTP protocol and its relate ...)
@@ -25,17 +25,17 @@ CVE-2025-4976 (An issue has been discovered in GitLab EE affecting all versions
 CVE-2025-4968 (The WPBakery Page Builder for WordPress plugin for WordPress is vulner ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4395 (Medtronic MyCareLink Patient Monitor has a built-in user account with  ...)
-	TODO: check
+	NOT-FOR-US: Medtronic MyCareLink Patient Monitor
 CVE-2025-4394 (Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on ...)
-	TODO: check
+	NOT-FOR-US: Medtronic MyCareLink Patient Monitor
 CVE-2025-4393 (Medtronic MyCareLink Patient Monitor has an internal service that dese ...)
-	TODO: check
+	NOT-FOR-US: Medtronic MyCareLink Patient Monitor
 CVE-2025-47281 (Kyverno is a policy engine designed for cloud native platform engineer ...)
-	TODO: check
+	NOT-FOR-US: Kyverno
 CVE-2025-41240 (Three Bitnami Helm charts mount Kubernetes Secrets under a predictable ...)
 	TODO: check
 CVE-2025-32019 (Harbor is an open source trusted cloud native registry project that st ...)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2025-26397 (SolarWinds Observability Self-Hosted is susceptible to Deserialization ...)
 	NOT-FOR-US: SolarWinds
 CVE-2025-1299 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -59,9 +59,9 @@ CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to 2.4
 CVE-2025-8022 (Versions of the package bun after 0.0.12 are vulnerable to Improper Ne ...)
 	TODO: check
 CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable to Dire ...)
-	TODO: check
+	NOT-FOR-US: files-bucket-server Node.js module
 CVE-2025-8020 (All versions of the package private-ip are vulnerable to Server-Side R ...)
-	TODO: check
+	NOT-FOR-US: private-ip Node.js module
 CVE-2025-7766 (LantronixProvisioning Manager is vulnerable to XML external entity att ...)
 	NOT-FOR-US: Lantronix
 CVE-2025-7724 (An unauthenticated OS command injection vulnerability existsin VIGI NV ...)
@@ -270,7 +270,7 @@ CVE-2018-25114 (A remote code execution vulnerability exists within osCommerce O
 CVE-2018-25113 (An unauthenticated path traversal vulnerability exists in Dicoogle PAC ...)
 	TODO: check
 CVE-2017-20198 (The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deplo ...)
-	TODO: check
+	NOT-FOR-US: Marathon UI in DC/OS
 CVE-2016-15045 (A local privilege escalation vulnerability exists in lastore-daemon, t ...)
 	TODO: check
 CVE-2015-10141 (An unauthenticated OS command injection vulnerability exists within Xd ...)
@@ -399110,7 +399110,7 @@ CVE-2020-26801 (A stored cross-site scripting (XSS) vulnerability was discovered
 CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client version <= ...)
 	NOT-FOR-US: Aleth Ethereum
 CVE-2020-26799 (A reflected cross-site scripting (XSS) vulnerability was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Luxsoft
 CVE-2020-26798
 	RESERVED
 CVE-2020-26797 (Mediainfo before version 20.08 has a heap buffer overflow vulnerabilit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf503b35bb9f8bec60df1d6c8cf7bd8b5e109e98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf503b35bb9f8bec60df1d6c8cf7bd8b5e109e98
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250724/359d0ce7/attachment.htm>

More information about the debian-security-tracker-commits mailing list