[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 28 21:40:24 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2f44900 by Salvatore Bonaccorso at 2025-07-28T22:40:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,35 +6,35 @@ CVE-2025-8283 (A vulnerability was found in the netavark package, a network stac
 CVE-2025-8279 (Insufficient input validation within GitLab Language Server 7.6.0 and  ...)
 	TODO: check
 CVE-2025-8275 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: bsc Peru Cocktails App
 CVE-2025-8274 (A vulnerability classified as critical was found in Campcodes Online R ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-8273 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-8272 (A vulnerability was found in code-projects Exam Form Submission 1.0. I ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-8271 (A vulnerability was found in code-projects Exam Form Submission 1.0. I ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-8270 (A vulnerability was found in code-projects Exam Form Submission 1.0. I ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-8269 (A vulnerability was found in code-projects Exam Form Submission 1.0 an ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-8266 (A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and ...)
-	TODO: check
+	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2025-8265 (A vulnerability classified as critical has been found in 299Ko CMS 2.0 ...)
-	TODO: check
+	NOT-FOR-US: 299Ko CMS
 CVE-2025-8194 (There is a defect in the CPython \u201ctarfile\u201d module affecting  ...)
 	TODO: check
 CVE-2025-7676 (DLL hijacking of all PE32 executables when run on Windows for ARM64 CP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-6918 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Ncvav Virtual PBX Software
 CVE-2025-6250 (Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token ...)
 	NOT-FOR-US: BeyondTrust
 CVE-2025-5997 (Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro all ...)
-	TODO: check
+	NOT-FOR-US: Beamsec PhishPro
 CVE-2025-54569 (In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the ...)
-	TODO: check
+	NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control
 CVE-2025-54538 (In JetBrains TeamCity before 2025.07 password exposure was possible vi ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-54537 (In JetBrains TeamCity before 2025.07 user credentials were stored in p ...)
@@ -70,9 +70,9 @@ CVE-2025-54299 (A stored XSS vulnerability in No Boss Testimonials component 1.0
 CVE-2025-54298 (A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joo ...)
 	NOT-FOR-US: Joomla
 CVE-2025-53696 (iSTAR Ultra performs a firmware verification on boot, however the veri ...)
-	TODO: check
+	NOT-FOR-US: iSTAR Ultra
 CVE-2025-53695 (OS Command Injection in iSTAR Ultra products web application allows an ...)
-	TODO: check
+	NOT-FOR-US: iSTAR Ultra
 CVE-2025-50494 (Improper session invalidation in the component /doctor/change-password ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-50493 (Improper session invalidation in the component /doctor/change-password ...)
@@ -98,33 +98,33 @@ CVE-2025-50484 (Improper session invalidation in the component /crm/change-passw
 CVE-2025-43023 (A potential security vulnerability has been identified in the HP Linux ...)
 	TODO: check
 CVE-2025-40730 (HTML injection in Vox Media's Chorus CMS. This vulnerability allows an ...)
-	TODO: check
+	NOT-FOR-US: Vox Media's Chorus CMS
 CVE-2025-32731 (A reflected cross-site scripting (xss) vulnerability exists in the rad ...)
-	TODO: check
+	NOT-FOR-US: meddream MedDream PACS Premium
 CVE-2025-30133 (An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device ...)
-	TODO: check
+	NOT-FOR-US: IROAD Dashcam FX2 devices
 CVE-2025-30126 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via ...)
-	TODO: check
+	NOT-FOR-US: Marbella KR8s Dashcam FF
 CVE-2025-30125 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All ...)
-	TODO: check
+	NOT-FOR-US: Marbella KR8s Dashcam FF
 CVE-2025-30124 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Whe ...)
-	TODO: check
+	NOT-FOR-US: Marbella KR8s Dashcam FF
 CVE-2025-2297 (Prior to version 25.4.270.0, a local authenticated attacker can manipu ...)
 	NOT-FOR-US: BeyondTrust
 CVE-2025-29534 (An authenticated remote code execution vulnerability in PowerStick Wav ...)
-	TODO: check
+	NOT-FOR-US: PowerStick Wave Dual-Band Wifi Extender
 CVE-2025-27802 (The Episerver Content Management System (CMS) by Optimizely was affect ...)
-	TODO: check
+	NOT-FOR-US: Episerver Content Management System (CMS)
 CVE-2025-27801 (The Episerver Content Management System (CMS) by Optimizely was affect ...)
-	TODO: check
+	NOT-FOR-US: Episerver Content Management System (CMS)
 CVE-2025-27800 (The Episerver Content Management System (CMS) by Optimizely was affect ...)
-	TODO: check
+	NOT-FOR-US: Episerver Content Management System (CMS)
 CVE-2025-27724 (A privilege escalation vulnerability exists in the login.php functiona ...)
-	TODO: check
+	NOT-FOR-US: meddream MedDream PACS Premium
 CVE-2025-26469 (An incorrect default permissions vulnerability exists in the CServerSe ...)
-	TODO: check
+	NOT-FOR-US: meddream MedDream PACS Premium
 CVE-2025-24485 (A server-side request forgery vulnerability exists in the cecho.php fu ...)
-	TODO: check
+	NOT-FOR-US: meddream MedDream PACS Premium
 CVE-2024-49343 (IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML inje ...)
 	NOT-FOR-US: IBM
 CVE-2024-49342 (IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f4490050d83067a2637038476d0853a4f60c46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f4490050d83067a2637038476d0853a4f60c46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250728/d45b6239/attachment.htm>

More information about the debian-security-tracker-commits mailing list