[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 29 21:36:54 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c944f4f6 by Salvatore Bonaccorso at 2025-07-29T22:36:31+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,11 +31,11 @@ CVE-2025-6505 (Unauthorized access and impersonation can occur in versions4.6.2.
 CVE-2025-6504 (In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access  ...)
 	NOT-FOR-US: Progress Software
 CVE-2025-6175 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: DECE Software Geodi
 CVE-2025-6060 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: DECE Software Geodi
 CVE-2025-5922 (Access to TSplus Remote Access Admin Toolis restricted to administrato ...)
-	TODO: check
+	NOT-FOR-US: TSplus Remote Access Admin Tool
 CVE-2025-5684 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5587 (The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
@@ -47,7 +47,7 @@ CVE-2025-5038 (A maliciously crafted X_T file, when parsed through certain Autod
 CVE-2025-54432
 	REJECTED
 CVE-2025-54422 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie
 CVE-2025-54420
 	REJECTED
 CVE-2025-53902 (Tuleap is an Open Source Suite created to facilitate management of sof ...)
@@ -69,39 +69,39 @@ CVE-2025-53102 (Discourse is an open-source community discussion platform. Prior
 CVE-2025-52899 (Tuleap is an Open Source Suite created to facilitate management of sof ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-52490 (An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgc ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Sync Gateway
 CVE-2025-52358 (A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ ...)
-	TODO: check
+	NOT-FOR-US: Vivaldi United Group iCONTROL+ Server
 CVE-2025-52284 (Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-51970 (A SQL Injection vulnerability exists in the action.php endpoint of Pun ...)
-	TODO: check
+	NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced
 CVE-2025-51045 (Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection v ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-51044 (phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a  ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-50738 (The Memos application, up to version v0.24.3, allows for the embedding ...)
-	TODO: check
+	NOT-FOR-US: Memos application
 CVE-2025-46059 (langchain-ai v0.3.51 was discovered to contain an indirect prompt inje ...)
-	TODO: check
+	NOT-FOR-US: langchain-ai
 CVE-2025-45346 (SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remo ...)
-	TODO: check
+	NOT-FOR-US: Bacula-web
 CVE-2025-44137 (MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The ...)
-	TODO: check
+	NOT-FOR-US: MapTiler Tileserver-php
 CVE-2025-44136 (MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XS ...)
-	TODO: check
+	NOT-FOR-US: MapTiler Tileserver-php
 CVE-2025-41241 (VMware vCenter contains a denial-of-service vulnerability.A malicious  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-40686 (Reflected Cross-Site Scripting (XSS) in Human Resource Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Human Resource Management System
 CVE-2025-40685 (Reflected Cross-Site Scripting (XSS) in Human Resource Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Human Resource Management System
 CVE-2025-40684 (Reflected Cross-Site Scripting (XSS) in Human Resource Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Human Resource Management System
 CVE-2025-40683 (Reflected Cross-Site Scripting (XSS) in Human Resource Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Human Resource Management System
 CVE-2025-40682 (SQL injection vulnerability in Human Resource Management System versio ...)
-	TODO: check
+	NOT-FOR-US: Human Resource Management System
 CVE-2025-36071 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
 	NOT-FOR-US: IBM
 CVE-2025-36010 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2   could allow an unauthen ...)
@@ -119,11 +119,11 @@ CVE-2025-2533 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a d
 CVE-2025-2179 (An incorrect privilege assignment vulnerability in the Palo Alto Netwo ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2025-28172 (Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Im ...)
-	TODO: check
+	NOT-FOR-US: Grandstream Networks
 CVE-2025-28171 (An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote ...)
-	TODO: check
+	NOT-FOR-US: Grandstream
 CVE-2025-28170 (Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Ac ...)
-	TODO: check
+	NOT-FOR-US: Grandstream
 CVE-2025-27514 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
 	TODO: check
 CVE-2025-26400 (SolarWinds Web Help Desk was reported to be affected by an XML Externa ...)
@@ -137,9 +137,9 @@ CVE-2024-49828 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
 CVE-2024-43018 (Piwigo 13.8.0 and below is vulnerable to SQL Injection in the paramete ...)
 	TODO: check
 CVE-2024-42655 (An access control issue in NanoMQ v0.21.10 allows attackers to bypass  ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2024-42651 (NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnera ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2024-42645 (An issue in FlashMQ v1.14.0 allows attackers to cause an assertion fai ...)
 	TODO: check
 CVE-2024-42644 (FlashMQ v1.14.0 was discovered to contain an assertion failure in the  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c944f4f68db1a72eaa52d1d384e3af7135b1d887

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c944f4f68db1a72eaa52d1d384e3af7135b1d887
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250729/09bfddfd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list