[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 31 09:20:13 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
238e00b7 by Salvatore Bonaccorso at 2025-07-31T10:19:52+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2025-8373 (A vulnerability was found in code-projects Vehicle Management 1.0. It  ...)
-	TODO: check
+	NOT-FOR-US: code-projects Vehicle Management
 CVE-2025-8372 (A vulnerability was found in code-projects Exam Form Submission 1.0 an ...)
 	NOT-FOR-US: code-projects
 CVE-2025-8371 (A vulnerability has been found in code-projects Exam Form Submission 1 ...)
 	NOT-FOR-US: code-projects
 CVE-2025-8370 (A vulnerability, which was classified as problematic, was found in Por ...)
-	TODO: check
+	NOT-FOR-US: Portabilis i-Educar
 CVE-2025-8369 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Portabilis i-Educar
 CVE-2025-8368 (A vulnerability classified as problematic was found in Portabilis i-Ed ...)
-	TODO: check
+	NOT-FOR-US: Portabilis i-Educar
 CVE-2025-8367 (A vulnerability classified as problematic has been found in Portabilis ...)
-	TODO: check
+	NOT-FOR-US: Portabilis i-Educar
 CVE-2025-8366 (A vulnerability was found in Portabilis i-Educar 2.9. It has been rate ...)
-	TODO: check
+	NOT-FOR-US: Portabilis i-Educar
 CVE-2025-8365 (A vulnerability was found in Portabilis i-Educar 2.10. It has been dec ...)
-	TODO: check
+	NOT-FOR-US: Portabilis i-Educar
 CVE-2025-8348 (A vulnerability has been found in Kehua Charging Pile Cloud Platform 1 ...)
-	TODO: check
+	NOT-FOR-US: Kehua Charging Pile Cloud Platform
 CVE-2025-8347 (A vulnerability, which was classified as critical, was found in Kehua  ...)
-	TODO: check
+	NOT-FOR-US: Kehua Charging Pile Cloud Platform
 CVE-2025-8346 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Portabilis i-Educar
 CVE-2025-8345 (A vulnerability classified as critical was found in Shanghai Lingdang  ...)
-	TODO: check
+	NOT-FOR-US: Shanghai Lingdang Information Technology Lingdang CRM
 CVE-2025-8344 (A vulnerability classified as critical has been found in openviglet sh ...)
-	TODO: check
+	NOT-FOR-US: openviglet shio
 CVE-2025-8343 (A vulnerability was found in openviglet shio up to 0.3.8. It has been  ...)
-	TODO: check
+	NOT-FOR-US: openviglet shio
 CVE-2025-8340 (A vulnerability was found in code-projects Intern Membership Managemen ...)
 	NOT-FOR-US: code-projects
 CVE-2025-8339 (A vulnerability was found in code-projects Intern Membership Managemen ...)
@@ -69,17 +69,17 @@ CVE-2025-54824
 CVE-2025-54823
 	REJECTED
 CVE-2025-54757 (Multiple versions of PowerCMS allow unrestricted upload of dangerous f ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2025-54752 (Multiple versions of PowerCMS improperly neutralize formula elements i ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2025-54586 (GitProxy is an application that stands between developers and a Git re ...)
-	TODO: check
+	NOT-FOR-US: GitProxy
 CVE-2025-54585 (GitProxy is an application that stands between developers and a Git re ...)
-	TODO: check
+	NOT-FOR-US: GitProxy
 CVE-2025-54085 (CVE-2025-54085 is a vulnerability in the management console of Absolut ...)
 	NOT-FOR-US: Absolute Software
 CVE-2025-53558 (ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common cred ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2025-49084 (CVE-2025-49084 is a vulnerability in the management console of Absolut ...)
 	NOT-FOR-US: Absolute Software
 CVE-2025-49083 (CVE-2025-49083 is a vulnerability in the management console of Absolut ...)
@@ -87,13 +87,13 @@ CVE-2025-49083 (CVE-2025-49083 is a vulnerability in the management console of A
 CVE-2025-49082 (CVE-2025-49082 is a vulnerability in the management console of Absolut ...)
 	NOT-FOR-US: Absolute Software
 CVE-2025-46359 (A path traversal issue exists in backup and restore feature of multipl ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2025-41396 (A path traversal issue exists in file uploading feature of multiple ve ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2025-41391 (Stored cross-site scripting vulnerability exists in multiple versions  ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2025-36563 (Reflected cross-site scripting vulnerability exists in multiple versio ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2025-36040 (IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated  ...)
 	NOT-FOR-US: IBM
 CVE-2025-36039 (IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/238e00b7627861e032eeb946bb78afa58bee9738

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/238e00b7627861e032eeb946bb78afa58bee9738
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250731/87d2b93e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list