[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 31 21:35:38 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da5a5f1b by Salvatore Bonaccorso at 2025-07-31T22:35:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-8426 (Marvell QConvergeConsole compressConfigFiles Directory Traversal Infor ...)
-	TODO: check
+	NOT-FOR-US: Marvell
 CVE-2025-8409 (A vulnerability has been found in code-projects Vehicle Management 1.0 ...)
-	TODO: check
+	NOT-FOR-US: code-projects Vehicle Management
 CVE-2025-8408 (A vulnerability, which was classified as critical, was found in code-p ...)
-	TODO: check
+	NOT-FOR-US: code-projects Vehicle Management
 CVE-2025-8407 (A vulnerability, which was classified as critical, has been found in c ...)
-	TODO: check
+	NOT-FOR-US: code-projects Vehicle Management
 CVE-2025-8401 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8382 (A vulnerability, which was classified as critical, was found in Campco ...)
@@ -19,37 +19,37 @@ CVE-2025-8379 (A vulnerability classified as critical has been found in Campcode
 CVE-2025-8378 (A vulnerability was found in Campcodes Online Hotel Reservation System ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-8376 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects Vehicle Management
 CVE-2025-8375 (A vulnerability was found in code-projects Vehicle Management 1.0. It  ...)
-	TODO: check
+	NOT-FOR-US: code-projects Vehicle Management
 CVE-2025-8374 (A vulnerability was found in code-projects Vehicle Management 1.0. It  ...)
-	TODO: check
+	NOT-FOR-US: code-projects Vehicle Management
 CVE-2025-8286 (G\xfcralp FMUS series seismic monitoring devicesexpose an unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Guralp FMUS series seismic monitoring devices
 CVE-2025-8213 (The NinjaScanner \u2013 Virus & Malware scan plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8192 (There exists a TOCTOU race condition in TvSettings AppRestrictionsFrag ...)
-	TODO: check
+	NOT-FOR-US: TvSettings
 CVE-2025-8151 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-8068 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-54834 (OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an u ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS FOIAXpress Public Access Link (PAL)
 CVE-2025-54833 (OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows atta ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS FOIAXpress Public Access Link (PAL)
 CVE-2025-54832 (OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS FOIAXpress Public Access Link (PAL)
 CVE-2025-54589 (Copyparty is a portable file server. In versions 1.18.6 and below, whe ...)
-	TODO: check
+	NOT-FOR-US: Copyparty
 CVE-2025-52289 (A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows ...)
-	TODO: check
+	NOT-FOR-US: MagnusBilling
 CVE-2025-52203 (A stored cross-site scripting (XSS) vulnerability exists in DevaslanPH ...)
-	TODO: check
+	NOT-FOR-US: DevaslanPHP project-management
 CVE-2025-51569 (A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CP ...)
-	TODO: check
+	NOT-FOR-US: LB-Link
 CVE-2025-51503 (A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2. ...)
-	TODO: check
+	NOT-FOR-US: microweber
 CVE-2025-51385 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz ...)
 	NOT-FOR-US: D-Link
 CVE-2025-51384 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipse ...)
@@ -57,33 +57,33 @@ CVE-2025-51384 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in th
 CVE-2025-51383 (D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipse ...)
 	NOT-FOR-US: D-Link
 CVE-2025-50867 (A SQL Injection vulnerability exists in the takeassessment2.php endpoi ...)
-	TODO: check
+	NOT-FOR-US: CloudClassroom-PHP-Project
 CVE-2025-50866 (CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripti ...)
-	TODO: check
+	NOT-FOR-US: CloudClassroom-PHP-Project
 CVE-2025-50850 (An issue was discovered in CS Cart 4.18.3 allows the vendor login func ...)
-	TODO: check
+	NOT-FOR-US: CS Cart
 CVE-2025-50849 (CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR ...)
-	TODO: check
+	NOT-FOR-US: CS Cart
 CVE-2025-50848 (A file upload vulnerability was discovered in CS Cart 4.18.3, allows a ...)
-	TODO: check
+	NOT-FOR-US: CS Cart
 CVE-2025-50847 (Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, all ...)
-	TODO: check
+	NOT-FOR-US: CS Cart
 CVE-2025-50572 (An issue was discovered in Archer Technology RSA Archer 6.11.00204.100 ...)
-	TODO: check
+	NOT-FOR-US: RSA Archer
 CVE-2025-50475 (An OS command injection vulnerability exists in Russound MBX-PRE-D67F  ...)
-	TODO: check
+	NOT-FOR-US: Russound MBX-PRE-D67F firmware
 CVE-2025-50270 (A stored Cross Site Scripting (xss) vulnerability in the "content mana ...)
-	TODO: check
+	NOT-FOR-US: AnQiCMS
 CVE-2025-46809 (A Insertion of Sensitive Information into Log File vulnerability in SU ...)
-	TODO: check
+	NOT-FOR-US: SUSE Multi Linux Manager
 CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption.)
 	TODO: check
 CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption.)
-	TODO: check
+	NOT-FOR-US: php-jwt
 CVE-2025-41688 (A high privileged remote attacker can execute arbitrary OS commands us ...)
-	TODO: check
+	NOT-FOR-US: MB connect line GmbH
 CVE-2025-40980 (A Stored Cross Site Scripting vulnerability has been found in Ultimate ...)
-	TODO: check
+	NOT-FOR-US: UltimatePOS by UltimateFosters
 CVE-2025-37112 (A vulnerability was discovered in the storage policy for certain sets  ...)
 	NOT-FOR-US: HPE
 CVE-2025-37111 (A vulnerability was discovered in the storage policy for certain sets  ...)
@@ -97,11 +97,11 @@ CVE-2025-37108 (Cross-site scripting vulnerability has been identified in HPE Te
 CVE-2025-34146 (A prototype pollution vulnerability exists in @nyariv/sandboxjs versio ...)
 	TODO: check
 CVE-2025-2813 (An unauthenticated remote attacker can cause a Denial of Service by se ...)
-	TODO: check
+	NOT-FOR-US: PHOENIX
 CVE-2025-29557 (ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control ...)
-	TODO: check
+	NOT-FOR-US: ExaGrid EX10
 CVE-2025-29556 (ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control ...)
-	TODO: check
+	NOT-FOR-US: ExaGrid EX10
 CVE-2025-26064 (A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9  ...)
 	NOT-FOR-US: Intelbras
 CVE-2025-26063 (An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthen ...)
@@ -113,41 +113,41 @@ CVE-2025-24854 (A carefully crafted request using the Image plugin could trigger
 CVE-2025-24853 (A carefully crafted request when creating a header link using the  wik ...)
 	TODO: check
 CVE-2024-34328 (An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute  ...)
-	TODO: check
+	NOT-FOR-US: Sielox AnyWare
 CVE-2024-34327 (Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulner ...)
-	TODO: check
+	NOT-FOR-US: Sielox AnyWare
 CVE-2014-125126 (An unrestricted file upload vulnerability exists in Simple E-Document  ...)
-	TODO: check
+	NOT-FOR-US: Simple E-Document
 CVE-2014-125125 (A path traversal vulnerability exists in A10 Networks AX Loadbalancer  ...)
-	TODO: check
+	NOT-FOR-US: A10 Networks AX Loadbalancer
 CVE-2014-125124 (An unauthenticated remote command execution vulnerability exists in Pa ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2014-125123 (An unauthenticated SQL injection vulnerability exists in the Kloxo web ...)
-	TODO: check
+	NOT-FOR-US: Kloxo web hosting control panel
 CVE-2014-125122 (A stack-based buffer overflow vulnerability exists in the tmUnblock.cg ...)
 	NOT-FOR-US: Linksys
 CVE-2014-125121 (Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) app ...)
-	TODO: check
+	NOT-FOR-US: Array Networks
 CVE-2013-10043 (A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 an ...)
-	TODO: check
+	NOT-FOR-US: OAstium VoIP PBX
 CVE-2013-10042 (A stack-based buffer overflow vulnerability exists in freeFTPd version ...)
-	TODO: check
+	NOT-FOR-US: freeFTPd
 CVE-2013-10040 (ClipBucket version 2.6 and earlier contains a critical vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: ClipBucket
 CVE-2013-10039 (A command injection vulnerability exists in GestioIP 3.0 commit ac67be ...)
-	TODO: check
+	NOT-FOR-US: GestioIP
 CVE-2013-10038 (An unauthenticated arbitrary file upload vulnerability exists in Flash ...)
-	TODO: check
+	NOT-FOR-US: FlashChat
 CVE-2013-10037 (An OS command injection vulnerability exists in WebTester version 5.x  ...)
-	TODO: check
+	NOT-FOR-US: WebTester
 CVE-2013-10036 (A stack-based buffer overflow vulnerability exists in Beetel Connectio ...)
-	TODO: check
+	NOT-FOR-US: Beetel Connection Manager
 CVE-2013-10035 (A code injection vulnerability exists in ProcessMaker Open Source vers ...)
-	TODO: check
+	NOT-FOR-US: ProcessMaker Open Source
 CVE-2013-10034 (An unrestricted file upload vulnerability exists in Kaseya KServer ver ...)
-	TODO: check
+	NOT-FOR-US: Kaseya KServer
 CVE-2013-10033 (An unauthenticated SQL injection vulnerability exists in Kimai version ...)
-	TODO: check
+	NOT-FOR-US: Kimai
 CVE-2012-10021 (A stack-based buffer overflow vulnerability exists in D-Link DIR-605L  ...)
 	NOT-FOR-US: D-Link
 CVE-2011-10008 (A stack-based buffer overflow vulnerability exists in MPlayer Lite r33 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da5a5f1b45c1f85d926c4cbed887ca12a1be0a19

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da5a5f1b45c1f85d926c4cbed887ca12a1be0a19
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250731/7fd39904/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list