[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 2 21:43:29 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea19e086 by Salvatore Bonaccorso at 2025-06-02T22:43:08+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,29 +60,29 @@ CVE-2025-48866 (ModSecurity is an open source, cross platform web application fi
 CVE-2025-48745
 	REJECTED
 CVE-2025-48495 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
-	TODO: check
+	NOT-FOR-US: Gokapi
 CVE-2025-48494 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
-	TODO: check
+	NOT-FOR-US: Gokapi
 CVE-2025-48387 (tar-fs provides filesystem bindings for tar-stream. Versions prior to  ...)
 	TODO: check
 CVE-2025-47585 (Missing Authorization vulnerability in Mage people team Booking and Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-47289 (CE Phoenix is a free, open-source eCommerce platform. A stored cross-s ...)
-	TODO: check
+	NOT-FOR-US: CE Phoenix
 CVE-2025-47272 (The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and pri ...)
-	TODO: check
+	NOT-FOR-US: CE Phoenix
 CVE-2025-46807 (A Allocation of Resources Without Limits or Throttling vulnerability i ...)
 	TODO: check
 CVE-2025-46806 (A Use of Out-of-range Pointer Offset vulnerability in sslh leads to de ...)
 	TODO: check
 CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint of CloudC ...)
-	TODO: check
+	NOT-FOR-US: CloudClassroom-PHP-Project
 CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access  ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2025-44172 (Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via  ...)
 	NOT-FOR-US: Tenda
 CVE-2025-44115 (A vulnerability has been found in Cotonti Siena v0.9.25. Affected by t ...)
-	TODO: check
+	NOT-FOR-US: Cotonti Siena
 CVE-2025-37096 (A command injection remote code execution vulnerability exists in HPE  ...)
 	NOT-FOR-US: HPE
 CVE-2025-37095 (A directory traversal information disclosure vulnerabilityexists in HP ...)
@@ -102,21 +102,21 @@ CVE-2025-37089 (A command injection remote code execution vulnerability exists i
 CVE-2025-29785 (quic-go is an implementation of the QUIC protocol in Go. The loss reco ...)
 	TODO: check
 CVE-2025-27956 (Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remo ...)
-	TODO: check
+	NOT-FOR-US: WebLaudos
 CVE-2025-27955 (Clinical Collaboration Platform 12.2.1.5 has a weak logout system wher ...)
-	TODO: check
+	NOT-FOR-US: Clinical Collaboration Platform
 CVE-2025-27954 (An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: Clinical Collaboration Platform
 CVE-2025-27953 (An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: Clinical Collaboration Platform
 CVE-2025-26396 (The SolarWinds Dameware Mini Remote Control was determined to be affec ...)
 	NOT-FOR-US: SolarWinds
 CVE-2025-23105 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-23104 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-23099 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-20298 (In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, ...)
 	TODO: check
 CVE-2025-20297 (In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk ...)
@@ -124,11 +124,11 @@ CVE-2025-20297 (In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and
 CVE-2025-20001 (An out-of-bounds read vulnerability exists in High-Logic FontCreator 1 ...)
 	TODO: check
 CVE-2025-1750 (An SQL injection vulnerability exists in the delete function of DuckDB ...)
-	TODO: check
+	NOT-FOR-US: run-llama/llama_index
 CVE-2025-1246 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
 	TODO: check
 CVE-2025-1051 (Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnera ...)
-	TODO: check
+	NOT-FOR-US: Sonos Era 300
 CVE-2025-0819 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
 	TODO: check
 CVE-2025-0073 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
@@ -142,19 +142,19 @@ CVE-2024-7073 (A server-side request forgery (SSRF) vulnerability exists in mult
 CVE-2024-57783 (The desktop application in Dot through 0.9.3 allows XSS and resultant  ...)
 	TODO: check
 CVE-2024-57459 (A time-based SQL injection vulnerability exists in mydetailsstudent.ph ...)
-	TODO: check
+	NOT-FOR-US: CloudClassroom PHP Project
 CVE-2024-40114 (A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mo ...)
-	TODO: check
+	NOT-FOR-US: Sitecom WLX-2006 Wall Mount Range Extender N300
 CVE-2024-40113 (Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vu ...)
-	TODO: check
+	NOT-FOR-US: Sitecom WLX-2006 Wall Mount Range Extender N300
 CVE-2024-40112 (A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006  ...)
-	TODO: check
+	NOT-FOR-US: Sitecom WLX-2006 Wall Mount Range Extender N300
 CVE-2024-3509 (A stored cross-site scripting (XSS) vulnerability exists in the Manage ...)
 	NOT-FOR-US: WSO2
 CVE-2024-1440 (An open redirection vulnerability exists in multiple WSO2 products due ...)
 	NOT-FOR-US: WSO2
 CVE-2024-12168 (Yandex Telemost for Desktop before 2.7.0has a DLL Hijacking Vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Yandex Telemost for Desktop
 CVE-2024-52035 (An integer overflow vulnerability exists in the OLE Document File Allo ...)
 	- catdoc <unfixed> (bug #1107168)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2131



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea19e086e790de503cf28f9e298cd8ee9a5abd91

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea19e086e790de503cf28f9e298cd8ee9a5abd91
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/d15a9e5e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list