[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 4 21:38:53 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e59a7b89 by Salvatore Bonaccorso at 2025-06-04T22:38:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,67 +1,67 @@
 CVE-2025-5688 (We have identified a buffer overflow issue allowing out-of-bounds writ ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2025-5609 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-5608 (A vulnerability classified as critical has been found in Tenda AC18 15 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-5607 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-5606 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-5604 (A vulnerability was found in Campcodes Hospital Management System 1.0  ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-5603 (A vulnerability has been found in Campcodes Hospital Management System ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-5602 (A vulnerability, which was classified as critical, was found in Campco ...)
-	TODO: check
+	NOT-FOR-US: Campcodes
 CVE-2025-5601 (Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.1 ...)
 	- wireshark <unfixed>
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-02.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20509
 CVE-2025-5600 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-5599 (A vulnerability classified as critical was found in PHPGurukul Student ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-5598 (Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MA ...)
-	TODO: check
+	NOT-FOR-US: WF Steuerungstechnik GmbH airleader MASTER
 CVE-2025-5597 (Improper Authentication vulnerability in WF Steuerungstechnik GmbH air ...)
-	TODO: check
+	NOT-FOR-US: WF Steuerungstechnik GmbH airleader MASTER
 CVE-2025-5596 (A vulnerability was found in FreeFloat FTP Server 1.0. It has been cla ...)
-	TODO: check
+	NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-5595 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...)
-	TODO: check
+	NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-5594 (A vulnerability has been found in FreeFloat FTP Server 1.0 and classif ...)
-	TODO: check
+	NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-5593 (A vulnerability, which was classified as critical, was found in FreeFl ...)
-	TODO: check
+	NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-5592 (A vulnerability, which was classified as critical, has been found in F ...)
-	TODO: check
+	NOT-FOR-US: FreeFloat FTP Server
 CVE-2025-5584 (A vulnerability was found in PHPGurukul Hospital Management System 4.0 ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-5583 (A vulnerability classified as critical has been found in CodeAstro Rea ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-5582 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-5581 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-5580 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-48962 (Sensitive information disclosure due to SSRF. The following products a ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-48961 (Local privilege escalation due to insecure folder permissions. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-48960 (Weak server key used for TLS encryption. The following products are af ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-48959 (Local privilege escalation due to insecure file permissions. The follo ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-48935 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2025-48934 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2025-48888 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2025-47728 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2025-46339 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
 	TODO: check
 CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
@@ -69,7 +69,7 @@ CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to es
 CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
 	TODO: check
 CVE-2025-46011 (Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the Q ...)
-	TODO: check
+	NOT-FOR-US: Listmonk
 CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
 	TODO: check
 CVE-2025-31482 (FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in vers ...)
@@ -79,41 +79,41 @@ CVE-2025-31136 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version
 CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
 	TODO: check
 CVE-2025-30415 (Denial of service due to improper handling of malformed input. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-2336 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
 	TODO: check
 CVE-2025-29094 (Cross Site Scripting vulnerability in Motivian Content Mangment System ...)
-	TODO: check
+	NOT-FOR-US: Motivian Content Mangment System
 CVE-2025-29093 (File Upload vulnerability in Motivian Content Mangment System v.41.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Motivian Content Mangment System
 CVE-2025-27811 (A local privilege escalation in the razer_elevation_service.exe in Raz ...)
 	TODO: check
 CVE-2025-23106 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-23101 (An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-23096 (An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-23095 (An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-22245 (VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-22244 (VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-22243 (VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting ( ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-20286 (A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Ora ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20279 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20278 (A vulnerability in the CLI of multiple Cisco Unified Communications pr ...)
 	TODO: check
 CVE-2025-20277 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20276 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20275 (A vulnerability in the file opening process of Cisco Unified Contact C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20273 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	TODO: check
 CVE-2025-20261 (A vulnerability in the SSH connection handling of Cisco Integrated Man ...)
@@ -123,13 +123,13 @@ CVE-2025-20259 (Multiple vulnerabilities in the update process of Cisco Thousand
 CVE-2025-20163 (A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fab ...)
 	TODO: check
 CVE-2025-20130 (A vulnerability in the API of Cisco Identity Services Engine (ISE) and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20129 (A vulnerability in the web-based chat interface of Cisco Customer Coll ...)
 	TODO: check
 CVE-2025-1701 (CVE-2025-1701 is a high-severity vulnerability in the MIM Admin servic ...)
 	TODO: check
 CVE-2024-13967 (This vulnerability allows the successful attacker to gain unauthorized ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled resource co ...)
 	TODO: check
 CVE-2025-48432 [Potential log injection via unescaped request path]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e59a7b89653c9176917b5bbfa76e30a2c52a93d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e59a7b89653c9176917b5bbfa76e30a2c52a93d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250604/980b9670/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list