[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 5 09:04:05 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e2a5e38 by Moritz Muehlenhoff at 2025-06-05T10:03:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,21 +67,21 @@ CVE-2025-48888 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Start
 CVE-2025-47728 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-46339 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	TODO: check
+	NOT-FOR-US: FreshRSS
 CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2025-46011 (Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the Q ...)
 	NOT-FOR-US: Listmonk
 CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	TODO: check
+	NOT-FOR-US: FreshRSS
 CVE-2025-31482 (FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in vers ...)
-	TODO: check
+	NOT-FOR-US: FreshRSS
 CVE-2025-31136 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	TODO: check
+	NOT-FOR-US: FreshRSS
 CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	TODO: check
+	NOT-FOR-US: FreshRSS
 CVE-2025-30415 (Denial of service due to improper handling of malformed input. The fol ...)
 	NOT-FOR-US: Acronis
 CVE-2025-2336 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
@@ -91,7 +91,7 @@ CVE-2025-29094 (Cross Site Scripting vulnerability in Motivian Content Mangment
 CVE-2025-29093 (File Upload vulnerability in Motivian Content Mangment System v.41.0.0 ...)
 	NOT-FOR-US: Motivian Content Mangment System
 CVE-2025-27811 (A local privilege escalation in the razer_elevation_service.exe in Raz ...)
-	TODO: check
+	NOT-FOR-US: Razer Synapse 4
 CVE-2025-23106 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
 	NOT-FOR-US: Samsung
 CVE-2025-23101 (An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use ...)
@@ -111,7 +111,7 @@ CVE-2025-20286 (A vulnerability in Amazon Web Services (AWS), Microsoft Azure, a
 CVE-2025-20279 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20278 (A vulnerability in the CLI of multiple Cisco Unified Communications pr ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20277 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20276 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -119,23 +119,23 @@ CVE-2025-20276 (A vulnerability in the web-based management interface of Cisco U
 CVE-2025-20275 (A vulnerability in the file opening process of Cisco Unified Contact C ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20273 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20261 (A vulnerability in the SSH connection handling of Cisco Integrated Man ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20259 (Multiple vulnerabilities in the update process of Cisco ThousandEyes E ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20163 (A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fab ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20130 (A vulnerability in the API of Cisco Identity Services Engine (ISE) and ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20129 (A vulnerability in the web-based chat interface of Cisco Customer Coll ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-1701 (CVE-2025-1701 is a high-severity vulnerability in the MIM Admin servic ...)
 	TODO: check
 CVE-2024-13967 (This vulnerability allows the successful attacker to gain unauthorized ...)
 	NOT-FOR-US: ABB group
 CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled resource co ...)
-	TODO: check
+	NOT-FOR-US: IEC 61131
 CVE-2025-48432 [Potential log injection via unescaped request path]
 	- python-django 3:4.2.22-1 (bug #1107282)
 	NOTE: https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
@@ -215,7 +215,7 @@ CVE-2025-4580 (The File Provider WordPress plugin through 1.2.3 does not have CS
 CVE-2025-4578 (The File Provider WordPress plugin through 1.2.3 does not properly san ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-49223 (billboard.js before 3.15.1 was discovered to contain a prototype pollu ...)
-	TODO: check
+	NOT-FOR-US: billboard.js
 CVE-2025-49210
 	REJECTED
 CVE-2025-49209



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e2a5e385861fe1599bfb8e0cc8dad545280845d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e2a5e385861fe1599bfb8e0cc8dad545280845d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250605/064f4398/attachment.htm>

More information about the debian-security-tracker-commits mailing list