[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 12 22:04:14 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b99268b by Salvatore Bonaccorso at 2025-06-12T23:03:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -103,7 +103,7 @@ CVE-2025-2745 (A cross-site scripting vulnerability exists in AVEVAPI Web API ve
 CVE-2025-2254 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <not-affected> (Vulnerable code not present)
 CVE-2025-29744 (pg-promise before 11.5.5 is vulnerable to SQL Injection due to imprope ...)
-	TODO: check
+	NOT-FOR-US: pg-promise
 CVE-2025-1516 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2025-1478 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
@@ -117,9 +117,9 @@ CVE-2024-7562 (A potential elevated privilege issue has been reported with Insta
 CVE-2024-56158 (XWiki is a generic wiki platform. It's possible to execute any SQL que ...)
 	NOT-FOR-US: XWiki
 CVE-2024-55567 (Improper input validation was discovered in UsbCoreDxe in Insyde Insyd ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2024-44906 (uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vuln ...)
-	TODO: check
+	NOT-FOR-US: uptrace pgdriver
 CVE-2024-44905 (go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerabil ...)
 	TODO: check
 CVE-2023-45256 (Multiple SQL injection vulnerabilities in the EuroInformation Monetico ...)
@@ -233946,7 +233946,7 @@ CVE-2023-20601
 CVE-2023-20600
 	RESERVED
 CVE-2023-20599 (Improper register access control in ASP may allow a privileged attacke ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics drive ...)
 	NOT-FOR-US: AMD
 CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b99268bd160dabe7c0940905bf1c96490799062

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b99268bd160dabe7c0940905bf1c96490799062
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/c2e3bc06/attachment.htm>

More information about the debian-security-tracker-commits mailing list