[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 13 21:34:25 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
964c8432 by Salvatore Bonaccorso at 2025-06-13T22:34:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,21 +13,21 @@ CVE-2025-6029 (Use of fixed learning codes, one code to lock the car and the oth
 CVE-2025-49597 (handcraftedinthealps goodby-csv is a highly memory efficient, flexible ...)
 	TODO: check
 CVE-2025-49587 (XWiki is an open-source wiki software platform. When a user without sc ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-49586 (XWiki is an open-source wiki software platform. Any XWiki user with ed ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-49585 (XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0- ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-49584 (XWiki is a generic wiki platform. In XWiki Platform versions 10.9 thro ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-49583 (XWiki is a generic wiki platform. When a user without script right cre ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-49582 (XWiki is a generic wiki platform. When editing content that contains " ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-49581 (XWiki is a generic wiki platform. Any user with edit right on a page ( ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-49580 (XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1 ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-49468 (A SQL injection vulnerability in No Boss Calendar component before 5.0 ...)
 	NOT-FOR-US: Joomla
 CVE-2025-48920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -45,45 +45,45 @@ CVE-2025-48915 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-48914 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Drupal core and addons
 CVE-2025-48825 (RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an i ...)
-	TODO: check
+	NOT-FOR-US: RICOH
 CVE-2025-46783 (Path traversal vulnerability exists in RICOH Streamline NX V3 PC Clien ...)
-	TODO: check
+	NOT-FOR-US: RICOH
 CVE-2025-46096 (Directory Traversal vulnerability in solon v.3.1.2 allows a remote att ...)
 	TODO: check
 CVE-2025-46060 (Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-45988 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0 ...)
-	TODO: check
+	NOT-FOR-US: Blink routers
 CVE-2025-45987 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0 ...)
-	TODO: check
+	NOT-FOR-US: Blink routers
 CVE-2025-45986 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0 ...)
-	TODO: check
+	NOT-FOR-US: Blink routers
 CVE-2025-45985 (Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0 ...)
-	TODO: check
+	NOT-FOR-US: Blink routers
 CVE-2025-45984 (Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4 ...)
-	TODO: check
+	NOT-FOR-US: Blink routers
 CVE-2025-36633 (In Tenable Agent versions prior to 10.8.5 on a Windows host, it was fo ...)
 	TODO: check
 CVE-2025-36631 (In Tenable Agent versions prior to 10.8.5 on a Windows host, it was fo ...)
 	TODO: check
 CVE-2025-36506 (External control of file name or path issue exists in RICOH Streamline ...)
-	TODO: check
+	NOT-FOR-US: RICOH
 CVE-2025-29902 (Remote code execution that allows unauthorized users to execute arbitr ...)
 	TODO: check
 CVE-2025-28389 (Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to  ...)
-	TODO: check
+	NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-28388 (OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials f ...)
-	TODO: check
+	NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-28386 (A remote code execution (RCE) vulnerability in the Plugin Management c ...)
-	TODO: check
+	NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-28384 (An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 a ...)
-	TODO: check
+	NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-28382 (An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allo ...)
-	TODO: check
+	NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-28381 (A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access s ...)
-	TODO: check
+	NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-28380 (A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 all ...)
-	TODO: check
+	NOT-FOR-US: OpenC3 COSMOS
 CVE-2025-6012 (The Auto Attachments plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5950 (The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Sit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/964c84322b076e35f8fb9eb17c01ce03cdd27b26

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/964c84322b076e35f8fb9eb17c01ce03cdd27b26
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250613/4bac4d5d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list