[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 18 21:37:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5f3c2f0 by Salvatore Bonaccorso at 2025-06-18T22:37:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,15 +15,15 @@ CVE-2025-4820 (Impact  Cloudflare quiche was discovered to be vulnerable to inco
 CVE-2025-49015 (The Couchbase .NET SDK (client library) before 3.7.1 does not properly ...)
 	- libcouchbase <itp> (bug #691903)
 CVE-2025-46157 (An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execu ...)
-	TODO: check
+	NOT-FOR-US: EfroTech Time Trax
 CVE-2025-46109 (SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a  ...)
-	TODO: check
+	NOT-FOR-US: pbootCMS
 CVE-2025-45786 (Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: Real Estate Management
 CVE-2025-45784 (D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning va ...)
 	NOT-FOR-US: D-Link
 CVE-2025-45661 (A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allo ...)
-	TODO: check
+	NOT-FOR-US: miniTCG
 CVE-2025-44952 (A missing length check in `ogs_pfcp_subnet_add` function from PFCP lib ...)
 	TODO: check
 CVE-2025-44951 (A missing length check in `ogs_pfcp_dev_add` function from PFCP librar ...)
@@ -35,13 +35,13 @@ CVE-2025-36048 (IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 c
 CVE-2025-29646 (An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker  ...)
 	TODO: check
 CVE-2025-26199 (An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker  ...)
-	TODO: check
+	NOT-FOR-US: CloudClassroom PHP Project
 CVE-2025-26198 (CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in log ...)
-	TODO: check
+	NOT-FOR-US: CloudClassroom PHP Project
 CVE-2025-23999 (Missing Authorization vulnerability in Cloudways Breeze allows Exploit ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-20271 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-20260 (A vulnerability in the PDF scanning processes of ClamAV could allow an ...)
 	TODO: check
 CVE-2025-20234 (A vulnerability in Universal Disk Format (UDF) processing of ClamAV co ...)
@@ -1574,7 +1574,7 @@ CVE-2025-5141 (A binary in the BoKS Server Agent component of Fortra's Core Priv
 CVE-2025-4879 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...)
 	NOT-FOR-US: Citrix
 CVE-2025-4754 (Insufficient Session Expiration vulnerability in ash-project ash_authe ...)
-	TODO: check
+	NOT-FOR-US: ash-project ash_authentication_phoenix
 CVE-2025-4404 (A privilege escalation from host to domain vulnerability was found in  ...)
 	TODO: check
 CVE-2025-4365 (Arbitrary file read inNetScaler Console and NetScaler SDX (SVM))
@@ -1728,13 +1728,13 @@ CVE-2025-45880 (A cross-site scripting (XSS) vulnerability in the data resource
 CVE-2025-45879 (A cross-site scripting (XSS) vulnerability in the e-mail manager funct ...)
 	NOT-FOR-US: Miliaris Amigdala
 CVE-2025-45878 (A cross-site scripting (XSS) vulnerability in the report manager funct ...)
-	TODO: check
+	NOT-FOR-US: Miliaris Amigdala
 CVE-2025-45526 (A denial of service (DoS) vulnerability has been identified in the Jav ...)
-	TODO: check
+	NOT-FOR-US: microlight
 CVE-2025-45525 (A null pointer dereference vulnerability was discovered in microlight. ...)
-	TODO: check
+	NOT-FOR-US: microlight
 CVE-2025-40674 (Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: osCommerce
 CVE-2025-3880 (The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3515 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
@@ -1774,15 +1774,15 @@ CVE-2025-30618 (Deserialization of Untrusted Data vulnerability in yuliaz Rapyd
 CVE-2025-30562 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-29002 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2025-28991 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2025-28972 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2025-24773 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2025-24761 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2025-0320 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...)
 	NOT-FOR-US: Citrix
 CVE-2024-40570 (SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f3c2f07a55471027fc52895d200808b57f4c61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f3c2f07a55471027fc52895d200808b57f4c61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250618/44f8308a/attachment.htm>

More information about the debian-security-tracker-commits mailing list