[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 20 21:40:52 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f562e01 by Salvatore Bonaccorso at 2025-06-20T22:39:40+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -281,11 +281,11 @@ CVE-2025-49964 (Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipL
 CVE-2025-49873 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-49132 (Pterodactyl is a free, open-source game server management panel. Prior ...)
-	TODO: check
+	NOT-FOR-US: Pterodactyl
 CVE-2025-48706 (An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an ou ...)
-	TODO: check
+	NOT-FOR-US: COROS PACE
 CVE-2025-48705 (An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NUL ...)
-	TODO: check
+	NOT-FOR-US: COROS PACE
 CVE-2025-48059 (PowSyBl (Power System Blocks) is a framework to build power system ori ...)
 	NOT-FOR-US: PowSyBl (Power System Blocks)
 CVE-2025-46179 (A SQL Injection vulnerability was discovered in the askquery.php file  ...)
@@ -293,9 +293,9 @@ CVE-2025-46179 (A SQL Injection vulnerability was discovered in the askquery.php
 CVE-2025-46158 (An issue in redoxOS kernel before commit 5d41cd7c allows a local attac ...)
 	NOT-FOR-US: redoxOS kernel
 CVE-2025-45890 (Directory Traversal vulnerability in novel plus before v.5.1.0 allows  ...)
-	TODO: check
+	NOT-FOR-US: novel plus
 CVE-2025-45331 (brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: brplot
 CVE-2025-44635 (There are multiple unauthorized remote command execution vulnerabiliti ...)
 	NOT-FOR-US: H3C
 CVE-2025-44203 (In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose S ...)
@@ -313,33 +313,33 @@ CVE-2025-34029 (An OS command injection vulnerability exists in the Edimax EW-74
 CVE-2025-34024 (An OS command injection vulnerability exists in the Edimax EW-7438RPn  ...)
 	NOT-FOR-US: Edimax
 CVE-2025-34023 (A path traversal vulnerability exists in the Karel IP1211 IP Phone's w ...)
-	TODO: check
+	NOT-FOR-US: Karel IP1211 IP Phone's web management panel
 CVE-2025-34022 (A path traversal vulnerability exists in multiple models of Selea Targ ...)
-	TODO: check
+	NOT-FOR-US: Selea Targa
 CVE-2025-34021 (A server-side request forgery (SSRF) vulnerability exists in multiple  ...)
-	TODO: check
+	NOT-FOR-US: Selea Targa
 CVE-2025-32880 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. It i ...)
-	TODO: check
+	NOT-FOR-US: COROS PACE
 CVE-2025-32879 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. It s ...)
-	TODO: check
+	NOT-FOR-US: COROS PACE
 CVE-2025-32878 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. It i ...)
-	TODO: check
+	NOT-FOR-US: COROS PACE
 CVE-2025-32877 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. It i ...)
-	TODO: check
+	NOT-FOR-US: COROS PACE
 CVE-2025-32876 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. The  ...)
-	TODO: check
+	NOT-FOR-US: COROS PACE
 CVE-2025-32875 (An issue was discovered in the COROS application through 3.8.12 for An ...)
-	TODO: check
+	NOT-FOR-US: COROS application
 CVE-2025-32753 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an  ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-2443 (An issue has been discovered in GitLab EE that allows for cross-site-s ...)
 	TODO: check
 CVE-2025-25038 (An OS command injection vulnerability exists in MiniDVBLinux version 5 ...)
-	TODO: check
+	NOT-FOR-US: MiniDVBLinux
 CVE-2025-25037 (An information disclosure vulnerability exists in Aquatronica Controll ...)
-	TODO: check
+	NOT-FOR-US: Aquatronica Controller System firmware
 CVE-2025-25034 (A PHP object injection vulnerability exists in SugarCRM versions prior ...)
-	TODO: check
+	NOT-FOR-US: SugarCRM
 CVE-2024-7586 (An issue was discovered in GitLab EE affecting all versions starting f ...)
 	TODO: check
 CVE-2024-53298 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a m ...)
@@ -432,7 +432,7 @@ CVE-2025-6278 (A vulnerability classified as critical was found in Upsonic up to
 CVE-2025-6277 (A vulnerability classified as critical has been found in Brilliance Go ...)
 	NOT-FOR-US: Brilliance Golden Link Secondary System
 CVE-2025-6264 (Velociraptor allows collection of VQL queries packaged into Artifacts  ...)
-	TODO: check
+	NOT-FOR-US: Velociraptor
 CVE-2025-5125 (The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-50054 (Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f562e01b1fd575bcfb6743d9d2733c9aebcb665

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f562e01b1fd575bcfb6743d9d2733c9aebcb665
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250620/a9dc5acc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list