[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 24 06:49:08 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e06c48c by Salvatore Bonaccorso at 2025-06-24T07:48:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,9 +8,9 @@ CVE-2025-6545 (Improper Input Validation vulnerability in pbkdf2 allows Signatur
 	NOTE: Introduced by: https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078 (v3.0.10)
 	NOTE: Fixed by: https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb (v3.1.3)
 CVE-2025-6518 (A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has be ...)
-	TODO: check
+	NOT-FOR-US: PySpur-Dev pyspur
 CVE-2025-6517 (A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified ...)
-	TODO: check
+	NOT-FOR-US: Dromara MaxKey
 CVE-2025-6516 (A vulnerability has been found in HDF5 up to 1.14.6 and classified as  ...)
 	- hdf5 <unfixed>
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5581
@@ -23,7 +23,7 @@ CVE-2025-6511 (A vulnerability classified as critical has been found in Netgear
 CVE-2025-6510 (A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has b ...)
 	NOT-FOR-US: Netgear
 CVE-2025-6509 (A vulnerability was found in seaswalker spring-analysis up to 4379cce8 ...)
-	TODO: check
+	NOT-FOR-US: seaswalker spring-analysis
 CVE-2025-52969 (ClickHouse 25.7.1.557 allows low-privileged users to execute shell com ...)
 	TODO: check
 CVE-2025-52968 (xdg-open in xdg-utils through 1.2.1 can send requests containing SameS ...)
@@ -42,11 +42,11 @@ CVE-2025-52936 (Improper Link Resolution Before File Access ('Link Following') v
 CVE-2025-52935 (Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly  ...)
 	TODO: check
 CVE-2025-52922 (Innoshop through 0.4.1 allows directory traversal via FileManager API  ...)
-	TODO: check
+	NOT-FOR-US: Innoshop
 CVE-2025-52921 (In Innoshop through 0.4.1, an authenticated attacker could exploit the ...)
-	TODO: check
+	NOT-FOR-US: Innoshop
 CVE-2025-52920 (Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR)  ...)
-	TODO: check
+	NOT-FOR-US: Innoshop
 CVE-2025-52879 (In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Regist ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-52878 (In JetBrains TeamCity before 2025.03.3 usernames were exposed to the u ...)
@@ -64,51 +64,51 @@ CVE-2025-50349 (PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerab
 CVE-2025-50348 (PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to  ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-49574 (Quarkus is a Cloud Native, (Linux) Container First framework for writi ...)
-	TODO: check
+	NOT-FOR-US: Quarkus
 CVE-2025-49144 (Notepad++ is a free and open-source source code editor. In versions 8. ...)
-	TODO: check
+	NOT-FOR-US: Notepad++
 CVE-2025-49126 (Visionatrix is an AI Media processing tool using ComfyUI. In versions  ...)
 	TODO: check
 CVE-2025-48700 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 a ...)
 	NOT-FOR-US: Zimbra
 CVE-2025-48026 (A vulnerability in the WebApl component of Mitel OpenScape Xpressions  ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2025-46101 (SQL Injection vulnerability in Beakon Software Beakon Learning Managem ...)
-	TODO: check
+	NOT-FOR-US: Beakon Software Beakon Learning Management System
 CVE-2025-44528 (An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2025-2172 (Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fa ...)
-	TODO: check
+	NOT-FOR-US: Aviatrix Controller
 CVE-2025-2171 (Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do ...)
-	TODO: check
+	NOT-FOR-US: Aviatrix Controller
 CVE-2025-27387 (OPPO Clone Phone uses a weak password WiFi hotspot to transfer files,  ...)
-	TODO: check
+	NOT-FOR-US: Oppo
 CVE-2025-23049 (Meridian Technique Materialise OrthoView through 7.5.1 allows OS Comma ...)
-	TODO: check
+	NOT-FOR-US: Meridian Technique Materialise OrthoView
 CVE-2024-45347 (An unauthorized access vulnerability exists in the Xiaomi Mi Connect S ...)
 	NOT-FOR-US: Xiaomi
 CVE-2024-3511 (An incorrect authorization vulnerability exists in multiple WSO2 produ ...)
 	NOT-FOR-US: WSO2
 CVE-2023-50450 (An issue was discovered in Sensopart VISOR Vision Sensors before 2.10. ...)
-	TODO: check
+	NOT-FOR-US: Sensopart VISOR
 CVE-2023-48978 (An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: NCR ITM Web terminal
 CVE-2023-47298 (An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged a ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47297 (A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 a ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47295 (A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows at ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47294 (An issue in NCR Terminal Handler v1.5.1 allows low-level privileged au ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47032 (Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47031 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47030 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47029 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2021-47688 (In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local acces ...)
 	TODO: check
 CVE-2025-6503 (A vulnerability was found in code-projects Inventory Management System ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e06c48c046730fce97cca1712bf78167fe48465

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e06c48c046730fce97cca1712bf78167fe48465
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250624/4b80d8e1/attachment.htm>

More information about the debian-security-tracker-commits mailing list