[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 25 15:57:38 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
845ca0e5 by Moritz Muehlenhoff at 2025-06-25T16:57:25+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -242,13 +242,13 @@ CVE-2025-23260 (NVIDIA AIStore contains a vulnerability in the AIS Operator wher
 CVE-2025-1718 (An authenticated user with file access privilege via FTP access can ca ...)
 	NOT-FOR-US: Hitachi Energy
 CVE-2024-56918 (In Netbox Community 4.1.7, the login page is vulnerable to cross-site  ...)
-	TODO: check
+	- netbox <itp> (bug #1017079)
 CVE-2024-56917 (Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via ...)
-	TODO: check
+	- netbox <itp> (bug #1017079)
 CVE-2024-56916 (In Netbox Community 4.1.7, once authenticated, Configuration History > ...)
-	TODO: check
+	- netbox <itp> (bug #1017079)
 CVE-2024-37743 (An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: KnowledgeGPT
 CVE-2025-6436 (Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of ...)
 	- firefox 140.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6436
@@ -367,7 +367,7 @@ CVE-2025-52566 (llama.cpp is an inference of several LLM models in C/C++. Prior
 CVE-2025-52562 (Convoy is a KVM server management panel for hosting businesses. In ver ...)
 	NOT-FOR-US: Convoy
 CVE-2025-52561 (HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version ...)
-	TODO: check
+	NOT-FOR-US: HTMLSanitizer.jl
 CVE-2025-52560 (Kanboard is project management software that focuses on the Kanban met ...)
 	- kanboard <removed>
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92
@@ -375,7 +375,7 @@ CVE-2025-52560 (Kanboard is project management software that focuses on the Kanb
 CVE-2025-52558 (changedetection.io is a free open source web page change detection, we ...)
 	NOT-FOR-US: changedetection.io
 CVE-2025-50213 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
-	TODO: check
+	NOT-FOR-US: Airflow provider for Snowflake
 CVE-2025-48890 (WRH-733GBK and WRH-733GWH contain an improper neutralization of specia ...)
 	NOT-FOR-US: ELECOM
 CVE-2025-48470 (Successful exploitation of the stored cross-site scripting vulnerabili ...)
@@ -403,35 +403,35 @@ CVE-2025-43877 (WRC-1167GHBK2-S contains a stored cross-site scripting vulnerabi
 CVE-2025-41427 (WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutra ...)
 	NOT-FOR-US: ELECOM
 CVE-2025-3090 (An unauthenticated remote attacker can obtain limited sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: mbCONNECT24
 CVE-2025-36519 (Unrestricted upload of file with dangerous type issue exists in WRC-25 ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2025-34041 (An OS command injection vulnerability exists in the Chinese versions o ...)
-	TODO: check
+	NOT-FOR-US: Sangfor Endpoint Detection and Response
 CVE-2025-34040 (An arbitrary file upload vulnerability exists in the Zhiyuan OA platfo ...)
-	TODO: check
+	NOT-FOR-US: Zhiyuan OA
 CVE-2025-34039 (A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prio ...)
-	TODO: check
+	NOT-FOR-US: Yonyou UFIDA NC
 CVE-2025-34038 (A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the ge ...)
-	TODO: check
+	NOT-FOR-US: Fanwei e-cology
 CVE-2025-34037 (An OS command injection vulnerability exists in various models of E-Se ...)
 	NOT-FOR-US: Linksys
 CVE-2025-34036 (An OS command injection vulnerability exists in white-labeled DVRs man ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen TVT
 CVE-2025-34035 (An OS command injection vulnerability exists in EnGenius EnShare Cloud ...)
-	TODO: check
+	NOT-FOR-US: EnGenius
 CVE-2025-34034 (A hardcoded credential vulnerability exists in the Blue Angel Software ...)
-	TODO: check
+	NOT-FOR-US: Blue Angel
 CVE-2025-34033 (An OS command injection vulnerability exists in the Blue Angel Softwar ...)
-	TODO: check
+	NOT-FOR-US: Blue Angel
 CVE-2025-34032 (A reflected cross-site scripting (XSS) vulnerability exists in the Moo ...)
-	TODO: check
+	NOT-FOR-US: Moodle plugin
 CVE-2025-34031 (A path traversal vulnerability exists in the Moodle LMS Jmol plugin ve ...)
-	TODO: check
+	NOT-FOR-US: Moodle plugin
 CVE-2025-2962 (A denial-of-service issue in the dns implemenation could cause an infi ...)
 	TODO: check
 CVE-2025-23092 (Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2024-56731 (Gogs is an open source self-hosted Git service. Prior to version 0.13. ...)
 	NOT-FOR-US: Go Git Service
 CVE-2025-2828 (A Server-Side Request Forgery (SSRF) vulnerability exists in the Reque ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/845ca0e5007b517f5e615cb7e6eafb958ff79956

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/845ca0e5007b517f5e615cb7e6eafb958ff79956
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250625/c68ccc1f/attachment.htm>

More information about the debian-security-tracker-commits mailing list