[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 25 21:48:03 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f2d48a8f by Salvatore Bonaccorso at 2025-06-25T22:47:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,7 +77,7 @@ CVE-2025-5823 (Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dan
 CVE-2025-5822 (Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Autho ...)
 	NOT-FOR-US: Autel
 CVE-2025-5015 (A cross-site scripting vulnerability exists in the AccuWeather and Cus ...)
-	TODO: check
+	NOT-FOR-US: Parsons
 CVE-2025-52999 (jackson-core contains core low-level incremental ("streaming") parser  ...)
 	TODO: check
 CVE-2025-52894 (OpenBao exists to provide a software solution to manage, store, and di ...)
@@ -103,23 +103,23 @@ CVE-2025-50179 (Tuleap is an Open Source Suite to improve management of software
 CVE-2025-50178 (GitForge.jl is a unified interface for interacting with Git "forges."  ...)
 	TODO: check
 CVE-2025-4656 (Vault Community and Vault Enterprise rekey and recovery key operations ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2025-49845 (Discourse is an open-source discussion platform. The visibility of pos ...)
 	NOT-FOR-US: Discourse
 CVE-2025-49797 (Multiple Brother driver installers for Windows contain a privilege esc ...)
-	TODO: check
+	NOT-FOR-US: Brother
 CVE-2025-49550 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
 	NOT-FOR-US: Adobe
 CVE-2025-49549 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p ...)
 	NOT-FOR-US: Adobe
 CVE-2025-49153 (MICROSENS NMP Web+  could allow an unauthenticated attacker to overwri ...)
-	TODO: check
+	NOT-FOR-US: MICROSENS NMP Web+
 CVE-2025-49152 (MICROSENS NMP Web+contain JSON Web Tokens (JWT) that do not expire, wh ...)
-	TODO: check
+	NOT-FOR-US: MICROSENS NMP Web+
 CVE-2025-49151 (MICROSENS NMP Web+could allow an unauthenticated attacker to generate  ...)
-	TODO: check
+	NOT-FOR-US: MICROSENS NMP Web+
 CVE-2025-49135 (CVAT is an open source interactive video and image annotation tool for ...)
-	TODO: check
+	NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2025-48991 (Tuleap is an Open Source Suite to improve management of software devel ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-48954 (Discourse is an open-source discussion platform. Versions prior to 3.5 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2d48a8f56fcd79389a66980bb6386e807606de6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2d48a8f56fcd79389a66980bb6386e807606de6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250625/a2dfce4b/attachment.htm>

More information about the debian-security-tracker-commits mailing list