[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 27 08:47:43 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47944fd8 by Moritz Muehlenhoff at 2025-06-27T09:47:21+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -120,13 +120,13 @@ CVE-2025-3722 (A path traversal vulnerability in System Information Reporter (SI
 CVE-2025-36034 (IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information S ...)
 	NOT-FOR-US: IBM
 CVE-2025-34049 (An OS command injection vulnerability exists in the OptiLink ONT1GEW G ...)
-	TODO: check
+	NOT-FOR-US: OptiLink
 CVE-2025-34048 (A path traversal vulnerability exists in the web management interface  ...)
 	NOT-FOR-US: D-Link
 CVE-2025-34047 (A path traversal vulnerability exists in the Leadsec SSL VPN (formerly ...)
-	TODO: check
+	NOT-FOR-US: Leadsec SSL VPN
 CVE-2025-34046 (An unauthenticated file upload vulnerability exists in the Fanwei E-Of ...)
-	TODO: check
+	NOT-FOR-US: Fanwei E-Office
 CVE-2025-34045 (A path traversal vulnerability exists in WeiPHP 5.0, an open source We ...)
 	NOT-FOR-US: WeiPHP
 CVE-2025-34044 (A remote command injection vulnerability exists in the confirm.php int ...)
@@ -138,7 +138,7 @@ CVE-2025-34042 (An authenticated command injection vulnerability exists in the B
 CVE-2025-30131 (An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticat ...)
 	NOT-FOR-US: IROAD Dashcam FX2
 CVE-2025-29331 (An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: MHSanaei 3x-ui
 CVE-2024-6174 (When a non-x86 platform is detected, cloud-init grants root access to  ...)
 	- cloud-init <unfixed>
 	NOTE: https://github.com/canonical/cloud-init/commit/f43937f0b462734eb9c76700491c18fe4133c8e1
@@ -146,7 +146,7 @@ CVE-2024-6174 (When a non-x86 platform is detected, cloud-init grants root acces
 CVE-2024-56915 (Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Si ...)
 	- netbox <itp> (bug #1017079)
 CVE-2024-52928 (Arc before 1.26.1 on Windows has a bypass issue in the site settings t ...)
-	TODO: check
+	NOT-FOR-US: Arc Browser
 CVE-2024-11584 (cloud-initthrough 25.1.2 includes the systemd socket unitcloud-init-ho ...)
 	- cloud-init <unfixed>
 	NOTE: https://github.com/canonical/cloud-init/commit/8b45006c4765fd75f20ce244571b563dbc49d4f2
@@ -412,7 +412,7 @@ CVE-2025-45332 (vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vuln
 CVE-2025-44206 (Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hex ...)
 	NOT-FOR-US: Hexagon HxGN OnCall Dispatch Advantag
 CVE-2025-41647 (A local, low-privileged attacker can learn the password of the connect ...)
-	TODO: check
+	NOT-FOR-US: PLC Designer
 CVE-2025-41256 (Cyberduck and Mountain Duck improper handle TLS certificate pinning fo ...)
 	NOT-FOR-US: Cyberduck and Mountain Duck
 CVE-2025-41255 (Cyberduck and Mountain Duck improperly handle TLS certificate pinning  ...)
@@ -430,9 +430,9 @@ CVE-2025-20264 (A vulnerability in the web-based management interface of Cisco I
 CVE-2024-57708 (An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a d ...)
 	NOT-FOR-US: OneTrust SDK
 CVE-2024-27685 (SQL Injection vulnerability in Student Record system Using PHP and MyS ...)
-	TODO: check
+	NOT-FOR-US: Student Record system Using PHP and MySQL
 CVE-2023-44915 (A cross-site scripting (XSS) vulnerability in the component /Login.php ...)
-	TODO: check
+	NOT-FOR-US: c3crm
 CVE-2021-4457 (The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5846 (An issue has been discovered in GitLab EE affecting all versions from  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47944fd879d7b4f5d3b56da32aa1b986b055213b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47944fd879d7b4f5d3b56da32aa1b986b055213b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250627/353a12a0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list