[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 18 20:28:06 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
193dc8f5 by Salvatore Bonaccorso at 2025-03-18T21:27:41+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
 CVE-2025-30142 (An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of ...)
-	TODO: check
+	NOT-FOR-US: G-Net
 CVE-2025-30141 (An issue was discovered on G-Net Dashcam BB GONX devices. One can Remo ...)
-	TODO: check
+	NOT-FOR-US: G-Net
 CVE-2025-30139 (An issue was discovered on G-Net Dashcam BB GONX devices. Default cred ...)
-	TODO: check
+	NOT-FOR-US: G-Net
 CVE-2025-30138 (An issue was discovered on G-Net Dashcam BB GONX devices. Managing Set ...)
-	TODO: check
+	NOT-FOR-US: G-Net
 CVE-2025-30137 (An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credent ...)
-	TODO: check
+	NOT-FOR-US: G-Net
 CVE-2025-30132 (An issue was discovered on IROAD Dashcam V devices. It uses an unregis ...)
-	TODO: check
+	NOT-FOR-US: IROAD
 CVE-2025-30123 (An issue was discovered on ROADCAM X3 devices. The mobile app APK (Vii ...)
-	TODO: check
+	NOT-FOR-US: ROADCAM
 CVE-2025-30122 (An issue was discovered on ROADCAM X3 devices. It has a uniform defaul ...)
-	TODO: check
+	NOT-FOR-US: ROADCAM
 CVE-2025-30117 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
-	TODO: check
+	NOT-FOR-US: Forvia Hella HELLA Driving Recorder DR 820
 CVE-2025-30116 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
-	TODO: check
+	NOT-FOR-US: Forvia Hella HELLA Driving Recorder DR 820
 CVE-2025-30115 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
-	TODO: check
+	NOT-FOR-US: Forvia Hella HELLA Driving Recorder DR 820
 CVE-2025-30114 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
-	TODO: check
+	NOT-FOR-US: Forvia Hella HELLA Driving Recorder DR 820
 CVE-2025-30113 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
-	TODO: check
+	NOT-FOR-US: Forvia Hella HELLA Driving Recorder DR 820
 CVE-2025-30111 (On IROAD v9 devices, one can Remotely Dump Video Footage and the Live  ...)
-	TODO: check
+	NOT-FOR-US: IROAD
 CVE-2025-30110 (On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Addr ...)
-	TODO: check
+	NOT-FOR-US: IROAD
 CVE-2025-30109 (In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ...)
-	TODO: check
+	NOT-FOR-US: IROAD
 CVE-2025-30107 (On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data an ...)
-	TODO: check
+	NOT-FOR-US: IROAD
 CVE-2025-30106 (On IROAD v9 devices, the dashcam has hardcoded default credentials ("q ...)
-	TODO: check
+	NOT-FOR-US: IROAD
 CVE-2025-2495 (Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel  ...)
-	TODO: check
+	NOT-FOR-US: Softdial Contact Center of Sytel Ltd
 CVE-2025-2494 (Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This ...)
-	TODO: check
+	NOT-FOR-US: Softdial Contact Center of Sytel Ltd
 CVE-2025-2493 (Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd.  ...)
-	TODO: check
+	NOT-FOR-US: Softdial Contact Center of Sytel Ltd
 CVE-2025-2491 (A vulnerability classified as problematic has been found in Dromara uj ...)
-	TODO: check
+	NOT-FOR-US: Dromara ujcms
 CVE-2025-2490 (A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as ...)
-	TODO: check
+	NOT-FOR-US: Dromara ujcms
 CVE-2025-2489 (Insecure information storage vulnerability in NTFS Tools version 3.5.1 ...)
-	TODO: check
+	NOT-FOR-US: NTFS Tools
 CVE-2025-2487 (A flaw was found in the 389-ds-base LDAP Server. This issue occurs whe ...)
 	TODO: check
 CVE-2025-2450 (NI Vision Builder AI VBAI File Processing Missing Warning Remote Code  ...)
@@ -53,37 +53,37 @@ CVE-2025-2450 (NI Vision Builder AI VBAI File Processing Missing Warning Remote
 CVE-2025-2449 (NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code  ...)
 	TODO: check
 CVE-2025-29930 (imFAQ is an advanced questions and answers management system for Impre ...)
-	TODO: check
+	NOT-FOR-US: ImpressCMS
 CVE-2025-29907 (jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, use ...)
 	TODO: check
 CVE-2025-29790 (Contao is an Open Source CMS. Users can upload SVG files with maliciou ...)
-	TODO: check
+	NOT-FOR-US: Contao CMS
 CVE-2025-27688 (Dell ThinOS 2408 and prior, contains an improper permissions vulnerabi ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-27080 (Vulnerabilities in the command line interface of AOS-CX could allow an ...)
 	TODO: check
 CVE-2025-26138 (Systemic Risk Value <=2.8.0 is vulnerable to improper access control i ...)
-	TODO: check
+	NOT-FOR-US: Systemic Risk Value
 CVE-2025-26137 (Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via  ...)
-	TODO: check
+	NOT-FOR-US: Systemic Risk Value
 CVE-2025-25595 (A lack of rate limiting in the login page of Safe App version a3.0.9 a ...)
-	TODO: check
+	NOT-FOR-US: Safe App
 CVE-2025-25590 (yimioa before v2024.07.04 was discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: yimioa
 CVE-2025-25589 (An XML external entity (XXE) injection vulnerability in the component  ...)
-	TODO: check
+	NOT-FOR-US: yimioa
 CVE-2025-25586 (yimioa before v2024.07.04 was discovered to contain an information dis ...)
-	TODO: check
+	NOT-FOR-US: yimioa
 CVE-2025-25585 (Incorrect access control in the component /config/WebSecurityConfig.ja ...)
-	TODO: check
+	NOT-FOR-US: yimioa
 CVE-2025-25582 (yimioa before v2024.07.04 was discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: yimioa
 CVE-2025-25580 (yimioa before v2024.07.04 was discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: yimioa
 CVE-2025-25500 (An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capabi ...)
 	TODO: check
 CVE-2025-25220 (Improper neutralization of special elements used in an OS command ('OS ...)
-	TODO: check
+	NOT-FOR-US: +F FS010M
 CVE-2025-25042 (A vulnerability in the AOS-CX REST interface could allow an authentica ...)
 	TODO: check
 CVE-2025-25040 (A vulnerability has been identified in the port ACL functionality of A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/193dc8f510e262c4fb4a28326e4f0bf21ab519ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/193dc8f510e262c4fb4a28326e4f0bf21ab519ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250318/2bbf8334/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list