[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0658e9b by Salvatore Bonaccorso at 2025-03-20T21:20:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2025-30160 (Redlib is an alternative private front-end to Reddit. A vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Redlib
 CVE-2025-2565 (The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3. ...)
 	NOT-FOR-US: Liferay
 CVE-2025-2557 (A vulnerability, which was classified as critical, has been found in A ...)
-	TODO: check
+	NOT-FOR-US: Audi UTR Dashcam
 CVE-2025-2556 (A vulnerability classified as problematic was found in Audi UTR Dashca ...)
-	TODO: check
+	NOT-FOR-US: Audi UTR Dashcam
 CVE-2025-2555 (A vulnerability classified as problematic has been found in Audi Unive ...)
-	TODO: check
+	NOT-FOR-US: Audi Universal Traffic Recorder App
 CVE-2025-2553 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It ...)
 	NOT-FOR-US: D-Link
 CVE-2025-2552 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It ...)
@@ -27,11 +27,11 @@ CVE-2025-2546 (A vulnerability classified as problematic was found in D-Link DIR
 CVE-2025-2539 (The File Away plugin for WordPress is vulnerable to unauthorized acces ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2480 (Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds wri ...)
-	TODO: check
+	NOT-FOR-US: Santesoft Sante DICOM Viewer Pro
 CVE-2025-2311 (Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive  ...)
-	TODO: check
+	NOT-FOR-US: SecHard
 CVE-2025-29980 (A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1 ...)
-	TODO: check
+	NOT-FOR-US: eTRAKiT.net
 CVE-2025-29923 (go-redis is the official Redis client library for the Go programming l ...)
 	TODO: check
 CVE-2025-29922 (kcp is a Kubernetes-like control plane for form-factors and use-cases  ...)
@@ -39,11 +39,11 @@ CVE-2025-29922 (kcp is a Kubernetes-like control plane for form-factors and use-
 CVE-2025-29914 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...)
 	TODO: check
 CVE-2025-29412 (A cross-site scripting (XSS) vulnerability in the Client Profile Updat ...)
-	TODO: check
+	NOT-FOR-US: Mart Developers iBanking
 CVE-2025-29411 (An arbitrary file upload vulnerability in the Client Profile Update se ...)
-	TODO: check
+	NOT-FOR-US: Mart Developers iBanking
 CVE-2025-29410 (A cross-site scripting (XSS) vulnerability in the component /contact.p ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2025-29218 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow ...)
 	NOT-FOR-US: Tenda
 CVE-2025-29217 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow ...)
@@ -59,39 +59,39 @@ CVE-2025-29121 (A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnera
 CVE-2025-29101 (Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow  ...)
 	NOT-FOR-US: Tenda
 CVE-2025-26853 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken au ...)
-	TODO: check
+	NOT-FOR-US: DESCOR INFOCAD
 CVE-2025-26852 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Inje ...)
-	TODO: check
+	NOT-FOR-US: DESCOR INFOCAD
 CVE-2025-23120 (A vulnerability allowing remote code execution (RCE) for domain users.)
-	TODO: check
+	NOT-FOR-US: qVeeam
 CVE-2025-1802 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1796 (A vulnerability in langgenius/dify v0.10.1 allows an attacker to take  ...)
-	TODO: check
+	NOT-FOR-US: langgenius/dify
 CVE-2025-1496 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: BG-TEK Coslat Hotspot
 CVE-2025-1474 (In mlflow/mlflow version 2.18, an admin is able to create a new user a ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2025-1473 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2025-1451 (A vulnerability in parisneo/lollms-webui v13 arises from the server's  ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms-webui
 CVE-2025-1040 (AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Tem ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2025-0655 (A vulnerability in man-group/dtale versions 3.15.1 allows an attacker  ...)
-	TODO: check
+	NOT-FOR-US: man-group/dtale
 CVE-2025-0628 (An improper authorization vulnerability exists in the main-latest vers ...)
 	TODO: check
 CVE-2025-0508 (A vulnerability in the SageMaker Workflow component of aws/sagemaker-p ...)
-	TODO: check
+	NOT-FOR-US: SageMaker
 CVE-2025-0454 (A Server-Side Request Forgery (SSRF) vulnerability was identified in t ...)
 	TODO: check
 CVE-2025-0453 (In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2025-0452 (eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file del ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/DB-GPT
 CVE-2025-0330 (In berriai/litellm version v1.52.1, an issue in proxy_server.py causes ...)
-	TODO: check
+	NOT-FOR-US: berriai/litellm
 CVE-2025-0317 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious  ...)
 	TODO: check
 CVE-2025-0315 (A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0658e9bd9875972d6d3ac54ac79253d87e24988

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0658e9bd9875972d6d3ac54ac79253d87e24988
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/d8529639/attachment.htm>