[Git][security-tracker-team/security-tracker][master] 3 commits: NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 26 22:12:35 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5c701ed by Moritz Muehlenhoff at 2025-03-26T23:01:45+01:00
NFUs

- - - - -
f4cf5b55 by Moritz Muehlenhoff at 2025-03-26T23:05:45+01:00
auto-nfu: Add Bizerba

Total CVEs from bizerba: 2
Total CVEs from bizerba with packages assigned: 0

Scope is "Bizerba products only"

- - - - -
0872ed62 by Moritz Muehlenhoff at 2025-03-26T23:11:35+01:00
auto-nfu: Add Xiaomi

Total CVEs from Xiaomi: 49
Total CVEs from Xiaomi with packages assigned: 0

Scope is "Xiaomi issues only"

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,17 +15,17 @@ CVE-2025-30217 (Frappe is a full-stack web application framework. Prior to versi
 CVE-2025-30164 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	TODO: check
 CVE-2025-30073 (An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. Th ...)
-	TODO: check
+	NOT-FOR-US: OPC cardsystems Webapp Aufwertung
 CVE-2025-2825 (CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are  ...)
-	TODO: check
+	NOT-FOR-US: CrushFTP
 CVE-2025-2820 (An authenticated attacker can compromise the availability of the devic ...)
 	TODO: check
 CVE-2025-2819 (There is a risk of unauthorized file uploads in GT-SoftControl and pot ...)
-	TODO: check
+	NOT-FOR-US: GT-SoftControl
 CVE-2025-2600 (Improper authorization in the variable component in Devolutions Remote ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-2596 (Session logout could be overwritten in Checkmk GmbH's Checkmk versions ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2025-2562 (Insufficient logging in the autotyping feature in Devolutions Remote D ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-2528 (Improper authorization in application password policy in Devolutions R ...)
@@ -41,11 +41,11 @@ CVE-2025-2167 (The Event post plugin for WordPress is vulnerable to Stored Cross
 CVE-2025-2110 (The WP Compress \u2013 Instant Performance & Speed Optimization plugin ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2098 (Fast CAD Reader application on MacOS was found to be installed with in ...)
-	TODO: check
+	NOT-FOR-US: Fast CAD Reader
 CVE-2025-2009 (The Newsletters plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-29322 (A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.0 ...)
-	TODO: check
+	NOT-FOR-US: ScriptCase
 CVE-2025-28942 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28939 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -155,7 +155,7 @@ CVE-2025-26559 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-26546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -165,35 +165,35 @@ CVE-2025-26537 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-26536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26011 (Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulner ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26010 (Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26009 (Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26008 (In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulner ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26007 (Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulner ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26006 (Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulner ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26005 (Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overf ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26004 (Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffe ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26003 (Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command ex ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26002 (Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack over ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-26001 (Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure v ...)
-	TODO: check
+	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-25535 (HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a re ...)
-	TODO: check
+	NOT-FOR-US: SCRIPT CASE
 CVE-2025-25134 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24972 (Discourse is an open-source discussion platform. Prior to versions `3. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2025-24808 (Discourse is an open-source discussion platform. Prior to versions `3. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2025-24690 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-23964 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -249,7 +249,7 @@ CVE-2025-1769 (The Product Import Export for WooCommerce \u2013 Import Export Pr
 CVE-2025-1703 (The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1542 (Improper permission controlvulnerability in the OXARIServiceDeskapplic ...)
-	TODO: check
+	NOT-FOR-US: OXARI ServiceDesk
 CVE-2025-1514 (The Active Products Tables for WooCommerce. Use constructor to create  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1440 (The Advanced iFrame plugin for WordPress is vulnerable to unauthorized ...)
@@ -263,9 +263,9 @@ CVE-2025-1312 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for Wor
 CVE-2025-1310 (The Jobs for WordPress plugin for WordPress is vulnerable to Directory ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-55964 (An issue was discovered in Appsmith before 1.52. An incorrectly config ...)
-	TODO: check
+	NOT-FOR-US: Appsmith
 CVE-2024-55963 (An issue was discovered in Appsmith before 1.51. A user on Appsmith th ...)
-	TODO: check
+	NOT-FOR-US: Appsmith
 CVE-2024-45351 (A code execution vulnerability exists in the Xiaomi Game center applic ...)
 	TODO: check
 CVE-2024-41643 (An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate att ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -19,6 +19,8 @@
   cna: Axis
 - reason: Bitdefender
   cna: Bitdefender
+- reason: Bizerba
+  cna: bizerba
 - reason: Black Duck
   cna: BlackDuck
 - reason: ChromeOS
@@ -101,6 +103,8 @@
   cna: WPScan
 - reason: Xerox
   cna: Xerox
+- reason: Xiaomi
+  cna: Xiaomi
 - reason: Zoho
   cna: Zohocorp
 - reason: Zoom



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36465b8be2467dac371281eedb9e4107eeeb037b...0872ed62e4d6bec25739594ec5e201d25a785376

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36465b8be2467dac371281eedb9e4107eeeb037b...0872ed62e4d6bec25739594ec5e201d25a785376
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250326/72c23cca/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list