[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 31 21:45:15 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d60fd8c by Salvatore Bonaccorso at 2025-03-31T22:44:51+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,29 +5,29 @@ CVE-2025-3047 (When running the AWS Serverless Application Model Command Line In
CVE-2025-3027 (The vulnerability exists in the EJBCA service, version 8.0 Enterprise. ...)
TODO: check
CVE-2025-3026 (The vulnerability exists in the EJBCA service, version 8.0 Enterprise. ...)
- TODO: check
+ NOT-FOR-US: EJBCA
CVE-2025-3022 (Os command injection vulnerability in e-solutions e-management. This v ...)
- TODO: check
+ NOT-FOR-US: e-solutions e-management
CVE-2025-3021 (Path Traversal vulnerability in e-solutions e-management. This vulnera ...)
- TODO: check
+ NOT-FOR-US: e-solutions e-management
CVE-2025-3010 (A vulnerability, which was classified as problematic, has been found i ...)
TODO: check
CVE-2025-3009 (A vulnerability classified as critical was found in Jinher Network OA ...)
- TODO: check
+ NOT-FOR-US: Jinher Network OA C6
CVE-2025-3008 (A vulnerability classified as critical has been found in Novastar CX40 ...)
- TODO: check
+ NOT-FOR-US: Novastar
CVE-2025-3007 (A vulnerability was found in Novastar CX40 up to 2.44.0. It has been r ...)
- TODO: check
+ NOT-FOR-US: Novastar
CVE-2025-3006 (A vulnerability was found in PHPGurukul e-Diary Management System 1.0. ...)
NOT-FOR-US: PHPGurukul
CVE-2025-3005 (A vulnerability was found in Sayski ForestBlog up to 20250321 and clas ...)
- TODO: check
+ NOT-FOR-US: Sayski ForestBlog
CVE-2025-3004 (A vulnerability has been found in Sayski ForestBlog up to 20250321 and ...)
- TODO: check
+ NOT-FOR-US: Sayski ForestBlog
CVE-2025-3003 (A vulnerability, which was classified as critical, was found in ESAFEN ...)
NOT-FOR-US: ESAFENET
CVE-2025-3002 (A vulnerability, which was classified as critical, has been found in D ...)
- TODO: check
+ NOT-FOR-US: Digital China
CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch 2.6.0. Thi ...)
TODO: check
CVE-2025-3000 (A vulnerability classified as critical has been found in PyTorch 2.6.0 ...)
@@ -193,11 +193,11 @@ CVE-2025-31128 (gifplayer is a customizable jquery plugin to play and stop anima
CVE-2025-31125 (Vite is a frontend tooling framework for javascript. Vite exposes cont ...)
- node-vite <itp> (bug #1053782)
CVE-2025-31124 (Zitadel is open-source identity infrastructure software. ZITADEL admin ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2025-31123 (Zitadel is open-source identity infrastructure software. A vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2025-31122 (scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-bet ...)
- TODO: check
+ NOT-FOR-US: scratch-coding-hut.github.io website for Coding Hut
CVE-2025-31117 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2025-31116 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
@@ -211,7 +211,7 @@ CVE-2025-30369 (Zulip is an open-source team collaboration tool. The API for del
CVE-2025-30368 (Zulip is an open-source team collaboration tool. The API for deleting ...)
TODO: check
CVE-2025-30223 (Beego is an open-source web framework for the Go programming language. ...)
- TODO: check
+ NOT-FOR-US: Beego
CVE-2025-30209 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-30203 (Tuleap is an Open Source Suite to improve management of software devel ...)
@@ -223,19 +223,19 @@ CVE-2025-30155 (Tuleap is an Open Source Suite to improve management of software
CVE-2025-30149 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2025-30095 (VyOS 1.3 through 1.5 or any Debian-based system using dropbear in comb ...)
- TODO: check
+ NOT-FOR-US: VyOS
CVE-2025-30006 (Xorcom CompletePBX is vulnerable to a reflected cross-site scripting ( ...)
- TODO: check
+ NOT-FOR-US: Xorcom CompletePBX
CVE-2025-30005 (Xorcom CompletePBX is vulnerable to a path traversal via the Diagnosti ...)
- TODO: check
+ NOT-FOR-US: Xorcom CompletePBX
CVE-2025-30004 (Xorcom CompletePBX is vulnerable to command injection in the administr ...)
- TODO: check
+ NOT-FOR-US: Xorcom CompletePBX
CVE-2025-2999 (A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ...)
TODO: check
CVE-2025-2998 (A vulnerability was found in PyTorch 2.6.0. It has been declared as cr ...)
TODO: check
CVE-2025-2997 (A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been ...)
- TODO: check
+ NOT-FOR-US: zhangyanbo2007 youkefu
CVE-2025-2996 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified ...)
NOT-FOR-US: Tenda
CVE-2025-2995 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and class ...)
@@ -257,15 +257,15 @@ CVE-2025-2985 (A vulnerability was found in code-projects Payroll Management Sys
CVE-2025-2984 (A vulnerability was found in code-projects Payroll Management System 1 ...)
NOT-FOR-US: code-projects
CVE-2025-2794 (An unsafe reflection vulnerability in Kentico Xperience allows an unau ...)
- TODO: check
+ NOT-FOR-US: Kentico
CVE-2025-2586 (A flaw was found in the OpenShift Lightspeed Service, which is vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenShift Lightspeed Service
CVE-2025-2292 (Xorcom CompletePBX is vulnerable to an authenticated path traversal, a ...)
- TODO: check
+ NOT-FOR-US: Xorcom CompletePBX
CVE-2025-2072 (A Reflected Cross-Site Scripting (XSS) vulnerability has been discover ...)
- TODO: check
+ NOT-FOR-US: FAST LTA Silent Brick WebUI
CVE-2025-2071 (A critical OS Command Injection vulnerability has been identified in t ...)
- TODO: check
+ NOT-FOR-US: FAST LTA Silent Brick WebUI
CVE-2025-29929 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-29908 (Netty QUIC codec is a QUIC codec for netty which makes use of quiche. ...)
@@ -275,23 +275,23 @@ CVE-2025-29772 (OpenEMR is a free and open source electronic health records and
CVE-2025-29766 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-29266 (Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid Web ...)
- TODO: check
+ NOT-FOR-US: Unraid
CVE-2025-27149 (Zulip server provides an open-source team chat that helps teams stay p ...)
TODO: check
CVE-2025-27095 (JumpServer is an open source bastion host and an operation and mainten ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2025-23995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22941 (A command injection vulnerability in the web interface of Adtran 411 O ...)
- TODO: check
+ NOT-FOR-US: Adtran 411 ONT
CVE-2025-22940 (Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unaut ...)
- TODO: check
+ NOT-FOR-US: Adtran 411 ONT
CVE-2025-22939 (A command injection vulnerability in the telnet service of Adtran 411 ...)
- TODO: check
+ NOT-FOR-US: Adtran 411 ONT
CVE-2025-22938 (Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default p ...)
- TODO: check
+ NOT-FOR-US: Adtran 411 ONT
CVE-2025-22937 (An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalat ...)
- TODO: check
+ NOT-FOR-US: Adtran 411 ONT
CVE-2025-1449 (A vulnerability exists in the Rockwell Automation Verve Asset Manager ...)
TODO: check
CVE-2024-55093 (phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulne ...)
@@ -381,7 +381,7 @@ CVE-2025-2964 (A vulnerability, which was classified as problematic, was found i
CVE-2025-2963 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: ConcreteCMS
CVE-2025-2961 (A vulnerability classified as problematic was found in opensolon up to ...)
- TODO: check
+ NOT-FOR-US: opensolon
CVE-2025-2960 (A vulnerability classified as problematic has been found in TRENDnet T ...)
NOT-FOR-US: TRENDnet
CVE-2025-2959 (A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d60fd8c81427d49abc77c1846b1bb074a6879b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d60fd8c81427d49abc77c1846b1bb074a6879b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250331/2d2cf0d2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list