[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 1 21:29:34 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca6ea4b8 by Salvatore Bonaccorso at 2025-05-01T22:29:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,15 +7,15 @@ CVE-2025-4164 (A vulnerability, which was classified as critical, was found in P
 CVE-2025-4163 (A vulnerability, which was classified as critical, has been found in P ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-4162 (A vulnerability classified as critical was found in PCMan FTP Server u ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-4161 (A vulnerability classified as critical has been found in PCMan FTP Ser ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-4160 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-4159 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-4158 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-4157 (A vulnerability was found in PHPGurukul Boat Booking System 1.0 and cl ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-46635 (An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper ...)
@@ -43,15 +43,15 @@ CVE-2025-46625 (Lack of input validation/sanitization in the 'setLanCfg' API end
 CVE-2025-46569 (Open Policy Agent (OPA) is an open source, general-purpose policy engi ...)
 	- golang-github-open-policy-agent-opa <itp> (bug #1088230)
 CVE-2025-46568 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
-	TODO: check
+	NOT-FOR-US: Stirling-PDF
 CVE-2025-46567 (LLama Factory enables fine-tuning of large language models. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: LLama Factory
 CVE-2025-46566 (DataEase is an open-source BI tool alternative to Tableau. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: DataEase
 CVE-2025-46565 (Vite is a frontend tooling framework for javascript. Prior to versions ...)
 	TODO: check
 CVE-2025-46345 (Auth0 Account Link Extension is an extension aimed to help link accoun ...)
-	TODO: check
+	NOT-FOR-US: Auth0 Account Link Extension
 CVE-2025-46337 (ADOdb is a PHP database class library that provides abstractions for p ...)
 	TODO: check
 CVE-2025-44867 (Tenda W20E V15.11.0.6 was found to contain a command injection vulnera ...)
@@ -63,41 +63,41 @@ CVE-2025-44865 (Tenda W20E V15.11.0.6 was found to contain a command injection v
 CVE-2025-44864 (Tenda W20E V15.11.0.6 was found to contain a command injection vulnera ...)
 	NOT-FOR-US: Tenda
 CVE-2025-44863 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44862 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44861 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44860 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44854 (TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command inj ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44848 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44847 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44846 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44845 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44844 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44843 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44842 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44841 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44840 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44839 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44838 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a co ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44837 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a co ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44836 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a co ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-44835 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in ...)
 	NOT-FOR-US: D-Link
 CVE-2025-3890 (The WordPress Simple Shopping Cart plugin for WordPress is vulnerable  ...)
@@ -109,39 +109,39 @@ CVE-2025-3874 (The WordPress Simple Shopping Cart plugin for WordPress is vulner
 CVE-2025-3517 (Privilege context switching error in PAM JIT feature in Devolutions Se ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-36558 (KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-si ...)
-	TODO: check
+	NOT-FOR-US: KUNBUS PiCtory
 CVE-2025-36521 (MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which m ...)
-	TODO: check
+	NOT-FOR-US: MicroDicom DICOM Viewer
 CVE-2025-35996 (KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authe ...)
-	TODO: check
+	NOT-FOR-US: KUNBUS PiCtory
 CVE-2025-35975 (MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which  ...)
-	TODO: check
+	NOT-FOR-US: MicroDicom DICOM Viewer
 CVE-2025-32890 (An issue was discovered on goTenna Mesh devices with app 5.5.3 and fir ...)
-	TODO: check
+	NOT-FOR-US: goTenna Mesh devices
 CVE-2025-32889 (An issue was discovered on goTenna v1 devices with app 5.5.3 and firmw ...)
-	TODO: check
+	NOT-FOR-US: goTenna v1 devices
 CVE-2025-32888 (An issue was discovered on goTenna Mesh devices with app 5.5.3 and fir ...)
-	TODO: check
+	NOT-FOR-US: goTenna Mesh devices
 CVE-2025-32887 (An issue was discovered on goTenna v1 devices with app 5.5.3 and firmw ...)
-	TODO: check
+	NOT-FOR-US: goTenna v1 devices
 CVE-2025-32886 (An issue was discovered on goTenna v1 devices with app 5.5.3 and firmw ...)
-	TODO: check
+	NOT-FOR-US: goTenna v1 devices
 CVE-2025-32885 (An issue was discovered on goTenna v1 devices with app 5.5.3 and firmw ...)
-	TODO: check
+	NOT-FOR-US: goTenna v1 devices
 CVE-2025-32884 (An issue was discovered on goTenna Mesh devices with app 5.5.3 and fir ...)
-	TODO: check
+	NOT-FOR-US: goTenna Mesh devices
 CVE-2025-32883 (An issue was discovered on goTenna Mesh devices with app 5.5.3 and fir ...)
-	TODO: check
+	NOT-FOR-US: goTenna Mesh devices
 CVE-2025-32882 (An issue was discovered on goTenna v1 devices with app 5.5.3 and firmw ...)
-	TODO: check
+	NOT-FOR-US: goTenna v1 devices
 CVE-2025-32881 (An issue was discovered on goTenna v1 devices with app 5.5.3 and firmw ...)
-	TODO: check
+	NOT-FOR-US: goTenna v1 devices
 CVE-2025-32011 (KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication by ...)
-	TODO: check
+	NOT-FOR-US: KUNBUS PiCtory
 CVE-2025-29763
 	REJECTED
 CVE-2025-27007 (Incorrect Privilege Assignment vulnerability in Brainstorm Force SureT ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-25016 (Unrestricted file upload in Kibana allows an authenticated attacker to ...)
 	TODO: check
 CVE-2025-24522 (KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authent ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6ea4b8cf0d6cf6aed79b39ecf45c28cba5d548

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6ea4b8cf0d6cf6aed79b39ecf45c28cba5d548
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250501/f8d12595/attachment.htm>

More information about the debian-security-tracker-commits mailing list