[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 13 07:50:46 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bad17196 by Salvatore Bonaccorso at 2025-05-13T08:50:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,75 +26,75 @@ CVE-2025-47271 (The OZI action is a GitHub Action that publishes releases to PyP
 CVE-2025-47270 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
 	TODO: check
 CVE-2025-46750 (SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46749 (An authenticated user could submit scripting to fields that lack prope ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46748 (An authenticated user attempting to change their password could do so  ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46747 (An authenticated user without user-management permissions could identi ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46746 (An administrator could discover another account's credentials.)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46745 (An authenticated user without user-management permissions could view o ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46744 (An authenticated administrator could modify the Created By username fo ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46743 (An authenticated user's token could be used by another source after th ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46742 (Users who were required to change their password could still access sy ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46741 (A suspended or recently logged-out user could continue to interact wit ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46740 (An authenticated user without user administrative permissions could  c ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46739 (An unauthenticated user could discover account credentials via a brute ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46738 (An authenticated attacker can maliciously modify layout data files in  ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46737 (SEL-5037 Grid Configurator contains an overly permissive Cross Origin  ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46729 (julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler pro ...)
-	TODO: check
+	NOT-FOR-US: julmud/phpDVDProfiler
 CVE-2025-46611 (Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an a ...)
-	TODO: check
+	NOT-FOR-US: ARTEC EMA Mail
 CVE-2025-46610 (ARTEC EMA Mail 6.92 allows CSRF.)
-	TODO: check
+	NOT-FOR-US: ARTEC EMA Mail
 CVE-2025-45835 (A null pointer dereference vulnerability was discovered in Netis WF288 ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2025-45779 (Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the ...)
 	NOT-FOR-US: Tenda
 CVE-2025-44830 (EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: EngineerCMS
 CVE-2025-44176 (Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the for ...)
 	NOT-FOR-US: Tenda
 CVE-2025-44175 (Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the Get ...)
 	NOT-FOR-US: Tenda
 CVE-2025-44022 (An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: vvveb CMS
 CVE-2025-41393 (Reflected cross-site scripting vulnerability exists in the laser print ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2025-40627 (Reflected Cross-Site Scripting (XSS) vulnerability inAbanteCart v1.4.0 ...)
-	TODO: check
+	NOT-FOR-US: AbanteCart
 CVE-2025-40626 (Reflected Cross-Site Scripting (XSS) vulnerability inAbanteCart v1.4.0 ...)
-	TODO: check
+	NOT-FOR-US: AbanteCart
 CVE-2025-3632 (IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote  ...)
 	NOT-FOR-US: IBM
 CVE-2025-32390 (EspoCRM is a free, open-source customer relationship management platfo ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2025-26841 (Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3 ...)
-	TODO: check
+	NOT-FOR-US: WPEVEREST Everest Forms
 CVE-2025-1533 (A stack buffer overflow has been identified in the AsIO3.sys driver. T ...)
 	NOT-FOR-US: ASUS
 CVE-2025-1079 (Client RCE on macOS and Linux via improper symbolic link resolution in ...)
 	TODO: check
 CVE-2024-56524 (Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows  ...)
-	TODO: check
+	NOT-FOR-US: Radware Cloud Web Application Firewall (WAF)
 CVE-2024-56523 (Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows  ...)
-	TODO: check
+	NOT-FOR-US: Radware Cloud Web Application Firewall (WAF)
 CVE-2024-55466 (An arbitrary file upload vulnerability in the Image Gallery of ThingsB ...)
-	TODO: check
+	NOT-FOR-US: ThingsBoard
 CVE-2023-34732 (An issue in the userId parameter in the change password function of Fl ...)
-	TODO: check
+	NOT-FOR-US: Flytxt NEON-dX
 CVE-2025-20012
 	- intel-microcode <unfixed> (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
@@ -180,7 +180,7 @@ CVE-2025-3649 (The LightPress Lightbox WordPress plugin before 2.3.4 does not ch
 CVE-2025-3597 (The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3496 (An unauthenticated remote attacker can cause a buffer overflow which c ...)
-	TODO: check
+	NOT-FOR-US: AUMA Riester GmbH & Co. KG products
 CVE-2025-4546 (A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has bee ...)
 	NOT-FOR-US: 1Panel-dev MaxKB
 CVE-2025-4545 (A vulnerability was found in CTCMS Content Management System 2.1.2. It ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bad17196fda63c45bc423a06b72ddcc170bb34d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bad17196fda63c45bc423a06b72ddcc170bb34d7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250513/2ec67253/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list