[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri May 30 09:24:40 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
078515b3 by Salvatore Bonaccorso at 2025-05-30T10:24:24+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,9 +77,9 @@ CVE-2025-48068 (Next.js is a React framework for building full-stack web applica
 CVE-2025-47952 (Traefik (pronounced traffic) is an HTTP reverse proxy and load balance ...)
 	- traefik <itp> (bug #983289)
 CVE-2025-47697 (Client-side enforcement of server-side security issue exists in wivia  ...)
-	TODO: check
+	NOT-FOR-US: wivia
 CVE-2025-46352 (The CS5000 Fire Panel is vulnerable due to a hard-coded password that  ...)
-	TODO: check
+	NOT-FOR-US: CS5000 Fire Panel
 CVE-2025-44906 (jhead v3.08 was discovered to contain a heap-use-after-free via the Pr ...)
 	TODO: check
 CVE-2025-44905 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the  ...)
@@ -87,17 +87,17 @@ CVE-2025-44905 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow vi
 CVE-2025-44904 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the  ...)
 	TODO: check
 CVE-2025-44619 (Tinxy WiFi Lock Controller v1 RF was discovered to be configured to tr ...)
-	TODO: check
+	NOT-FOR-US: Tinxy
 CVE-2025-44614 (Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensit ...)
-	TODO: check
+	NOT-FOR-US: Tinxy
 CVE-2025-44612 (Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive  ...)
-	TODO: check
+	NOT-FOR-US: Tinxy
 CVE-2025-41438 (The CS5000 Fire Panel is vulnerable due to a default account that exis ...)
-	TODO: check
+	NOT-FOR-US: CS5000 Fire Panel
 CVE-2025-41406 (Cross-site scripting vulnerability exists in wivia 5 all versions. If  ...)
-	TODO: check
+	NOT-FOR-US: wivia
 CVE-2025-41385 (An OS Command Injection issue exists in wivia 5 all versions. If this  ...)
-	TODO: check
+	NOT-FOR-US: wivia
 CVE-2025-41235 (Spring Cloud Gateway Server forwards the X-Forwarded-Forand Forwardedh ...)
 	TODO: check
 CVE-2025-31264 (An authentication issue was addressed with improved state management.  ...)
@@ -117,7 +117,7 @@ CVE-2025-31189 (A file quarantine bypass was addressed with additional checks. T
 CVE-2025-30466 (This issue was addressed through improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2025-1907 (Instantel Micromate lacks authentication on a configuration port which ...)
-	TODO: check
+	NOT-FOR-US: Instantel Micromate
 CVE-2020-36846 (A buffer overflow, as described in CVE-2020-8927, exists in the embedd ...)
 	- libio-compress-brotli-perl <not-affected> (Debian package uses the system library from the initial packaging)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/30005245/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/078515b3ca7a957b3331c1bf381bbe7e60ba1c49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/078515b3ca7a957b3331c1bf381bbe7e60ba1c49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250530/de68ef49/attachment.htm>
