[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1b076d8 by Salvatore Bonaccorso at 2025-11-18T21:59:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -144,7 +144,7 @@ CVE-2025-56526 (Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allo
 CVE-2025-56499 (Incorrect access control in mihomo v1.19.11 allows authenticated attac ...)
 	NOT-FOR-US: mihomo
 CVE-2025-55796 (The openml/openml.org web application version v2.0.20241110 uses predi ...)
-	TODO: check
+	NOT-FOR-US: openml/openml.org web application
 CVE-2025-55179 (Incomplete validation of rich response messages in WhatsApp for iOS pr ...)
 	NOT-FOR-US: WhatsApp
 CVE-2025-55074 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enfo ...)
@@ -188,25 +188,25 @@ CVE-2025-46373 (A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet
 CVE-2025-46215 (An Improper Isolation or Compartmentalization vulnerability [CWE-653]  ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-41737 (Due to webserver misconfiguration an unauthenticated remote attacker i ...)
-	TODO: check
+	NOT-FOR-US: METZ CONNECT
 CVE-2025-41736 (A low privileged remote attacker can upload a new or overwrite an exis ...)
-	TODO: check
+	NOT-FOR-US: METZ CONNECT
 CVE-2025-41735 (A low privileged remote attacker can upload any file to an arbitrary l ...)
-	TODO: check
+	NOT-FOR-US: METZ CONNECT
 CVE-2025-41734 (An unauthenticated remote attacker can execute arbitrary php files and ...)
-	TODO: check
+	NOT-FOR-US: METZ CONNECT
 CVE-2025-41733 (The commissioning wizard on the affected devices does not validate if  ...)
-	TODO: check
+	NOT-FOR-US: METZ CONNECT
 CVE-2025-41350 (Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11. ...)
-	TODO: check
+	NOT-FOR-US: WinPlus
 CVE-2025-41349 (Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11. ...)
-	TODO: check
+	NOT-FOR-US: WinPlus
 CVE-2025-41348 (SQL injection vulnerability in WinPlus v24.11.27 by Inform\xe1tica del ...)
-	TODO: check
+	NOT-FOR-US: WinPlus
 CVE-2025-41347 (Unlimited upload vulnerability for dangerous file types in WinPlus v24 ...)
-	TODO: check
+	NOT-FOR-US: WinPlus
 CVE-2025-41346 (Faulty authorization control in software WinPlus v24.11.27 by Inform\x ...)
-	TODO: check
+	NOT-FOR-US: WinPlus
 CVE-2025-40549 (A Path Restriction Bypass vulnerability exists in Serv-U that when abu ...)
 	NOT-FOR-US: SolarWinds
 CVE-2025-40548 (A missing validation process exists in Serv U when abused, could give  ...)
@@ -234,7 +234,7 @@ CVE-2025-37156 (A platform-level denial-of-service (DoS) vulnerability exists in
 CVE-2025-37155 (A vulnerability in the SSH restricted shell interface of the network m ...)
 	NOT-FOR-US: HPE
 CVE-2025-34324 (GoSign Desktop versions 2.4.0 and earlier use an unsigned update manif ...)
-	TODO: check
+	NOT-FOR-US: GoSign Desktop
 CVE-2025-33184 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Pyt ...)
 	TODO: check
 CVE-2025-33183 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Pyt ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1b076d850cc4495e545b14e5f6fb113b847dd5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1b076d850cc4495e545b14e5f6fb113b847dd5b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251118/35d5fcc7/attachment.htm>