[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 3 07:56:36 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
647fc323 by Salvatore Bonaccorso at 2025-09-03T08:56:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,25 +9,25 @@ CVE-2025-9784 (A flaw was found in Undertow where malformed client requests can
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2392306
 	NOTE: Dedicated CVE for undertow for the "MadeYouReset" DoS attack
 CVE-2025-9696 (The SunPower PVS6's BluetoothLE interface is vulnerable due to its use ...)
-	TODO: check
+	NOT-FOR-US: SunPower PVS6's BluetoothLE interface
 CVE-2025-9573 (The ns_backup extension through 13.0.2 for TYPO3 allows command inject ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2025-9276 (Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authenti ...)
-	TODO: check
+	NOT-FOR-US: Cockroach Labs cockroach-k8s-request-cert
 CVE-2025-9275 (Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write  ...)
-	TODO: check
+	NOT-FOR-US: Oxford Instruments Imaris Viewer
 CVE-2025-9274 (Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointe ...)
-	TODO: check
+	NOT-FOR-US: Oxford Instruments Imaris Viewer
 CVE-2025-9273 (CData API Server MySQL Misconfiguration Information Disclosure Vulnera ...)
-	TODO: check
+	NOT-FOR-US: CData API Server
 CVE-2025-9189 (There is an out of bounds write vulnerability due to improper bounds c ...)
 	NOT-FOR-US: National Instruments
 CVE-2025-9188 (There is a deserialization of untrusted data vulnerability in Digilent ...)
 	NOT-FOR-US: National Instruments
 CVE-2025-8614 (NoMachine Uncontrolled Search Path Element Local Privilege Escalation  ...)
-	TODO: check
+	NOT-FOR-US: NoMachine
 CVE-2025-8613 (Vacron Camera ping Command Injection Remote Code Execution Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Vacron Camera
 CVE-2025-8302 (Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Lo ...)
 	TODO: check
 CVE-2025-8301 (Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-bas ...)
@@ -39,15 +39,15 @@ CVE-2025-8299 (Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET
 CVE-2025-8298 (Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOi ...)
 	TODO: check
 CVE-2025-7976 (Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data R ...)
-	TODO: check
+	NOT-FOR-US: Anritsu ShockLine
 CVE-2025-7975 (Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Exe ...)
-	TODO: check
+	NOT-FOR-US: Anritsu ShockLine
 CVE-2025-7974 (rocket.chat Incorrect Authorization Information Disclosure Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2025-6685 (ATEN eco DC Missing Authorization Privilege Escalation Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: ATEN
 CVE-2025-6519 (E3 Site Supervisor (firmware version < 2.31F01) has a default admin us ...)
-	TODO: check
+	NOT-FOR-US: E3 Site Supervisor
 CVE-2025-5662 (A deserialization vulnerability exists in the H2O-3 REST API (POST /99 ...)
 	TODO: check
 CVE-2025-57778 (There is an out of bounds write vulnerability due to improper bounds c ...)
@@ -189,7 +189,7 @@ CVE-2025-9795 (A vulnerability has been found in xujeff tianti \u5929\u68af up t
 CVE-2025-9794 (A flaw has been found in Campcodes Computer Sales and Inventory System ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-8662 (OpenAM (OpenAM Consortium Edition) contains a vulnerability that may c ...)
-	TODO: check
+	NOT-FOR-US: OpenAM
 CVE-2025-58421
 	REJECTED
 CVE-2025-58420
@@ -207,13 +207,13 @@ CVE-2025-58415
 CVE-2025-58414
 	REJECTED
 CVE-2025-58178 (SonarQube Server and Cloud is a static analysis solution for continuou ...)
-	TODO: check
+	NOT-FOR-US: SonarQube
 CVE-2025-58162 (MobSF is a mobile application security testing tool used. In version 4 ...)
-	TODO: check
+	NOT-FOR-US: MobSF
 CVE-2025-58161 (MobSF is a mobile application security testing tool used. In version 4 ...)
-	TODO: check
+	NOT-FOR-US: MobSF
 CVE-2025-57808 (ESPHome is a system to control microcontrollers remotely through Home  ...)
-	TODO: check
+	NOT-FOR-US: ESPHome
 CVE-2025-44017 ("Gunosy" App contains a vulnerability where sensitive information may  ...)
 	TODO: check
 CVE-2024-28988 (SolarWinds Web Help Desk was found to be susceptible to a Java Deseria ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/647fc323de0dc6b3d814955c6f561a7f95a8a1dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/647fc323de0dc6b3d814955c6f561a7f95a8a1dd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250903/95d07dcb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list