[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 10 06:37:42 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a377add by Salvatore Bonaccorso at 2025-09-10T07:36:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -214,21 +214,21 @@ CVE-2025-55141 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 o
 CVE-2025-55139 (SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy ...)
 	NOT-FOR-US: Ivanti
 CVE-2025-55054 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2025-55053 (CWE-328: Use of Weak Hash)
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2025-55052 (CWE-200 Exposure of Sensitive Information to an Unauthorized Actor)
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2025-55051 (CWE-1392: Use of Default Credentials)
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2025-55050 (CWE-1242: Inclusion of Undocumented Features)
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2025-55049 (Use of Default Cryptographic Key (CWE-1394))
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2025-55048 (Multiple CWE-78)
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2025-55047 (CWE-798 Use of Hard-coded Credentials)
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2025-54919 (Concurrent execution using shared resource with improper synchronizati ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-54918 (Improper authentication in Windows NTLM allows an authorized attacker  ...)
@@ -418,7 +418,7 @@ CVE-2025-48208 (Improper Neutralization of Special Elements used in an LDAP Quer
 CVE-2025-48101 (Deserialization of Untrusted Data vulnerability in webdevstudios Const ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47997 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47695 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -438,7 +438,7 @@ CVE-2025-47416 (A vulnerability exists in the ConsoleFindCommandMatchListfunctio
 CVE-2025-47415 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: Crestron
 CVE-2025-44594 (halo v2.20.17 and before is vulnerable to server-side request forgery  ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2025-43786 (Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7 ...)
 	NOT-FOR-US: Liferay
 CVE-2025-43781 (Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7 ...)
@@ -448,7 +448,7 @@ CVE-2025-43776 (A Stored cross-site scripting vulnerability in the Liferay Porta
 CVE-2025-43775 (Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4. ...)
 	NOT-FOR-US: Liferay
 CVE-2025-41701 (An unauthenticated attacker can trick a local user into executing arbi ...)
-	TODO: check
+	NOT-FOR-US: Beckhoff Automation
 CVE-2025-40804 (A vulnerability has been identified in SIMATIC Virtualization as a Ser ...)
 	NOT-FOR-US: Siemens
 CVE-2025-40803 (A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA ...)
@@ -478,13 +478,13 @@ CVE-2025-36125 (IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.111
 CVE-2025-36011 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set  ...)
 	NOT-FOR-US: IBM
 CVE-2025-34175 (In pfSense CE/usr/local/www/suricata/suricata_filecheck.php, the value ...)
-	TODO: check
+	NOT-FOR-US: pfSense CE
 CVE-2025-34174 (In pfSense CE/usr/local/www/status_traffic_totals.php, the value of th ...)
-	TODO: check
+	NOT-FOR-US: pfSense CE
 CVE-2025-34173 (In pfSense CE/usr/local/www/snort/snort_ip_reputation.php, the value o ...)
-	TODO: check
+	NOT-FOR-US: pfSense CE
 CVE-2025-34172 (In pfSense CE/usr/local/www/haproxy/haproxy_stats.php, the value of th ...)
-	TODO: check
+	NOT-FOR-US: pfSense CE
 CVE-2025-33045 (APTIOV contains vulnerabilities in the BIOS where a privileged user ma ...)
 	NOT-FOR-US: AMI
 CVE-2025-32689 (Improper Validation of Specified Quantity in Input vulnerability in Th ...)
@@ -500,19 +500,19 @@ CVE-2025-29089 (An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows
 CVE-2025-24404 (XML Injection RCE by parse http sitemap xml response vulnerability in  ...)
 	TODO: check
 CVE-2025-10199 (A local privilege escalation vulnerability exists in Sunshine for Wind ...)
-	TODO: check
+	NOT-FOR-US: Sunshine for Windows
 CVE-2025-10198 (Sunshine for Windows, version v2025.122.141614, contains a DLL search- ...)
-	TODO: check
+	NOT-FOR-US: Sunshine for Windows
 CVE-2025-10183 (A blind XML External Entity (XXE) injection in the OpenMessaging webse ...)
-	TODO: check
+	NOT-FOR-US: TecCom TecConnect
 CVE-2025-10164 (A security flaw has been discovered in lmsys sglang 0.4.6. Affected by ...)
-	TODO: check
+	NOT-FOR-US: lmsys sglang
 CVE-2025-10134 (The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10107 (A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.14 ...)
 	NOT-FOR-US: TRENDnet
 CVE-2025-10095 (A SQL injection vulnerability has been identified in the SMPP server c ...)
-	TODO: check
+	NOT-FOR-US: SMSEagle firmware
 CVE-2024-45325 (An improper neutralization of special elements used in an OS command ( ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-9542 (The AutomatorWP \u2013 Automator plugin for no-code automations, webho ...)
@@ -18405,7 +18405,7 @@ CVE-2025-52364 (Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22
 CVE-2025-52357 (Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic ...)
 	NOT-FOR-US: FiberHome FD602GW-DX-R410 router
 CVE-2025-49604 (For Realtek AmebaD devices, a heap-based buffer overflow was discovere ...)
-	TODO: check
+	NOT-FOR-US: Ameba-AIoT ameba-arduino-d
 CVE-2025-44526 (Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize i ...)
 	NOT-FOR-US: Realtek
 CVE-2025-44525 (Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a377add24f4202a39de46dd18e22bc1a83e2e8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a377add24f4202a39de46dd18e22bc1a83e2e8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250910/250f0dc5/attachment.htm>

More information about the debian-security-tracker-commits mailing list