[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 11 07:19:09 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1116f152 by Salvatore Bonaccorso at 2025-09-11T08:18:41+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,17 +105,17 @@ CVE-2025-56466 (Hardcoded credentials in Dietly v1.25.0 for android allows attac
 CVE-2025-56413 (OS Command injection vulnerability in function OperateSSH in 1panel 2. ...)
 	TODO: check
 CVE-2025-56407 (A vulnerability has been found in HuangDou UTCMS V9 and classified as  ...)
-	TODO: check
+	NOT-FOR-US: HuangDou UTCMS
 CVE-2025-56406 (An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to gain  ...)
-	TODO: check
+	NOT-FOR-US: mcp-neo4j
 CVE-2025-56405 (An issue was discovered in litmusautomation litmus-mcp-server thru 0.0 ...)
-	TODO: check
+	NOT-FOR-US: litmusautomation litmus-mcp-server
 CVE-2025-56404 (An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gai ...)
-	TODO: check
+	NOT-FOR-US: MariaDB MCP
 CVE-2025-55976 (Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via  ...)
 	NOT-FOR-US: Intelbras
 CVE-2025-54376 (Hoverfly is an open source API simulation tool. In versions 1.11.3 and ...)
-	TODO: check
+	NOT-FOR-US: Hoverfly
 CVE-2025-54260 (Substance3D - Modeler versions 1.22.2 and earlier are affected by an o ...)
 	NOT-FOR-US: Adobe
 CVE-2025-54259 (Substance3D - Modeler versions 1.22.2 and earlier are affected by an I ...)
@@ -135,13 +135,13 @@ CVE-2025-54240 (After Effects versions 25.3, 24.6.7 and earlier are affected by
 CVE-2025-54239 (After Effects versions 25.3, 24.6.7 and earlier are affected by an out ...)
 	NOT-FOR-US: Adobe
 CVE-2025-54123 (Hoverfly is an open source API simulation tool. In versions 1.11.3 and ...)
-	TODO: check
+	NOT-FOR-US: Hoverfly
 CVE-2025-54084 (OS Command ('OS Command Injection') vulnerability in Calix GigaCenter  ...)
-	TODO: check
+	NOT-FOR-US: Calix
 CVE-2025-54083 (Insecure Storage of Sensitive Information vulnerability in Calix GigaC ...)
-	TODO: check
+	NOT-FOR-US: Calix
 CVE-2025-50892 (The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Back ...)
-	TODO: check
+	NOT-FOR-US: EaseUs Todo Backup
 CVE-2025-49461 (Cross-site scripting in certain Zoom Workplace Clients may allow an un ...)
 	NOT-FOR-US: Zoom
 CVE-2025-49460 (Uncontrolled resource consumption in certain Zoom Workplace Clients ma ...)
@@ -151,9 +151,9 @@ CVE-2025-49459 (Missing authorization in the installer for Zoom Workplace for Wi
 CVE-2025-49458 (Buffer overflow in certain Zoom Workplace Clients may allow an authent ...)
 	NOT-FOR-US: Zoom
 CVE-2025-44595 (Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) i ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2025-44593 (Halo prior to 2.20.13 allows bypassing file type detection and uploadi ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2025-43938 (Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V co ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-43888 (Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, c ...)
@@ -177,27 +177,27 @@ CVE-2025-43725 (Dell PowerProtect Data Manager, Generic Application Agent, versi
 CVE-2025-43491 (A vulnerability in the Poly Lens Desktop application running on the Wi ...)
 	NOT-FOR-US: HP
 CVE-2025-41714 (The upload endpoint insufficiently validates the 'Upload-Key' request  ...)
-	TODO: check
+	NOT-FOR-US: SmartEMS Web Application
 CVE-2025-40979 (DLL search order hijacking vulnerability in the wave.exe executable fo ...)
 	TODO: check
 CVE-2025-40725 (Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator.  ...)
-	TODO: check
+	NOT-FOR-US: Azon Dominator
 CVE-2025-36759 (Through the provision of user names, SolaX Cloud will suggest (similar ...)
-	TODO: check
+	NOT-FOR-US: SolaX Cloud
 CVE-2025-36758 (It is possible to bypass the clipping level of authentication attempts ...)
-	TODO: check
+	NOT-FOR-US: SolaX Cloud
 CVE-2025-36757 (It is possible to bypass the administrator login screen on SolaX Cloud ...)
-	TODO: check
+	NOT-FOR-US: SolaX Cloud
 CVE-2025-36756 (A problem with missing authorization on SolaX Cloud platform allows ta ...)
-	TODO: check
+	NOT-FOR-US: SolaX Cloud
 CVE-2025-34178 (In pfSense CE/suricata/suricata_app_parsers.php, the value of the poli ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2025-34177 (In pfSense CE/suricata/suricata_flow_stream.php, the value of the poli ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2025-34176 (In pfSense CE/suricata/suricata_ip_reputation.php, the value of the ip ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2025-29592 (oasys v1.1 is vulnerable to Directory Traversal in ProcedureController ...)
-	TODO: check
+	NOT-FOR-US: oasys
 CVE-2025-23344 (The NVIDIA NVDebug tool contains a vulnerability that may allow an act ...)
 	TODO: check
 CVE-2025-23343 (The NVIDIA NVDebug tool contains a vulnerability that may allow an act ...)
@@ -211,23 +211,23 @@ CVE-2025-20248 (A vulnerability in the installation process of Cisco IOS XR Soft
 CVE-2025-20159 (A vulnerability in the management interface access control list (ACL)  ...)
 	NOT-FOR-US: Cisco
 CVE-2025-10231 (An Incorrect File Handling Permission bug exists on the N-central Wind ...)
-	TODO: check
+	NOT-FOR-US: N-central
 CVE-2025-10227 (Missing Encryption of Sensitive Data (CWE-311) in the Object Archive c ...)
-	TODO: check
+	NOT-FOR-US: AxxonSoft Axxon One
 CVE-2025-10226 (Dependency on Vulnerable Third-Party Component (CWE-1395) in the Postg ...)
-	TODO: check
+	NOT-FOR-US: AxxonSoft Axxon One
 CVE-2025-10225 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: AxxonSoft Axxon One
 CVE-2025-10224 (Improper Authentication (CWE-287) in the LDAP authentication engine in ...)
-	TODO: check
+	NOT-FOR-US: AxxonSoft Axxon One
 CVE-2025-10223 (Insufficient Session Expiration (CWE-613) in the Web Admin Panel in Ax ...)
-	TODO: check
+	NOT-FOR-US: AxxonSoft Axxon One
 CVE-2025-10222 (Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) i ...)
-	TODO: check
+	NOT-FOR-US: AxxonSoft Axxon One
 CVE-2025-10221 (Insertion of Sensitive Information into Log File (CWE-532) in the ARP  ...)
-	TODO: check
+	NOT-FOR-US: AxxonSoft Axxon One
 CVE-2025-10220 (Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dep ...)
-	TODO: check
+	NOT-FOR-US: AxxonSoft Axxon One
 CVE-2025-10219
 	REJECTED
 CVE-2025-10215 (DLL search path hijacking vulnerability in the UPDF.exe executable for ...)
@@ -237,15 +237,15 @@ CVE-2025-10214 (DLL search path hijacking vulnerability in the UPDF.exe executab
 CVE-2025-10213 (DLL search path hijacking vulnerability in the UPDF.exe executable for ...)
 	TODO: check
 CVE-2025-10211 (A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3 ...)
-	TODO: check
+	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2025-10210 (A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Im ...)
-	TODO: check
+	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2025-10209 (A security flaw has been discovered in Papermerge DMS up to 3.5.3. Thi ...)
-	TODO: check
+	NOT-FOR-US: Papermerge DMS
 CVE-2025-10197 (A vulnerability was found in HJSoft HCM Human Resources Management Sys ...)
-	TODO: check
+	NOT-FOR-US: HJSoft HCM Human Resources Management System
 CVE-2025-10195 (A vulnerability has been found in Seismic App 2.4.2 on Android. Affect ...)
-	TODO: check
+	NOT-FOR-US: Seismic App
 CVE-2025-10172 (A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affec ...)
 	TODO: check
 CVE-2025-10171 (A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1116f152933fef61500b688d74bf4fe10fee4b9f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1116f152933fef61500b688d74bf4fe10fee4b9f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250911/4108fb91/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list