[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 11 21:29:24 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d8b39f2 by Salvatore Bonaccorso at 2025-09-11T22:29:00+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,9 +13,9 @@ CVE-2025-8557 (An internal product security audit of Lenovo XClarity Orchestrato
 CVE-2025-8061 (A potential insufficient access control vulnerability was reported in  ...)
 	NOT-FOR-US: Lenovo
 CVE-2025-59055 (InstantCMS is a free and open source content management system. A blin ...)
-	TODO: check
+	NOT-FOR-US: InstantCMS
 CVE-2025-59053 (AIRI is a self-hosted, artificial intelligence based Grok Companion. I ...)
-	TODO: check
+	NOT-FOR-US: AIRI
 CVE-2025-59047 (matrix-sdk-base is the base component to build a Matrix client library ...)
 	TODO: check
 CVE-2025-58321 (Delta Electronics DIALink has an Directory Traversal Authentication By ...)
@@ -25,7 +25,7 @@ CVE-2025-58320 (Delta Electronics DIALink has an Directory Traversal Authenticat
 CVE-2025-58065 (Flask-AppBuilder is an application development framework. Prior to ver ...)
 	TODO: check
 CVE-2025-56556 (An issue was discovered in Subrion CMS 4.2.1, allowing authenticated a ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2025-48041 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	TODO: check
 CVE-2025-48040 (Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh ...)
@@ -57,23 +57,23 @@ CVE-2025-40689 (SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul
 CVE-2025-40687 (SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-26499 (Under heavy system utilization a random race condition can occur durin ...)
-	TODO: check
+	NOT-FOR-US: Wind River Studio Developer
 CVE-2025-10255 (A vulnerability was determined in Ascensio System SIA OnlyOffice up to ...)
-	TODO: check
+	NOT-FOR-US: Ascensio System SIA OnlyOffice
 CVE-2025-10254 (A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7 ...)
-	TODO: check
+	NOT-FOR-US: Ascensio System SIA OnlyOffice
 CVE-2025-10253 (A vulnerability has been found in openDCIM 23.04. This vulnerability a ...)
-	TODO: check
+	NOT-FOR-US: openDCIM
 CVE-2025-10252 (A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This  ...)
-	TODO: check
+	NOT-FOR-US: SEAT Queue Ticket Kiosk
 CVE-2025-10251 (A vulnerability was detected in FoxCMS up to 1.24. Affected by this is ...)
-	TODO: check
+	NOT-FOR-US: FoxCMS
 CVE-2025-10250 (A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic ...)
-	TODO: check
+	NOT-FOR-US: Mavic
 CVE-2025-10193 (DNS rebinding vulnerability in Neo4j Cypher MCP server allows maliciou ...)
 	TODO: check
 CVE-2025-10127 (Daikin Security Gateway is vulnerable to an authorization bypass throu ...)
-	TODO: check
+	NOT-FOR-US: Daikin Security Gateway
 CVE-2025-39791 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.16.5-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -474,7 +474,7 @@ CVE-2025-59045 (Stalwart is a mail and collaboration server. Starting in version
 CVE-2025-59044 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
 	NOT-FOR-US: Himmelblau
 CVE-2025-59042 (PyInstaller bundles a Python application and all its dependencies into ...)
-	TODO: check
+	NOT-FOR-US: PyInstaller
 CVE-2025-59041 (Claude Code is an agentic coding tool. At startup, Claude Code execute ...)
 	NOT-FOR-US: Claude Code
 CVE-2025-59039 (Prebid Universal Creative (PUC) is a JavaScript API to render multiple ...)
@@ -514,7 +514,7 @@ CVE-2025-58131 (Race condition in the Zoom Workplace VDI Plugin macOS Universal
 CVE-2025-57642 (A Shell Upload vulnerability in Tourism Management System 2.0 allows a ...)
 	NOT-FOR-US: Tourism Management System
 CVE-2025-57633 (A command injection vulnerability in FTP-Flask-python through 5173b68  ...)
-	TODO: check
+	NOT-FOR-US: FTP-Flask-python
 CVE-2025-57573 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
 	NOT-FOR-US: Tenda
 CVE-2025-57572 (Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow ...)
@@ -532,9 +532,9 @@ CVE-2025-57392 (BenimPOS Masaustu 3.0.x is affected by insecure file permissions
 CVE-2025-56578 (An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensi ...)
 	NOT-FOR-US: RTSPtoWeb (not the python client library for RTSPtoWeb and RTSPtoWebRTC)
 CVE-2025-56466 (Hardcoded credentials in Dietly v1.25.0 for android allows attackers t ...)
-	TODO: check
+	NOT-FOR-US: Dietly Android app
 CVE-2025-56413 (OS Command injection vulnerability in function OperateSSH in 1panel 2. ...)
-	TODO: check
+	NOT-FOR-US: 1panel
 CVE-2025-56407 (A vulnerability has been found in HuangDou UTCMS V9 and classified as  ...)
 	NOT-FOR-US: HuangDou UTCMS
 CVE-2025-56406 (An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to gain  ...)
@@ -610,7 +610,7 @@ CVE-2025-43491 (A vulnerability in the Poly Lens Desktop application running on
 CVE-2025-41714 (The upload endpoint insufficiently validates the 'Upload-Key' request  ...)
 	NOT-FOR-US: SmartEMS Web Application
 CVE-2025-40979 (DLL search order hijacking vulnerability in the wave.exe executable fo ...)
-	TODO: check
+	NOT-FOR-US: Wave
 CVE-2025-40725 (Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator.  ...)
 	NOT-FOR-US: Azon Dominator
 CVE-2025-36759 (Through the provision of user names, SolaX Cloud will suggest (similar ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d8b39f26ba699ee1d8885ed47b9f613d69d5446

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d8b39f26ba699ee1d8885ed47b9f613d69d5446
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250911/091dcea3/attachment.htm>

More information about the debian-security-tracker-commits mailing list