[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
839615d8 by Salvatore Bonaccorso at 2025-09-29T22:31:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2025-57871 (There is a reflected cross site scripting vulnerability in Esri
 CVE-2025-57516 (OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, ...)
 	TODO: check
 CVE-2025-57483 (A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbo ...)
-	TODO: check
+	NOT-FOR-US: tawk.to chatbox widget
 CVE-2025-57428 (Default credentials in Italy Wireless Mini Router WIRELESS-N 300M v28K ...)
 	NOT-FOR-US: Italy Wireless Mini Router WIRELESS-N 300M
 CVE-2025-57424 (A stored cross-site scripting (XSS) vulnerability exists in the MyCour ...)
@@ -43,11 +43,11 @@ CVE-2025-56807 (A cross-site scripting (XSS) vulnerability in FairSketch RISE Ul
 CVE-2025-56795 (Mealie 3.0.1 and earlier is vulnerable to Cross-Site Scripting (XSS) i ...)
 	TODO: check
 CVE-2025-56764 (Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reve ...)
-	TODO: check
+	NOT-FOR-US: Trivision NC-227WF firmware
 CVE-2025-56449 (A security vulnerability was identified in Obsidian Scheduler's REST A ...)
-	TODO: check
+	NOT-FOR-US: Obsidian
 CVE-2025-56234 (AT_NA2000 from Nanda Automation Technology vendor has a denial-of-serv ...)
-	TODO: check
+	NOT-FOR-US: AT_NA2000
 CVE-2025-56233 (Openindiana, kernel SunOS 5.11 has a denial of service vulnerability.  ...)
 	TODO: check
 CVE-2025-55795 (The openml/openml.org web application version v2.0.20241110 uses incre ...)
@@ -57,11 +57,11 @@ CVE-2025-51495 (An integer overflow vulnerability exists in the WebSocket compon
 CVE-2025-43400 (An out-of-bounds write issue was addressed with improved bounds checki ...)
 	NOT-FOR-US: Apple
 CVE-2025-41252 (Description: VMware NSX contains a username enumeration vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-41251 (VMware NSX contains a weak password recovery mechanism vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-41250 (VMware vCenter contains an SMTP header injection vulnerability.A malic ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2025-36352 (IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored c ...)
 	NOT-FOR-US: IBM
 CVE-2025-36351 (IBM License Metric Tool 9.2.0 through 9.2.40   could allow an authenti ...)
@@ -69,17 +69,17 @@ CVE-2025-36351 (IBM License Metric Tool 9.2.0 through 9.2.40   could allow an au
 CVE-2025-36099 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial ...)
 	NOT-FOR-US: IBM
 CVE-2025-35034 (Medical Informatics Engineering Enterprise Health has a reflected cros ...)
-	TODO: check
+	NOT-FOR-US: Medical Informatics Engineering Enterprise Health
 CVE-2025-35033 (Medical Informatics Engineering Enterprise Health has a CSV injection  ...)
-	TODO: check
+	NOT-FOR-US: Medical Informatics Engineering Enterprise Health
 CVE-2025-35032 (Medical Informatics Engineering Enterprise Health allows authenticated ...)
-	TODO: check
+	NOT-FOR-US: Medical Informatics Engineering Enterprise Health
 CVE-2025-35031 (Medical Informatics Engineering Enterprise Health includes the user's  ...)
-	TODO: check
+	NOT-FOR-US: Medical Informatics Engineering Enterprise Health
 CVE-2025-35030 (Medical Informatics Engineering Enterprise Health has a cross site req ...)
-	TODO: check
+	NOT-FOR-US: Medical Informatics Engineering Enterprise Health
 CVE-2025-34196 (Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions p ...)
-	TODO: check
+	NOT-FOR-US: Vasion Print (formerly PrinterLogic)
 CVE-2025-11155 (The credentials required to access the device's web server are sent in ...)
 	TODO: check
 CVE-2025-11150
@@ -89,21 +89,21 @@ CVE-2025-11147 (Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. Th
 CVE-2025-11146 (Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...)
 	TODO: check
 CVE-2025-10346 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a  sto ...)
-	TODO: check
+	NOT-FOR-US: Perfex CRM
 CVE-2025-10345 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a  sto ...)
-	TODO: check
+	NOT-FOR-US: Perfex CRM
 CVE-2025-10344 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a  sto ...)
-	TODO: check
+	NOT-FOR-US: Perfex CRM
 CVE-2025-10343 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a  sto ...)
-	TODO: check
+	NOT-FOR-US: Perfex CRM
 CVE-2025-10342 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a  sto ...)
-	TODO: check
+	NOT-FOR-US: Perfex CRM
 CVE-2025-10341 (HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a  sto ...)
-	TODO: check
+	NOT-FOR-US: Perfex CRM
 CVE-2024-57412 (An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of S ...)
 	TODO: check
 CVE-2024-13150 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: fayton.Pro ERP
 CVE-2025-41246 (VMware Tools for Windows contains an improper authorisationvulnerabili ...)
 	NOT-FOR-US: VMware Tools for Windows
 CVE-2025-41245 (VMware Aria Operations contains an information disclosure vulnerabilit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/839615d8dfc8e6df00e7d84cce2f59afaa57fb35

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/839615d8dfc8e6df00e7d84cce2f59afaa57fb35
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250929/ff815fb3/attachment.htm>