[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 01 May 2025 13:29:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ca6ea4b8 by Salvatore Bonaccorso at 2025-05-01T22:29:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,15 +7,15 @@ CVE-2025-4164 (A vulnerability, which was classified as 
critical, was found in P
 CVE-2025-4163 (A vulnerability, which was classified as critical, has been 
found in P ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4162 (A vulnerability classified as critical was found in PCMan FTP 
Server u ...)
-       TODO: check
+       NOT-FOR-US: PCMan FTP Server
 CVE-2025-4161 (A vulnerability classified as critical has been found in PCMan 
FTP Ser ...)
-       TODO: check
+       NOT-FOR-US: PCMan FTP Server
 CVE-2025-4160 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It 
has been ...)
-       TODO: check
+       NOT-FOR-US: PCMan FTP Server
 CVE-2025-4159 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It 
has been ...)
-       TODO: check
+       NOT-FOR-US: PCMan FTP Server
 CVE-2025-4158 (A vulnerability was found in PCMan FTP Server up to 2.0.7. It 
has been ...)
-       TODO: check
+       NOT-FOR-US: PCMan FTP Server
 CVE-2025-4157 (A vulnerability was found in PHPGurukul Boat Booking System 1.0 
and cl ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-46635 (An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. 
Improper ...)
@@ -43,15 +43,15 @@ CVE-2025-46625 (Lack of input validation/sanitization in 
the 'setLanCfg' API end
 CVE-2025-46569 (Open Policy Agent (OPA) is an open source, general-purpose 
policy engi ...)
        - golang-github-open-policy-agent-opa <itp> (bug #1088230)
 CVE-2025-46568 (Stirling-PDF is a locally hosted web application that allows 
you to pe ...)
-       TODO: check
+       NOT-FOR-US: Stirling-PDF
 CVE-2025-46567 (LLama Factory enables fine-tuning of large language models. 
Prior to v ...)
-       TODO: check
+       NOT-FOR-US: LLama Factory
 CVE-2025-46566 (DataEase is an open-source BI tool alternative to Tableau. 
Prior to ve ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2025-46565 (Vite is a frontend tooling framework for javascript. Prior to 
versions ...)
        TODO: check
 CVE-2025-46345 (Auth0 Account Link Extension is an extension aimed to help 
link accoun ...)
-       TODO: check
+       NOT-FOR-US: Auth0 Account Link Extension
 CVE-2025-46337 (ADOdb is a PHP database class library that provides 
abstractions for p ...)
        TODO: check
 CVE-2025-44867 (Tenda W20E V15.11.0.6 was found to contain a command injection 
vulnera ...)
@@ -63,41 +63,41 @@ CVE-2025-44865 (Tenda W20E V15.11.0.6 was found to contain 
a command injection v
 CVE-2025-44864 (Tenda W20E V15.11.0.6 was found to contain a command injection 
vulnera ...)
        NOT-FOR-US: Tenda
 CVE-2025-44863 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a 
command  ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44862 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a 
command  ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44861 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a 
command  ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44860 (TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a 
command  ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44854 (TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a 
command inj ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44848 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44847 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44846 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44845 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44844 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44843 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44842 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44841 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44840 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44839 (TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44838 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to 
contain a co ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44837 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to 
contain a co ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44836 (TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to 
contain a co ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-44835 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command 
injection in ...)
        NOT-FOR-US: D-Link
 CVE-2025-3890 (The WordPress Simple Shopping Cart plugin for WordPress is 
vulnerable  ...)
@@ -109,39 +109,39 @@ CVE-2025-3874 (The WordPress Simple Shopping Cart plugin 
for WordPress is vulner
 CVE-2025-3517 (Privilege context switching error in PAM JIT feature in 
Devolutions Se ...)
        NOT-FOR-US: Devolutions
 CVE-2025-36558 (KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a 
cross-si ...)
-       TODO: check
+       NOT-FOR-US: KUNBUS PiCtory
 CVE-2025-36521 (MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read 
which m ...)
-       TODO: check
+       NOT-FOR-US: MicroDicom DICOM Viewer
 CVE-2025-35996 (KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when 
an authe ...)
-       TODO: check
+       NOT-FOR-US: KUNBUS PiCtory
 CVE-2025-35975 (MicroDicom DICOM Viewer is vulnerable to an out-of-bounds 
write which  ...)
-       TODO: check
+       NOT-FOR-US: MicroDicom DICOM Viewer
 CVE-2025-32890 (An issue was discovered on goTenna Mesh devices with app 5.5.3 
and fir ...)
-       TODO: check
+       NOT-FOR-US: goTenna Mesh devices
 CVE-2025-32889 (An issue was discovered on goTenna v1 devices with app 5.5.3 
and firmw ...)
-       TODO: check
+       NOT-FOR-US: goTenna v1 devices
 CVE-2025-32888 (An issue was discovered on goTenna Mesh devices with app 5.5.3 
and fir ...)
-       TODO: check
+       NOT-FOR-US: goTenna Mesh devices
 CVE-2025-32887 (An issue was discovered on goTenna v1 devices with app 5.5.3 
and firmw ...)
-       TODO: check
+       NOT-FOR-US: goTenna v1 devices
 CVE-2025-32886 (An issue was discovered on goTenna v1 devices with app 5.5.3 
and firmw ...)
-       TODO: check
+       NOT-FOR-US: goTenna v1 devices
 CVE-2025-32885 (An issue was discovered on goTenna v1 devices with app 5.5.3 
and firmw ...)
-       TODO: check
+       NOT-FOR-US: goTenna v1 devices
 CVE-2025-32884 (An issue was discovered on goTenna Mesh devices with app 5.5.3 
and fir ...)
-       TODO: check
+       NOT-FOR-US: goTenna Mesh devices
 CVE-2025-32883 (An issue was discovered on goTenna Mesh devices with app 5.5.3 
and fir ...)
-       TODO: check
+       NOT-FOR-US: goTenna Mesh devices
 CVE-2025-32882 (An issue was discovered on goTenna v1 devices with app 5.5.3 
and firmw ...)
-       TODO: check
+       NOT-FOR-US: goTenna v1 devices
 CVE-2025-32881 (An issue was discovered on goTenna v1 devices with app 5.5.3 
and firmw ...)
-       TODO: check
+       NOT-FOR-US: goTenna v1 devices
 CVE-2025-32011 (KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an 
authentication by ...)
-       TODO: check
+       NOT-FOR-US: KUNBUS PiCtory
 CVE-2025-29763
        REJECTED
 CVE-2025-27007 (Incorrect Privilege Assignment vulnerability in Brainstorm 
Force SureT ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-25016 (Unrestricted file upload in Kibana allows an authenticated 
attacker to ...)
        TODO: check
 CVE-2025-24522 (KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because 
authent ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6ea4b8cf0d6cf6aed79b39ecf45c28cba5d548

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6ea4b8cf0d6cf6aed79b39ecf45c28cba5d548
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to