[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 12 May 2025 23:50:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bad17196 by Salvatore Bonaccorso at 2025-05-13T08:50:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,75 +26,75 @@ CVE-2025-47271 (The OZI action is a GitHub Action that 
publishes releases to PyP
 CVE-2025-47270 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq 
Proof-of ...)
        TODO: check
 CVE-2025-46750 (SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow 
a local ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46749 (An authenticated user could submit scripting to fields that 
lack prope ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46748 (An authenticated user attempting to change their password 
could do so  ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46747 (An authenticated user without user-management permissions 
could identi ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46746 (An administrator could discover another account's credentials.)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46745 (An authenticated user without user-management permissions 
could view o ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46744 (An authenticated administrator could modify the Created By 
username fo ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46743 (An authenticated user's token could be used by another source 
after th ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46742 (Users who were required to change their password could still 
access sy ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46741 (A suspended or recently logged-out user could continue to 
interact wit ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46740 (An authenticated user without user administrative permissions 
could  c ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46739 (An unauthenticated user could discover account credentials via 
a brute ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46738 (An authenticated attacker can maliciously modify layout data 
files in  ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46737 (SEL-5037 Grid Configurator contains an overly permissive Cross 
Origin  ...)
-       TODO: check
+       NOT-FOR-US: Schweitzer Engineering Laboratories (SEL)
 CVE-2025-46729 (julmud/phpDVDProfiler is an adoption of the defunct 
phpDVDProfiler pro ...)
-       TODO: check
+       NOT-FOR-US: julmud/phpDVDProfiler
 CVE-2025-46611 (Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 
allows an a ...)
-       TODO: check
+       NOT-FOR-US: ARTEC EMA Mail
 CVE-2025-46610 (ARTEC EMA Mail 6.92 allows CSRF.)
-       TODO: check
+       NOT-FOR-US: ARTEC EMA Mail
 CVE-2025-45835 (A null pointer dereference vulnerability was discovered in 
Netis WF288 ...)
-       TODO: check
+       NOT-FOR-US: Netis
 CVE-2025-45779 (Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer 
Overflow in the ...)
        NOT-FOR-US: Tenda
 CVE-2025-44830 (EngineerCMS v1.02 through v.2.0.5 has a SQL injection 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: EngineerCMS
 CVE-2025-44176 (Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in 
the for ...)
        NOT-FOR-US: Tenda
 CVE-2025-44175 (Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in 
the Get ...)
        NOT-FOR-US: Tenda
 CVE-2025-44022 (An issue in vvveb CMS v.1.0.6 allows a remote attacker to 
execute arbi ...)
-       TODO: check
+       NOT-FOR-US: vvveb CMS
 CVE-2025-41393 (Reflected cross-site scripting vulnerability exists in the 
laser print ...)
-       TODO: check
+       NOT-FOR-US: Ricoh
 CVE-2025-40627 (Reflected Cross-Site Scripting (XSS) vulnerability 
inAbanteCart v1.4.0 ...)
-       TODO: check
+       NOT-FOR-US: AbanteCart
 CVE-2025-40626 (Reflected Cross-Site Scripting (XSS) vulnerability 
inAbanteCart v1.4.0 ...)
-       TODO: check
+       NOT-FOR-US: AbanteCart
 CVE-2025-3632 (IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a 
remote  ...)
        NOT-FOR-US: IBM
 CVE-2025-32390 (EspoCRM is a free, open-source customer relationship 
management platfo ...)
-       TODO: check
+       NOT-FOR-US: EspoCRM
 CVE-2025-26841 (Cross Site Scripting vulnerability in WPEVEREST Everest Forms 
before 3 ...)
-       TODO: check
+       NOT-FOR-US: WPEVEREST Everest Forms
 CVE-2025-1533 (A stack buffer overflow has been identified in the AsIO3.sys 
driver. T ...)
        NOT-FOR-US: ASUS
 CVE-2025-1079 (Client RCE on macOS and Linux via improper symbolic link 
resolution in ...)
        TODO: check
 CVE-2024-56524 (Radware Cloud Web Application Firewall (WAF) before 2025-05-07 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Radware Cloud Web Application Firewall (WAF)
 CVE-2024-56523 (Radware Cloud Web Application Firewall (WAF) before 2025-05-07 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Radware Cloud Web Application Firewall (WAF)
 CVE-2024-55466 (An arbitrary file upload vulnerability in the Image Gallery of 
ThingsB ...)
-       TODO: check
+       NOT-FOR-US: ThingsBoard
 CVE-2023-34732 (An issue in the userId parameter in the change password 
function of Fl ...)
-       TODO: check
+       NOT-FOR-US: Flytxt NEON-dX
 CVE-2025-20012
        - intel-microcode <unfixed> (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
@@ -180,7 +180,7 @@ CVE-2025-3649 (The LightPress Lightbox WordPress plugin 
before 2.3.4 does not ch
 CVE-2025-3597 (The Firelight Lightbox WordPress plugin before 2.3.15 does not 
prevent ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-3496 (An unauthenticated remote attacker can cause a buffer overflow 
which c ...)
-       TODO: check
+       NOT-FOR-US: AUMA Riester GmbH & Co. KG products
 CVE-2025-4546 (A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It 
has bee ...)
        NOT-FOR-US: 1Panel-dev MaxKB
 CVE-2025-4545 (A vulnerability was found in CTCMS Content Management System 
2.1.2. It ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bad17196fda63c45bc423a06b72ddcc170bb34d7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bad17196fda63c45bc423a06b72ddcc170bb34d7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to