[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 01 Jul 2025 14:09:01 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c2f593c5 by Salvatore Bonaccorso at 2025-07-01T22:58:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2025-50641 (Tenda AC6 15.03.05.16_multi is vulnerable to 
Buffer Overflow in
 CVE-2025-50405 (Intelbras RX1500 Router v2.2.17 and before is vulnerable to 
Incorrect  ...)
        NOT-FOR-US: Intelbras
 CVE-2025-50404 (Intelbras RX1500 Router v2.2.17 and before is vulnerable to 
Integer Ov ...)
-       TODO: check
+       NOT-FOR-US: Intelbras
 CVE-2025-49492 (Out-of-bounds write in ASR180x  in lte-telephony, May cause a 
buffer u ...)
        NOT-FOR-US: ASR Microelectronics
 CVE-2025-49491 (Improper Resource Shutdown or Release vulnerability in ASR 
Falcon_Linu ...)
@@ -77,13 +77,13 @@ CVE-2025-48379 (Pillow is a Python imaging library. In 
versions 11.2.0 to before
 CVE-2025-46259 (Missing Authorization vulnerability in POSIMYTH Innovation The 
Plus Ad ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-45872 (zrlog v3.1.5 was discovered to contain a Server-Side Request 
Forgery ( ...)
-       TODO: check
+       NOT-FOR-US: zrlog
 CVE-2025-45083 (Incorrect access control in Ullu (Android version v2.9.929 and 
IOS ver ...)
-       TODO: check
+       NOT-FOR-US: Ullu
 CVE-2025-45081 (Misconfigured settings in IITB SSO v1.1.0 allow attackers to 
access se ...)
-       TODO: check
+       NOT-FOR-US: IITB SSO
 CVE-2025-45080 (YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use 
unencrypt ...)
-       TODO: check
+       NOT-FOR-US: YONO SBI
 CVE-2025-45006 (Improper mstatus.SUM bit retention (non-zero) in Open-Source 
RISC-V Pr ...)
        TODO: check
 CVE-2025-41656 (An unauthenticated remote attacker can run arbitrary commands 
on the a ...)
@@ -99,13 +99,13 @@ CVE-2025-37097 (A vulnerability in HPE Insight Remote 
Support (IRS) prior to v7.
 CVE-2025-36582 (Dell NetWorker, versions 19.12.0.1 and prior, contains a 
Selection of  ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-34081 (The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP 
phpinfo() ...)
-       TODO: check
+       NOT-FOR-US: Contec Co.,Ltd. CONPROSYS HMI System (CHS)
 CVE-2025-34080 (The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable 
to Cross- ...)
-       TODO: check
+       NOT-FOR-US: Contec Co.,Ltd. CONPROSYS HMI System (CHS)
 CVE-2025-34066 (An improper certificate validation vulnerability exists in 
AVTECH IP c ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-34065 (An authentication bypass vulnerability exists in AVTECH IP 
camera, DVR ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-34064 (A cloud infrastructure misconfiguration in OneLogin AD 
Connector resul ...)
        TODO: check
 CVE-2025-34063 (A cryptographic authentication bypass vulnerability exists in 
OneLogin ...)
@@ -115,25 +115,25 @@ CVE-2025-34062 (An information disclosure vulnerability 
exists in OneLogin AD Co
 CVE-2025-34060 (A PHP objection injection vulnerability exists in the Monero 
Project\u ...)
        TODO: check
 CVE-2025-34059 (An SQL injection vulnerability exists in the Dahua Smart Cloud 
Gateway ...)
-       TODO: check
+       NOT-FOR-US: Dahua Smart Cloud Gateway Registration Management Platform
 CVE-2025-34058 (Hikvision Streaming Media Management Server v2.3.5 uses 
default creden ...)
-       TODO: check
+       NOT-FOR-US: Hikvision
 CVE-2025-34056 (An OS command injection vulnerability exists in AVTECH IP 
camera, DVR, ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-34055 (An OS command injection vulnerability exists in AVTECH DVR, 
NVR, and I ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-34054 (An unauthenticated command injection vulnerability exists in 
AVTECH DV ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-34053 (An authentication bypass vulnerability exists in AVTECH IP 
camera, DVR ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-34052 (An unauthenticated information disclosure vulnerability exists 
in AVTE ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-34051 (A server-side request forgery vulnerability exists in multiple 
firmwar ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-34050 (Across-site request forgery (CSRF) vulnerability exists in the 
web int ...)
-       TODO: check
+       NOT-FOR-US: AVTECH
 CVE-2025-27153 (Escalade GLPI plugin is a ticket escalation process helper for 
GLPI. P ...)
-       TODO: check
+       NOT-FOR-US: Escalade GLPI plugin
 CVE-2024-35164
        - guacamole-client <removed>
 CVE-2024-39954



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f593c5318a12741c53d1acde4cf06d28111313

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f593c5318a12741c53d1acde4cf06d28111313
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to