[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 02 Jul 2025 13:56:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bbda1ae6 by Salvatore Bonaccorso at 2025-07-02T22:55:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -73,43 +73,43 @@ CVE-2025-34091 (A padding oracle vulnerability exists in 
Google Chrome\u2019s Ap
 CVE-2025-34090 (A security bypass vulnerability exists in Google Chrome 
AppBound cooki ...)
        TODO: check
 CVE-2025-34079 (An authenticated remote code execution vulnerability exists in 
NSClien ...)
-       TODO: check
+       NOT-FOR-US: NSClient++
 CVE-2025-34078 (A local privilege escalation vulnerability exists in 
NSClient++ 0.5.2. ...)
-       TODO: check
+       NOT-FOR-US: NSClient++
 CVE-2025-34076 (An authenticated local file inclusion vulnerability exists in 
Microweb ...)
        NOT-FOR-US: microweber
 CVE-2025-34075 (An authenticated virtual machine escape vulnerability exists 
in HashiC ...)
        TODO: check
 CVE-2025-34074 (An authenticated remote code execution vulnerability exists in 
Lucee\u ...)
-       TODO: check
+       NOT-FOR-US: Lucee
 CVE-2025-34073 (An unauthenticated command injection vulnerability exists in 
stamparm/ ...)
-       TODO: check
+       NOT-FOR-US: stamparm/maltrail (Maltrail)
 CVE-2025-34072 (A data exfiltration vulnerability exists in Anthropic\u2019s 
deprecate ...)
-       TODO: check
+       NOT-FOR-US: Slack Model Context Protocol (MCP) Server
 CVE-2025-34071 (A remote code execution vulnerability in GFI Kerio Control 
9.4.5 allow ...)
-       TODO: check
+       NOT-FOR-US: GFI Kerio Control
 CVE-2025-34070 (A missing authentication vulnerability in the GFIAgent 
component of GF ...)
-       TODO: check
+       NOT-FOR-US: GFI Kerio Control
 CVE-2025-34069 (An authentication bypass vulnerability exists in GFI Kerio 
Control 9.4 ...)
-       TODO: check
+       NOT-FOR-US: GFI Kerio Control
 CVE-2025-34067 (An unauthenticated remote command execution vulnerability 
exists in th ...)
-       TODO: check
+       NOT-FOR-US: Hikvision
 CVE-2025-34057 (An information disclosure vulnerability exists in Ruijie NBR 
series ro ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2025-2330 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for 
WordPr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-27026 (A missing double-check feature in the WebGUI for CLI 
deactivation in I ...)
-       TODO: check
+       NOT-FOR-US: Infinera G42
 CVE-2025-27025 (The target device exposes a service on a specific TCP port 
with a conf ...)
        TODO: check
 CVE-2025-27024 (Unrestricted access to OS file system in SFTP service in 
Infinera G42  ...)
-       TODO: check
+       NOT-FOR-US: Infinera G42
 CVE-2025-27023 (Lack or insufficent input validation in WebGUI CLI web in 
Infinera G42 ...)
-       TODO: check
+       NOT-FOR-US: Infinera G42
 CVE-2025-27022 (A path traversal vulnerability of the WebGUI HTTP endpoint in 
Infinera ...)
-       TODO: check
+       NOT-FOR-US: Infinera G42
 CVE-2025-27021 (The misconfiguration in the sudoers configuration of the 
operating sys ...)
-       TODO: check
+       NOT-FOR-US: Infinera G42
 CVE-2025-24335 (Nokia Single RAN baseband software versions earlier than 
24R1-SR 2.1 M ...)
        NOT-FOR-US: Nokia
 CVE-2025-24334 (The Nokia Single RAN baseband software earlier than 23R2-SR 
1.0 MP can ...)
@@ -125,13 +125,13 @@ CVE-2025-24330 (Sending a crafted SOAP "provision" 
operation message PlanId fiel
 CVE-2025-24329 (Sending a crafted SOAP "provision" operation message archive 
field wit ...)
        NOT-FOR-US: Nokia
 CVE-2025-20310 (A vulnerability in the web UI of Cisco Enterprise Chat and 
Email (ECE) ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20309 (A vulnerability in Cisco Unified Communications Manager 
(Unified CM) a ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20308 (A vulnerability in Cisco Spaces Connector could allow an 
authenticated ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20307 (A vulnerability in the web-based management interface of Cisco 
BroadWo ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-38093 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
        - linux <unfixed>
        [bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbda1ae6ad48da820206267c0e209eca8c79d941

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbda1ae6ad48da820206267c0e209eca8c79d941
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to