[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 24 Jul 2025 06:35:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bf503b35 by Salvatore Bonaccorso at 2025-07-24T15:29:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-8107 (In OceanBase's Oracle tenant mode, a malicious user with 
specific priv ...)
-       TODO: check
+       NOT-FOR-US: OceanBase
 CVE-2025-8009 (The Security Ninja \u2013 WordPress Security Plugin & Firewall 
plugin  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-7852 (The WPBookit plugin for WordPress is vulnerable to arbitrary 
file uplo ...)
@@ -15,7 +15,7 @@ CVE-2025-54377 (Roo Code is an AI-powered autonomous coding 
agent that lives in
 CVE-2025-54371
        REJECTED
 CVE-2025-54365 (fastapi-guard is a security library for FastAPI that provides 
middlewa ...)
-       TODO: check
+       NOT-FOR-US: fastapi-guard
 CVE-2025-53942 (authentik is an open-source Identity Provider that emphasizes 
flexibil ...)
        NOT-FOR-US: authentik
 CVE-2025-53537 (LibHTP is a security-aware parser for the HTTP protocol and 
its relate ...)
@@ -25,17 +25,17 @@ CVE-2025-4976 (An issue has been discovered in GitLab EE 
affecting all versions
 CVE-2025-4968 (The WPBakery Page Builder for WordPress plugin for WordPress is 
vulner ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4395 (Medtronic MyCareLink Patient Monitor has a built-in user 
account with  ...)
-       TODO: check
+       NOT-FOR-US: Medtronic MyCareLink Patient Monitor
 CVE-2025-4394 (Medtronic MyCareLink Patient Monitor uses an unencrypted 
filesystem on ...)
-       TODO: check
+       NOT-FOR-US: Medtronic MyCareLink Patient Monitor
 CVE-2025-4393 (Medtronic MyCareLink Patient Monitor has an internal service 
that dese ...)
-       TODO: check
+       NOT-FOR-US: Medtronic MyCareLink Patient Monitor
 CVE-2025-47281 (Kyverno is a policy engine designed for cloud native platform 
engineer ...)
-       TODO: check
+       NOT-FOR-US: Kyverno
 CVE-2025-41240 (Three Bitnami Helm charts mount Kubernetes Secrets under a 
predictable ...)
        TODO: check
 CVE-2025-32019 (Harbor is an open source trusted cloud native registry project 
that st ...)
-       TODO: check
+       NOT-FOR-US: Harbor
 CVE-2025-26397 (SolarWinds Observability Self-Hosted is susceptible to 
Deserialization ...)
        NOT-FOR-US: SolarWinds
 CVE-2025-1299 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
@@ -59,9 +59,9 @@ CVE-2025-8058 (The regcomp function in the GNU C library 
version from 2.4 to 2.4
 CVE-2025-8022 (Versions of the package bun after 0.0.12 are vulnerable to 
Improper Ne ...)
        TODO: check
 CVE-2025-8021 (All versions of the package files-bucket-server are vulnerable 
to Dire ...)
-       TODO: check
+       NOT-FOR-US: files-bucket-server Node.js module
 CVE-2025-8020 (All versions of the package private-ip are vulnerable to 
Server-Side R ...)
-       TODO: check
+       NOT-FOR-US: private-ip Node.js module
 CVE-2025-7766 (LantronixProvisioning Manager is vulnerable to XML external 
entity att ...)
        NOT-FOR-US: Lantronix
 CVE-2025-7724 (An unauthenticated OS command injection vulnerability existsin 
VIGI NV ...)
@@ -270,7 +270,7 @@ CVE-2018-25114 (A remote code execution vulnerability 
exists within osCommerce O
 CVE-2018-25113 (An unauthenticated path traversal vulnerability exists in 
Dicoogle PAC ...)
        TODO: check
 CVE-2017-20198 (The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users 
to deplo ...)
-       TODO: check
+       NOT-FOR-US: Marathon UI in DC/OS
 CVE-2016-15045 (A local privilege escalation vulnerability exists in 
lastore-daemon, t ...)
        TODO: check
 CVE-2015-10141 (An unauthenticated OS command injection vulnerability exists 
within Xd ...)
@@ -399110,7 +399110,7 @@ CVE-2020-26801 (A stored cross-site scripting (XSS) 
vulnerability was discovered
 CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client 
version <= ...)
        NOT-FOR-US: Aleth Ethereum
 CVE-2020-26799 (A reflected cross-site scripting (XSS) vulnerability was 
discovered in ...)
-       TODO: check
+       NOT-FOR-US: Luxsoft
 CVE-2020-26798
        RESERVED
 CVE-2020-26797 (Mediainfo before version 20.08 has a heap buffer overflow 
vulnerabilit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf503b35bb9f8bec60df1d6c8cf7bd8b5e109e98

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf503b35bb9f8bec60df1d6c8cf7bd8b5e109e98
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to