[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 02 Aug 2025 02:20:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
78e43262 by Salvatore Bonaccorso at 2025-08-02T11:19:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,35 +13,35 @@ CVE-2025-6754 (The SEO Metrics plugin for WordPress is 
vulnerable to Privilege E
 CVE-2025-6626 (The ShortPixel Adaptive Images \u2013 WebP, AVIF, CDN, Image 
Optimizat ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-6078 (Partner Software's Partner Software application and Partner Web 
applic ...)
-       TODO: check
+       NOT-FOR-US: Partner Software
 CVE-2025-6077 (Partner Software's Partner Software Product and corresponding 
Partner  ...)
-       TODO: check
+       NOT-FOR-US: Partner Software
 CVE-2025-6076 (Partner Software's Partner Software application and Partner Web 
applic ...)
-       TODO: check
+       NOT-FOR-US: Partner Software
 CVE-2025-54796 (Copyparty is a portable file server. Versions prior to 1.18.9, 
the fil ...)
-       TODO: check
+       NOT-FOR-US: Copyparty
 CVE-2025-54792 (LocalSend is an open-source app to securely share files and 
messages w ...)
-       TODO: check
+       NOT-FOR-US: LocalSend
 CVE-2025-54790 (Files is a module for managing files inside spaces and user 
profiles.  ...)
-       TODO: check
+       NOT-FOR-US: Files (a module for managing files inside spaces and user 
profiles)
 CVE-2025-54789 (Files is a module for managing files inside spaces and user 
profiles.  ...)
-       TODO: check
+       NOT-FOR-US: Files (a module for managing files inside spaces and user 
profiles)
 CVE-2025-54782 (Nest is a framework for building scalable Node.js server-side 
applicat ...)
        TODO: check
 CVE-2025-54781 (Himmelblau is an interoperability suite for Microsoft Azure 
Entra ID a ...)
-       TODO: check
+       NOT-FOR-US: Himmelblau
 CVE-2025-54424 (1Panel is a web interface and MCP Server that manages 
websites, files, ...)
-       TODO: check
+       NOT-FOR-US: 1Panel
 CVE-2025-54386 (Traefik is an HTTP reverse proxy and load balancer. In 
versions 2.11.2 ...)
        - traefik <itp> (bug #983289)
 CVE-2025-54136 (Cursor is a code editor built for programming with AI. In 
versions 1.2 ...)
-       TODO: check
+       NOT-FOR-US: Cursor
 CVE-2025-54133 (Cursor is a code editor built for programming with AI. In 
versions 1.1 ...)
-       TODO: check
+       NOT-FOR-US: Cursor
 CVE-2025-54132 (Cursor is a code editor built for programming with AI. In 
versions bel ...)
-       TODO: check
+       NOT-FOR-US: Cursor
 CVE-2025-54131 (Cursor is a code editor built for programming with AI. In 
versions bel ...)
-       TODO: check
+       NOT-FOR-US: Cursor
 CVE-2025-4588 (The 360 Photo Spheres plugin for WordPress is vulnerable to 
Stored Cro ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-13978 (A vulnerability was found in LibTIFF up to 4.7.0. It has been 
declared ...)
@@ -59,27 +59,27 @@ CVE-2013-10059 (An authenticated OS command injection 
vulnerability exists in va
 CVE-2013-10058 (An authenticated OS command injection vulnerability exists in 
variousL ...)
        NOT-FOR-US: Linksys
 CVE-2013-10057 (A stack-based buffer overflow vulnerability exists 
inSynactisPDF In-Th ...)
-       TODO: check
+       NOT-FOR-US: Synactis
 CVE-2013-10055 (An unauthenticated arbitrary file upload vulnerability exists 
in Haval ...)
-       TODO: check
+       NOT-FOR-US: Havalite CMS
 CVE-2013-10053 (A remote command execution vulnerability exists in ZPanel 
version 10.0 ...)
-       TODO: check
+       NOT-FOR-US: ZPanel
 CVE-2013-10051 (A remote PHP code execution vulnerability exists in InstantCMS 
version ...)
-       TODO: check
+       NOT-FOR-US: InstantCMS
 CVE-2013-10050 (An OS command injection vulnerability exists in multiple 
D-Link router ...)
        NOT-FOR-US: D-Link
 CVE-2013-10049 (An OS command injection vulnerability exists in multiple 
Raidsonic NAS ...)
-       TODO: check
+       NOT-FOR-US: Raidsonic NAS
 CVE-2013-10048 (An OS command injection vulnerability exists in various legacy 
D-Link  ...)
        NOT-FOR-US: D-Link
 CVE-2013-10047 (An unrestricted file upload vulnerability exists in MiniWeb 
HTTP Serve ...)
-       TODO: check
+       NOT-FOR-US: MiniWeb HTTP Server
 CVE-2013-10046 (A local privilege escalation vulnerability exists in Agnitum 
Outpost I ...)
-       TODO: check
+       NOT-FOR-US: Agnitum Outpost Internet Security
 CVE-2013-10044 (An authenticated SQL injection vulnerability exists in OpenEMR 
\u2264  ...)
        NOT-FOR-US: OpenEMR
 CVE-2012-10022 (Kloxo versions 6.1.12 and earlier contain two setuid root 
binaries\u20 ...)
-       TODO: check
+       NOT-FOR-US: Kloxo
 CVE-2025-8480 (Alpine iLX-507 Command Injection Remote Code Execution. This 
vulnerabi ...)
        NOT-FOR-US: Alpine iLX-507
 CVE-2025-8477 (Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote 
Code E ...)
@@ -177,25 +177,25 @@ CVE-2025-45150 (Insecure permissions in 
LangChain-ChatGLM-Webui commit ef829 all
 CVE-2025-44139 (Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File 
with Dan ...)
        NOT-FOR-US: Emlog Pro
 CVE-2025-41376 (A SQL injection vulnerability has been found in Gandia Integra 
Total o ...)
-       TODO: check
+       NOT-FOR-US: Gandia Integra Total of TESI
 CVE-2025-41375 (A SQL injection vulnerability has been found in Gandia Integra 
Total o ...)
-       TODO: check
+       NOT-FOR-US: Gandia Integra Total of TESI
 CVE-2025-41374 (A SQL injection vulnerability has been found in Gandia Integra 
Total o ...)
-       TODO: check
+       NOT-FOR-US: Gandia Integra Total of TESI
 CVE-2025-41373 (A SQL injection vulnerability has been found in Gandia Integra 
Total o ...)
-       TODO: check
+       NOT-FOR-US: Gandia Integra Total of TESI
 CVE-2025-41372 (A SQL injection vulnerability has been found in Gandia Integra 
Total o ...)
-       TODO: check
+       NOT-FOR-US: Gandia Integra Total of TESI
 CVE-2025-41371 (A SQL injection vulnerability has been found in Gandia Integra 
Total o ...)
-       TODO: check
+       NOT-FOR-US: Gandia Integra Total of TESI
 CVE-2025-41370 (A SQL injection vulnerability has been found in Gandia Integra 
Total o ...)
-       TODO: check
+       NOT-FOR-US: Gandia Integra Total of TESI
 CVE-2025-33118 (IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable 
to stor ...)
        NOT-FOR-US: IBM
 CVE-2025-2824 (IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 
9.0.0.1 ...)
        NOT-FOR-US: IBM
 CVE-2023-44976 (Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local 
users to ter ...)
-       TODO: check
+       NOT-FOR-US: Hangzhou Shunwang Rentdrv2
 CVE-2023-32256 (A flaw was found in the Linux kernel's ksmbd component. A race 
conditi ...)
        - linux 6.3.7-1
        [bookworm] - linux 6.1.37-1
@@ -233,7 +233,7 @@ CVE-2025-5947 (The Service Finder Bookings plugin for 
WordPress is vulnerable to
 CVE-2025-5921 (The SureForms  WordPress plugin before 1.7.2 does not sanitise 
and esc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-54939 (LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an 
lsquic_engine_pack ...)
-       TODO: check
+       NOT-FOR-US: LiteSpeed QUIC (LSQUIC) Library
 CVE-2025-54847
        REJECTED
 CVE-2025-54846
@@ -261,7 +261,7 @@ CVE-2025-45768 (pyjwt v2.10.1 was discovered to contain 
weak encryption.)
 CVE-2025-31716 (In bootloader, there is a possible out of bounds write due to 
a missin ...)
        NOT-FOR-US: Unisoc
 CVE-2025-23289 (NVIDIA Omniverse Launcher for Windows and Linux contains a 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Omniverse Launcher
 CVE-2025-48073 (OpenEXR provides the specification and reference 
implementation of the ...)
        - openexr <not-affected> (Vulnerable code introduced later)
        NOTE: Introduced with: 
https://github.com/AcademySoftwareFoundation/openexr/commit/2cbed131364fb8b1bc356940a5a4294f01f02a17
 (v3.3.0-rc0)
@@ -466731,9 +466731,9 @@ CVE-2019-19147
 CVE-2019-19146
        RESERVED
 CVE-2019-19145 (Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to 
access  ...)
-       TODO: check
+       NOT-FOR-US: Quantum SuperLoader
 CVE-2019-19144 (XML External Entity Injection vulnerability in Quantum DXi6702 
2.3.0.3 ...)
-       TODO: check
+       NOT-FOR-US: Quantum DXi6702
 CVE-2019-19143 (TP-LINK TL-WR849N 0.9.1 4.16 devices do not require 
authentication to  ...)
        NOT-FOR-US: TP-Link
 CVE-2019-19142 (Intelbras WRN240 devices do not require authentication to 
replace the  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78e432621f04585154f906b61789aa4012917413

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78e432621f04585154f906b61789aa4012917413
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to