Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65adea1b by Salvatore Bonaccorso at 2025-08-07T10:24:08+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-8086
REJECTED
CVE-2025-7770 (Tigo Energy's CCA device is vulnerable to insecure session ID
generati ...)
- TODO: check
+ NOT-FOR-US: Tigo Energy CCA device
CVE-2025-7769 (Tigo Energy's CCA is vulnerable to a command injection
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Tigo Energy CCA device
CVE-2025-7768 (Tigo Energy's Cloud Connect Advanced (CCA) device contains
hard-coded ...)
- TODO: check
+ NOT-FOR-US: Tigo Energy CCA device
CVE-2025-6634 (A maliciously crafted TGA file, when linked or imported into
Autodesk ...)
NOT-FOR-US: Autodesk
CVE-2025-6633 (A maliciously crafted RBG file, when parsed through Autodesk
3ds Max, ...)
@@ -13,61 +13,61 @@ CVE-2025-6633 (A maliciously crafted RBG file, when parsed
through Autodesk 3ds
CVE-2025-6632 (A maliciously crafted PSD file, when linked or imported into
Autodesk ...)
NOT-FOR-US: Autodesk
CVE-2025-54885 (Thinbus Javascript Secure Remote Password is a browser SRP6a
implement ...)
- TODO: check
+ NOT-FOR-US: Thinbus Javascript Secure Remote Password
CVE-2025-54882 (Himmelblau is an interoperability suite for Microsoft Azure
Entra ID a ...)
- TODO: check
+ NOT-FOR-US: Himmelblau
CVE-2025-54799 (Let's Encrypt client and ACME library written in Go (Lego). In
version ...)
TODO: check
CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In
versions ...)
TODO: check
CVE-2025-54788 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2025-54786 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2025-54785 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2025-54784 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2025-54783 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2025-51058 (Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to
Server-sid ...)
- TODO: check
+ NOT-FOR-US: Bottinelli Informatical Vedo Suite
CVE-2025-51057 (A local file inclusion (LFI) vulnerability in Vedo Suite
version 2024. ...)
- TODO: check
+ NOT-FOR-US: Bottinelli Informatical Vedo Suite
CVE-2025-51056 (An unrestricted file upload vulnerability in Vedo Suite
version 2024.1 ...)
- TODO: check
+ NOT-FOR-US: Bottinelli Informatical Vedo Suite
CVE-2025-51055 (Insecure Data Storage of credentials has been found in
/api_vedo/confi ...)
- TODO: check
+ NOT-FOR-US: Bottinelli Informatical Vedo Suite
CVE-2025-51054 (Vedo Suite 2024.17 is vulnerable to Incorrect Access Control,
which al ...)
- TODO: check
+ NOT-FOR-US: Bottinelli Informatical Vedo Suite
CVE-2025-51053 (A Cross-site scripting (XSS) vulnerability in /api_vedo/ in
Vedo Suite ...)
- TODO: check
+ NOT-FOR-US: Bottinelli Informatical Vedo Suite
CVE-2025-51052 (A path traversal vulnerability in Vedo Suite 2024.17 allows
remote aut ...)
- TODO: check
+ NOT-FOR-US: Bottinelli Informatical Vedo Suite
CVE-2025-50740 (AutoConnect 1.4.2, an Arduino library, is vulnerable to a
cross site s ...)
- TODO: check
+ NOT-FOR-US: AutoConnect
CVE-2025-47908 (Middleware causes a prohibitive amount of heap allocations
when proces ...)
TODO: check
CVE-2025-46660 (An issue was discovered in 4C Strategies Exonaut 21.6.
Passwords, stor ...)
- TODO: check
+ NOT-FOR-US: 4C Strategies
CVE-2025-46659 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut
21.6. I ...)
- TODO: check
+ NOT-FOR-US: 4C Strategies
CVE-2025-3770 (EDK2 contains a vulnerability in BIOS where an attacker may
cause \u20 ...)
TODO: check
CVE-2025-35970 (On multiple products of SEIKO EPSON and FUJIFILM Corporation,
the init ...)
- TODO: check
+ NOT-FOR-US: SEIKO EPSON and FUJIFILM Corporation products
CVE-2025-32094 (An issue was discovered in Akamai Ghost, as used for the
Akamai CDN pl ...)
- TODO: check
+ NOT-FOR-US: Akamai
CVE-2025-29866 (: External Control of File Name or Path vulnerability in
TAGFREE X-Fre ...)
- TODO: check
+ NOT-FOR-US: TAGFREE X-Free Uploader XFU
CVE-2025-29865 (: Improper Limitation of a Pathname to a Restricted Directory
('Path T ...)
- TODO: check
+ NOT-FOR-US: TAGFREE X-Free Uploader XFU
CVE-2024-55402 (4C Strategies Exonaut before v22.4 was discovered to contain
an access ...)
- TODO: check
+ NOT-FOR-US: 4C Strategies
CVE-2024-55399 (4C Strategies Exonaut before v21.6.2.1-1 was discovered to
contain a S ...)
- TODO: check
+ NOT-FOR-US: 4C Strategies
CVE-2024-55398 (4C Strategies Exonaut before v22.4 was discovered to contain
insecure ...)
- TODO: check
+ NOT-FOR-US: 4C Strategies
CVE-2023-3194
REJECTED
CVE-2025-8667 (A vulnerability, which was classified as critical, was found in
Skywor ...)
@@ -131,7 +131,7 @@ CVE-2025-45766 (poco v1.14.1-release was discovered to
contain weak encryption.)
NOTE: https://github.com/pocoproject/poco/issues/4921
TODO: check upstream status, might not be a bug in poco
CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption.
NOTE: thi ...)
- TODO: check
+ NOT-FOR-US: jsrsasign
CVE-2025-3354 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20
is vulne ...)
NOT-FOR-US: IBM
CVE-2025-3320 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20
is vulne ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65adea1b35648c19f4114ac1b689618070320a2b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65adea1b35648c19f4114ac1b689618070320a2b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
