[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 13 Aug 2025 13:24:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cec9826a by Salvatore Bonaccorso at 2025-08-13T22:23:59+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,21 +27,21 @@ CVE-2025-8916 (Allocation of Resources Without Limits or 
Throttling vulnerabilit
        NOTE: Fixed by: 
https://github.com/bcgit/bc-java/commit/310b30a4fbf36d13f6cc201ffa7771715641e67e
 (r1rv79)
        NOTE: Fixed by: 
https://github.com/bcgit/bc-java/commit/ff444a479942d88de64004dc82c3ee32a9e9075a
 (r1rv79)
 CVE-2025-8914 (Organization Portal System developed by WellChoose has a SQL 
Injection ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2025-8913 (Organization Portal System developed by WellChoose has a Local 
File In ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2025-8912 (Organization Portal System developed by WellChoose has an 
Arbitrary Fi ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2025-8911 (Organization Portal System developed by WellChoose has a 
Reflected Cro ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2025-8910 (Organization Portal System developed by WellChoose has a 
Reflected Cro ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2025-8909 (Organization Portal System developed by WellChoose has an 
Arbitrary Fi ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2025-8908 (A vulnerability was determined in Shanghai Lingdang Information 
Techno ...)
-       TODO: check
+       NOT-FOR-US: Shanghai Lingdang Information Technology Lingdang CRM
 CVE-2025-8907 (A vulnerability was found in H3C M2 NAS V100R006. Affected by 
this vul ...)
-       TODO: check
+       NOT-FOR-US: H3C
 CVE-2025-8904 (Amazon EMR Secret Agent creates a keytab file containing 
Kerberos cred ...)
        NOT-FOR-US: Amazon
 CVE-2025-8770 (An issue has been discovered in GitLab EE affecting all 
versions from  ...)
@@ -63,9 +63,9 @@ CVE-2025-55668 (Session Fixation vulnerability in Apache 
Tomcat via rewrite valv
 CVE-2025-55345 (Using Codex CLI in workspace-write mode inside a malicious 
context (re ...)
        TODO: check
 CVE-2025-55280 (This vulnerability exists in ZKTeco WL20 due to storage of 
Wi-Fi crede ...)
-       TODO: check
+       NOT-FOR-US: ZKTeco
 CVE-2025-55279 (This vulnerability exists in ZKTeco WL20 due to hard-coded 
private key ...)
-       TODO: check
+       NOT-FOR-US: ZKTeco
 CVE-2025-55163 (Netty is an asynchronous, event-driven network application 
framework.  ...)
        TODO: check
 CVE-2025-55160 (ImageMagick is free and open-source software used for editing 
and mani ...)
@@ -77,27 +77,27 @@ CVE-2025-55005 (ImageMagick is free and open-source 
software used for editing an
 CVE-2025-55004 (ImageMagick is free and open-source software used for editing 
and mani ...)
        TODO: check
 CVE-2025-54809 (F5 Access for Android before version 3.1.2 which uses HTTPS 
does not v ...)
-       TODO: check
+       NOT-FOR-US: F5 Access for Android
 CVE-2025-54791 (OMERO.web provides a web based client and plugin 
infrastructure. Prior ...)
-       TODO: check
+       NOT-FOR-US: OMERO.web
 CVE-2025-54500 (An HTTP/2 implementation flaw allows a denial-of-service (DoS) 
that us ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2025-54465 (This vulnerability exists in ZKTeco WL20 due to hard-coded 
MQTT creden ...)
-       TODO: check
+       NOT-FOR-US: ZKTeco
 CVE-2025-54464 (This vulnerability exists in ZKTeco WL20 due to storage of 
admin and u ...)
-       TODO: check
+       NOT-FOR-US: ZKTeco
 CVE-2025-54382 (Cherry Studio is a desktop client that supports for multiple 
LLM provi ...)
-       TODO: check
+       NOT-FOR-US: Cherry Studio
 CVE-2025-54074 (Cherry Studio is a desktop client that supports for multiple 
LLM provi ...)
-       TODO: check
+       NOT-FOR-US: Cherry Studio
 CVE-2025-52585 (When a BIG-IP LTM Client SSL profile is configured on a 
virtual server ...)
        NOT-FOR-US: F5
 CVE-2025-52392 (Soosyze CMS 2.0 allows brute-force login attacks via the 
/user/login e ...)
-       TODO: check
+       NOT-FOR-US: Soosyze CMS
 CVE-2025-52386 (CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection 
via a c ...)
-       TODO: check
+       NOT-FOR-US: CycloneDX Sunshine
 CVE-2025-52385 (An issue in Studio 3T v.2025.1.0 and before allows a remote 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: Studio 3T
 CVE-2025-51691 (Cross-Site Scripting (XSS) vulnerability found in MarkTwo 
commit e3a1d ...)
        TODO: check
 CVE-2025-51452 (In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker 
can byp ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec9826a5c6159b92b918accbf076b995da9e867

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec9826a5c6159b92b918accbf076b995da9e867
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to