[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 03 Sep 2025 00:13:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
647fc323 by Salvatore Bonaccorso at 2025-09-03T08:56:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,25 +9,25 @@ CVE-2025-9784 (A flaw was found in Undertow where malformed 
client requests can
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2392306
        NOTE: Dedicated CVE for undertow for the "MadeYouReset" DoS attack
 CVE-2025-9696 (The SunPower PVS6's BluetoothLE interface is vulnerable due to 
its use ...)
-       TODO: check
+       NOT-FOR-US: SunPower PVS6's BluetoothLE interface
 CVE-2025-9573 (The ns_backup extension through 13.0.2 for TYPO3 allows command 
inject ...)
-       TODO: check
+       NOT-FOR-US: Typo3 extension
 CVE-2025-9276 (Cockroach Labs cockroach-k8s-request-cert Empty Root Password 
Authenti ...)
-       TODO: check
+       NOT-FOR-US: Cockroach Labs cockroach-k8s-request-cert
 CVE-2025-9275 (Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds 
Write  ...)
-       TODO: check
+       NOT-FOR-US: Oxford Instruments Imaris Viewer
 CVE-2025-9274 (Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized 
Pointe ...)
-       TODO: check
+       NOT-FOR-US: Oxford Instruments Imaris Viewer
 CVE-2025-9273 (CData API Server MySQL Misconfiguration Information Disclosure 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: CData API Server
 CVE-2025-9189 (There is an out of bounds write vulnerability due to improper 
bounds c ...)
        NOT-FOR-US: National Instruments
 CVE-2025-9188 (There is a deserialization of untrusted data vulnerability in 
Digilent ...)
        NOT-FOR-US: National Instruments
 CVE-2025-8614 (NoMachine Uncontrolled Search Path Element Local Privilege 
Escalation  ...)
-       TODO: check
+       NOT-FOR-US: NoMachine
 CVE-2025-8613 (Vacron Camera ping Command Injection Remote Code Execution 
Vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Vacron Camera
 CVE-2025-8302 (Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer 
Overflow Lo ...)
        TODO: check
 CVE-2025-8301 (Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY 
Heap-bas ...)
@@ -39,15 +39,15 @@ CVE-2025-8299 (Realtek rtl81xx SDK Wi-Fi Driver 
MgntActSet_TEREDO_SET_RS_PACKET
 CVE-2025-8298 (Realtek RTL8811AU rtwlanu.sys 
N6CQueryInformationHandleCustomized11nOi ...)
        TODO: check
 CVE-2025-7976 (Anritsu ShockLine CHX File Parsing Deserialization of Untrusted 
Data R ...)
-       TODO: check
+       NOT-FOR-US: Anritsu ShockLine
 CVE-2025-7975 (Anritsu ShockLine CHX File Parsing Directory Traversal Remote 
Code Exe ...)
-       TODO: check
+       NOT-FOR-US: Anritsu ShockLine
 CVE-2025-7974 (rocket.chat Incorrect Authorization Information Disclosure 
Vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Rocket.Chat
 CVE-2025-6685 (ATEN eco DC Missing Authorization Privilege Escalation 
Vulnerability.  ...)
-       TODO: check
+       NOT-FOR-US: ATEN
 CVE-2025-6519 (E3 Site Supervisor (firmware version < 2.31F01) has a default 
admin us ...)
-       TODO: check
+       NOT-FOR-US: E3 Site Supervisor
 CVE-2025-5662 (A deserialization vulnerability exists in the H2O-3 REST API 
(POST /99 ...)
        TODO: check
 CVE-2025-57778 (There is an out of bounds write vulnerability due to improper 
bounds c ...)
@@ -189,7 +189,7 @@ CVE-2025-9795 (A vulnerability has been found in xujeff 
tianti \u5929\u68af up t
 CVE-2025-9794 (A flaw has been found in Campcodes Computer Sales and Inventory 
System ...)
        NOT-FOR-US: Campcodes
 CVE-2025-8662 (OpenAM (OpenAM Consortium Edition) contains a vulnerability 
that may c ...)
-       TODO: check
+       NOT-FOR-US: OpenAM
 CVE-2025-58421
        REJECTED
 CVE-2025-58420
@@ -207,13 +207,13 @@ CVE-2025-58415
 CVE-2025-58414
        REJECTED
 CVE-2025-58178 (SonarQube Server and Cloud is a static analysis solution for 
continuou ...)
-       TODO: check
+       NOT-FOR-US: SonarQube
 CVE-2025-58162 (MobSF is a mobile application security testing tool used. In 
version 4 ...)
-       TODO: check
+       NOT-FOR-US: MobSF
 CVE-2025-58161 (MobSF is a mobile application security testing tool used. In 
version 4 ...)
-       TODO: check
+       NOT-FOR-US: MobSF
 CVE-2025-57808 (ESPHome is a system to control microcontrollers remotely 
through Home  ...)
-       TODO: check
+       NOT-FOR-US: ESPHome
 CVE-2025-44017 ("Gunosy" App contains a vulnerability where sensitive 
information may  ...)
        TODO: check
 CVE-2024-28988 (SolarWinds Web Help Desk was found to be susceptible to a Java 
Deseria ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/647fc323de0dc6b3d814955c6f561a7f95a8a1dd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/647fc323de0dc6b3d814955c6f561a7f95a8a1dd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to