[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) Wed, 17 Sep 2025 11:31:01 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5cbad409 by Salvatore Bonaccorso at 2025-09-16T22:35:02+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72,41 +72,41 @@ CVE-2025-56263 (by-night sms V1.0 has an Arbitrary File 
Upload vulnerability. Th
 CVE-2025-55834 (A Cross Site Scripting vulnerability in JeeWMS v.3.7 and 
before allows ...)
        NOT-FOR-US: JeeWMS
 CVE-2025-55118 (Memory corruptions can be remotely triggered in the 
Control-M/Agent wh ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55117 (A stack-based buffer overflow can be remotely triggered when 
formattin ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55116 (A buffer overflow in the Control-M/Agent can lead to a local 
privilege ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55115 (A path traversal in the Control-M/Agent can lead to a local 
privilege  ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55114 (The improper order of AUTHORIZED_CTM_IP validation in the 
Control-M/Ag ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55113 (If the Access Control List is enforced by the Control-M/Agent 
and the  ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55112 (Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and 
potentia ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55111 (Certain files with overly permissive permissions were 
identified in th ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55110 (Control-M/Agents use a kdb or PKCS#12 keystore by default, and 
the def ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-55109 (An authentication bypass vulnerability exists in the 
out-of-support Co ...)
-       TODO: check
+       NOT-FOR-US: Control-M/Agent
 CVE-2025-54262 (Substance3D - Stager versions 3.1.3 and earlier are affected 
by an out ...)
        NOT-FOR-US: Adobe
 CVE-2025-54237 (Substance3D - Stager versions 3.1.3 and earlier are affected 
by an out ...)
        NOT-FOR-US: Adobe
 CVE-2025-52044 (In Frappe ERPNext v15.57.5, the function get_stock_balance() 
at erpnex ...)
-       TODO: check
+       NOT-FOR-US: Frappe ERPNext
 CVE-2025-4953 (A flaw was found in Podman. In a Containerfile or Podman, data 
written ...)
        TODO: check
 CVE-2025-4688 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: BGS Interactive SINAV.LINK Exam Result Module
 CVE-2025-49728 (Cleartext storage of sensitive information in Microsoft PC 
Manager all ...)
        NOT-FOR-US: Microsoft
 CVE-2025-47967 (Insufficient ui warning of dangerous operations in Microsoft 
Edge for  ...)
        NOT-FOR-US: Microsoft
 CVE-2025-44034 (SQL injection vulnerability in oa_system oasys v.1.1 allows a 
remote a ...)
-       TODO: check
+       NOT-FOR-US: oa_system oasys
 CVE-2025-43801 (Unchecked input for loop condition vulnerability in XML-RPC in 
Liferay ...)
        NOT-FOR-US: Liferay
 CVE-2025-41249 (The Spring Framework annotation detection mechanism may not 
correctly  ...)
@@ -251,19 +251,19 @@ CVE-2025-39805 (In the Linux kernel, the following 
vulnerability has been resolv
 CVE-2025-36244 (IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to 
use Kerber ...)
        NOT-FOR-US: IBM
 CVE-2025-34187 (Ilevia EVE X1/X5 Server version \u2264 4.7.18.0.eden contains 
a miscon ...)
-       TODO: check
+       NOT-FOR-US: Ilevia EVE X1/X5 Server
 CVE-2025-34186 (Ilevia EVE X1/X5 Server version \u2264 4.7.18.0.eden contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: Ilevia EVE X1/X5 Server
 CVE-2025-34185 (Ilevia EVE X1 Server version \u2264 4.7.18.0.eden contains a 
pre-authe ...)
-       TODO: check
+       NOT-FOR-US: Ilevia EVE X1 Server
 CVE-2025-34184 (Ilevia EVE X1 Server version \u2264 4.7.18.0.eden contains an 
unauthen ...)
-       TODO: check
+       NOT-FOR-US: Ilevia EVE X1 Server
 CVE-2025-34183 (Ilevia EVE X1 Server version \u2264 4.7.18.0.eden contains a 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Ilevia EVE X1 Server
 CVE-2025-30075 (In Alludo MindManager before 25.0.208 on Windows, attackers 
could pote ...)
-       TODO: check
+       NOT-FOR-US: Alludo MindManager
 CVE-2025-2404 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: STOYS
 CVE-2025-26711 (There is an unauthorized access vulnerability in ZTE T5400. 
Due to imp ...)
        NOT-FOR-US: ZTE
 CVE-2025-26710 (There is an an information disclosure vulnerability in ZTE 
T5400. Due  ...)
@@ -275,7 +275,7 @@ CVE-2025-10563 (A vulnerability has been found in Campcodes 
Grocery Sales and In
 CVE-2025-10562 (A flaw has been found in Campcodes Grocery Sales and Inventory 
System  ...)
        NOT-FOR-US: Campcodes
 CVE-2025-10546 (This vulnerability exist in PPC 2K15X Router, due to improper 
input va ...)
-       TODO: check
+       NOT-FOR-US: PPC 2K15X Router
 CVE-2025-10492 (A Java deserialisation vulnerability has been discovered in 
Jaspersoft ...)
        TODO: check
 CVE-2025-10316 (The extension "Form to Database" is susceptible to Cross-Site 
Scriptin ...)
@@ -289,11 +289,11 @@ CVE-2025-10015 (The Sparkle frameworkincludes an XPC 
service Downloader.xpc, by
 CVE-2024-13174 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        TODO: check
 CVE-2024-13149 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Arma Store Armalife
 CVE-2024-12913 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Megatek Communication System Azora Azora Wireless Network 
Management
 CVE-2024-12796 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: Holistic IT, Consultancy Coop. Workcube ERP
 CVE-2021-47687
        REJECTED
 CVE-2021-47686
@@ -489,7 +489,7 @@ CVE-2019-25163
 CVE-2009-20007 (Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer 
overflow ...)
        TODO: check
 CVE-2009-20006 (osCommerce versions up to and including 2.2 RC2a contain a 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: osCommerce
 CVE-2009-20005 (A stack-based buffer overflow exists in the UtilConfigHome.csp 
endpoin ...)
        TODO: check
 CVE-2023-53334 (In the Linux kernel, the following vulnerability has been 
resolved:  U ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cbad409c6f8e38296b0cb5a3c228a6e07f81db0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cbad409c6f8e38296b0cb5a3c228a6e07f81db0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process more NFUs

Reply via email to