[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 06 Aug 2025 13:45:58 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ec9c0919 by Salvatore Bonaccorso at 2025-08-06T22:45:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,35 +13,35 @@ CVE-2025-8130
 CVE-2025-7771 (ThrottleStop.sys, a legitimate driver, exposes two IOCTL 
interfaces th ...)
        NOT-FOR-US: ThrottleStop.sys
 CVE-2025-7202 (A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and 
related ...)
-       TODO: check
+       NOT-FOR-US: Elgato Key Light firmware
 CVE-2025-6013 (Vault and Vault Enterprise\u2019s (\u201cVault\u201d) ldap auth 
method ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2025-5197 (A Regular Expression Denial of Service (ReDoS) vulnerability 
exists in ...)
-       TODO: check
+       NOT-FOR-US: huggingface/transformers
 CVE-2025-53786 (On April 18th 2025, Microsoft announced Exchange Server 
Security Chang ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-51624 (Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 
3.4.0.)
-       TODO: check
+       NOT-FOR-US: Zone Bitaqati
 CVE-2025-51532 (Incorrect access control in Sage DPW v2024.12.003 allows 
unauthorized  ...)
-       TODO: check
+       NOT-FOR-US: Sage DPW
 CVE-2025-51531 (A reflected cross-site scripting (XSS) vulnerability in Sage 
DPW v2024 ...)
-       TODO: check
+       NOT-FOR-US: Sage DPW
 CVE-2025-51308 (In Gatling Enterprise versions below 1.25.0, a low-privileged 
user tha ...)
-       TODO: check
+       NOT-FOR-US: Gatling Enterprise
 CVE-2025-51306 (In Gatling Enterprise versions below 1.25.0, a user 
logging-out can st ...)
-       TODO: check
+       NOT-FOR-US: Gatling Enterprise
 CVE-2025-51040 (Electrolink FM/DAB/TV Transmitter Web Management System 
Unauthorized a ...)
-       TODO: check
+       NOT-FOR-US: Electrolink FM/DAB/TV Transmitter
 CVE-2025-50286 (A Remote Code Execution (RCE) vulnerability in Grav CMS 
v1.7.48 allows ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2025-50234 (MCCMS v2.7.0 has an SSRF vulnerability located in the index() 
method o ...)
-       TODO: check
+       NOT-FOR-US: MCCMS
 CVE-2025-50233 (A vulnerability in QCMS version 6.0.5 allows authenticated 
users to re ...)
-       TODO: check
+       NOT-FOR-US: QCMS
 CVE-2025-48394 (An attacker with authenticated and privileged access could 
modify the  ...)
-       TODO: check
+       NOT-FOR-US: Eaton
 CVE-2025-48393 (The server identity check mechanism for firmware upgrade 
performed via ...)
-       TODO: check
+       NOT-FOR-US: Eaton
 CVE-2025-46391 (CWE-284: Improper Access Control)
        TODO: check
 CVE-2025-46390 (CWE-204: Observable Response Discrepancy)
@@ -69,57 +69,57 @@ CVE-2025-38746 (Dell SupportAssist OS Recovery, versions 
prior to 5.5.14.0, cont
 CVE-2025-36020 (IBM Guardium Data Protection could allow a remote attacker to 
obtain s ...)
        NOT-FOR-US: IBM
 CVE-2025-30127 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 
devices. Onc ...)
-       TODO: check
+       NOT-FOR-US: Marbella KR8s Dashcam FF
 CVE-2025-2028 (Lack of TLS validation when downloading a CSV file including 
mapping f ...)
        TODO: check
 CVE-2025-23335 (NVIDIA Triton Inference Server for Windows and Linux and the 
Tensor RT ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23334 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23333 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23331 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23327 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23326 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23325 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23324 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23323 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23322 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23321 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23320 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23319 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23318 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23317 (NVIDIA Triton Inference Server contains a vulnerability in the 
HTTP se ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23311 (NVIDIA Triton Inference Server contains a vulnerability where 
an attac ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23310 (NVIDIA Triton Inference Server for Windows and Linux contains 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-22470 (CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the 
firmware versio ...)
-       TODO: check
+       NOT-FOR-US: CL4/6NX Plus and CL4/6NX-J Plus (Japan model)
 CVE-2025-22469 (OS command injection vulnerability exists in CL4/6NX Plus and 
CL4/6NX- ...)
-       TODO: check
+       NOT-FOR-US: CL4/6NX Plus and CL4/6NX-J Plus (Japan model)
 CVE-2025-20332 (A vulnerability in the web-based management interface of Cisco 
ISE cou ...)
        NOT-FOR-US: Cisco
 CVE-2025-20331 (A vulnerability in the web-based management interface of Cisco 
ISE and ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2025-20215 (A vulnerability in the meeting-join functionality of Cisco 
Webex Meeti ...)
        NOT-FOR-US: Cisco
 CVE-2024-8244 (The filepath.Walk and filepath.WalkDir functions are documented 
as not ...)
        TODO: check
 CVE-2024-52885 (The Mobile Access Portal's File Share application is 
vulnerable to a d ...)
-       TODO: check
+       NOT-FOR-US: Mobile Access Portal
 CVE-2025-8656 (Kenwood DMX958XR Protection Mechanism Failure Software 
Downgrade Vulne ...)
        NOT-FOR-US: Kenwood
 CVE-2025-8655 (Kenwood DMX958XR libSystemLib Command injection Remote Code 
Execution  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec9c09197922e446729c5c7bde48b82ae1b7c51f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec9c09197922e446729c5c7bde48b82ae1b7c51f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to