[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 18 Aug 2025 13:23:31 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
52d6179a by Salvatore Bonaccorso at 2025-08-18T22:22:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,43 +17,43 @@ CVE-2025-55585 (TOTOLINK A3002R v4.0.0-B20230531.1404 was 
discovered to contain
 CVE-2025-55584 (TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to 
contain insecu ...)
        NOT-FOR-US: TOTOLINK
 CVE-2025-55300 (Komari is a lightweight, self-hosted server monitoring tool 
designed t ...)
-       TODO: check
+       NOT-FOR-US: Komari
 CVE-2025-55299 (VaulTLS is a modern solution for managing mTLS (mutual TLS) 
certificat ...)
-       TODO: check
+       NOT-FOR-US: VaulTLS
 CVE-2025-55296 (librenms is a community-based GPL-licensed network monitoring 
system.  ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2025-55293 (Meshtastic is an open source mesh networking solution. Prior 
to v2.6.3 ...)
-       TODO: check
+       NOT-FOR-US: Meshtastic
 CVE-2025-55291 (Shaarli is a minimalist bookmark manager and link sharing 
service. Pri ...)
        - shaarli <unfixed>
        NOTE: 
https://github.com/shaarli/Shaarli/security/advisories/GHSA-7w7w-pw4j-265h
        NOTE: 
https://github.com/shaarli/Shaarli/commit/66faa61335a6e72184be64092ff1242ffa4fe5b6
 (v0.15.0)
 CVE-2025-55288 (Genealogy is a family tree PHP application. Prior to 4.4.0, 
Authentica ...)
-       TODO: check
+       NOT-FOR-US: Genealogy
 CVE-2025-55287 (Genealogy is a family tree PHP application. Prior to 4.4.0, 
Authentica ...)
-       TODO: check
+       NOT-FOR-US: Genealogy
 CVE-2025-55283 (aiven-db-migrate is an Aiven database migration tool. Prior to 
1.0.7,  ...)
-       TODO: check
+       NOT-FOR-US: Aiven database migration tool
 CVE-2025-55282 (aiven-db-migrate is an Aiven database migration tool. Prior to 
1.0.7,  ...)
-       TODO: check
+       NOT-FOR-US: Aiven database migration tool
 CVE-2025-55214 (Copier library and CLI app for rendering project templates. 
From 7.1.0 ...)
        TODO: check
 CVE-2025-55213 (OpenFGA is a high-performance and flexible 
authorization/permission en ...)
-       TODO: check
+       NOT-FOR-US: OpenFGA
 CVE-2025-55205 (Capsule is a multi-tenancy and policy-based framework for 
Kubernetes.  ...)
        TODO: check
 CVE-2025-55201 (Copier library and CLI app for rendering project templates. 
Prior to 9 ...)
        TODO: check
 CVE-2025-54421 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
-       TODO: check
+       NOT-FOR-US: NamelessMC
 CVE-2025-54234 (ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are 
affected  ...)
        NOT-FOR-US: Adobe
 CVE-2025-54118 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
-       TODO: check
+       NOT-FOR-US: NamelessMC
 CVE-2025-54117 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
-       TODO: check
+       NOT-FOR-US: NamelessMC
 CVE-2025-4962 (An Insecure Direct Object Reference (IDOR) vulnerability was 
identifie ...)
-       TODO: check
+       NOT-FOR-US: lunary-ai/lunary
 CVE-2025-47206 (An out-of-bounds write vulnerability has been reported to 
affect File  ...)
        NOT-FOR-US: QNAP
 CVE-2025-43733 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
@@ -73,7 +73,7 @@ CVE-2025-33100 (IBM Concert Software 1.0.0 through 1.1.0   
contains hard-coded c
 CVE-2025-33090 (IBM Concert Software 1.0.0 through 1.1.0 could allow a remote 
attacker ...)
        NOT-FOR-US: IBM
 CVE-2025-32992 (Thermo Fisher Scientific ePort through 3.0.0 has Incorrect 
Access Cont ...)
-       TODO: check
+       NOT-FOR-US: Thermo Fisher Scientific ePort
 CVE-2025-27909 (IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin 
resource sh ...)
        NOT-FOR-US: IBM
 CVE-2025-1759 (IBM Concert Software 1.0.0 through 1.1.0 could allow a remote 
attacker ...)
@@ -34680,7 +34680,7 @@ CVE-2025-32982 (NETSCOUT nGeniusONE before 6.4.0 b2350 
has a Broken Authorizatio
 CVE-2025-32981 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to 
leverage  ...)
        NOT-FOR-US: NETSCOUT
 CVE-2025-32980 (NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo 
Configurati ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT nGeniusONE
 CVE-2025-32979 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File 
Creation  ...)
        NOT-FOR-US: NETSCOUT
 CVE-2025-2907 (The Order Delivery Date WordPress plugin before 12.3.1 does not 
have a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52d6179a9cecdaace87f989ea708a70465e0e750

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52d6179a9cecdaace87f989ea708a70465e0e750
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to