[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 1 10:31:27 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52c75e9a by Moritz Muehlenhoff at 2025-04-01T11:31:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2025-3036 (A vulnerability, which was classified as problematic, was found i
 CVE-2025-3018 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-3017 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: TA-Lib
 CVE-2025-3016 (A vulnerability classified as problematic was found in Open Asset Impo ...)
 	TODO: check
 CVE-2025-3015 (A vulnerability classified as critical has been found in Open Asset Im ...)
@@ -491,7 +491,7 @@ CVE-2025-1986 (The Gutentor  WordPress plugin before 3.4.7 does not sanitize and
 CVE-2025-1665 (The Avada (Fusion) Builder plugin for WordPress is vulnerable to Store ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1534 (CVE-79: Improper Neutralization of Input During Web Page Generation (' ...)
-	TODO: check
+	NOT-FOR-US: Payara
 CVE-2025-1512 (The PowerPack Elementor Addons (Free Widgets, Extensions and Templates ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1267 (The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site ...)
@@ -736,9 +736,9 @@ CVE-2025-31386 (Missing Authorization vulnerability in Simplepress Simple:Press
 CVE-2025-31376 (Missing Authorization vulnerability in Mayeenul Islam NanoSupport allo ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31129 (Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.inter ...)
-	TODO: check
+	NOT-FOR-US: Jooby
 CVE-2025-31128 (gifplayer is a customizable jquery plugin to play and stop animated gi ...)
-	TODO: check
+	NOT-FOR-US: gifplayer jquery plugin
 CVE-2025-31125 (Vite is a frontend tooling framework for javascript. Vite exposes cont ...)
 	- node-vite <itp> (bug #1053782)
 CVE-2025-31124 (Zitadel is open-source identity infrastructure software. ZITADEL admin ...)
@@ -750,7 +750,7 @@ CVE-2025-31122 (scratch-coding-hut.github.io is the website for Coding Hut. In 1
 CVE-2025-31117 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2025-31116 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
-	TODO: check
+	NOT-FOR-US: Mobile Security Framework (MobSF)
 CVE-2025-30963 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -818,7 +818,7 @@ CVE-2025-2071 (A critical OS Command Injection vulnerability has been identified
 CVE-2025-29929 (Tuleap is an Open Source Suite to improve management of software devel ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-29908 (Netty QUIC codec is a QUIC codec for netty which makes use of quiche.  ...)
-	TODO: check
+	NOT-FOR-US: Netty QUIC codec
 CVE-2025-29772 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2025-29766 (Tuleap is an Open Source Suite to improve management of software devel ...)
@@ -844,7 +844,7 @@ CVE-2025-22937 (An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to e
 CVE-2025-1449 (A vulnerability exists in the Rockwell Automation Verve Asset Manager  ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-55093 (phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulne ...)
-	TODO: check
+	- phpipam <itp> (bug #731713)
 CVE-2024-12021 (Coverity versions prior to 2024.9.0 are vulnerable to stored cross-sit ...)
 	NOT-FOR-US: Black Duck
 CVE-2023-33302 (A buffer copy without checking size of input ('classic buffer overflow ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52c75e9a31a7c2bac8431c138aba5f5ba3111958

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52c75e9a31a7c2bac8431c138aba5f5ba3111958
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250401/1f54c998/attachment.htm>

More information about the debian-security-tracker-commits mailing list