[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 1 21:30:37 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88e4a8aa by Salvatore Bonaccorso at 2025-04-01T22:30:09+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-3096 (Clinic\u2019s Patient Management System versions 2.0 suffers from a SQ ...)
-	TODO: check
+	NOT-FOR-US: Clinics Patient Management System
 CVE-2025-3085 (A MongoDB server under specific conditions running on Linux with TLS a ...)
 	TODO: check
 CVE-2025-3084 (When run on commands with certain arguments set, explain may fail to v ...)
@@ -317,23 +317,23 @@ CVE-2025-31730 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-31408 (Missing Authorization vulnerability in Zoho Flow allows Exploiting Inc ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31137 (React Router is a multi-strategy router for React bridging the gap fro ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2025-31132 (Raven is an open-source messaging platform. A vulnerability allowed an ...)
-	TODO: check
+	NOT-FOR-US: Raven (not the same as src:raven)
 CVE-2025-31131 (YesWiki is a wiki system written in PHP. The squelette parameter is vu ...)
-	TODO: check
+	NOT-FOR-US: YesWiki
 CVE-2025-31121 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2025-30676 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: Apache OFBiz
 CVE-2025-30354 (Bruno is an open source IDE for exploring and testing APIs. A bug in t ...)
-	TODO: check
+	NOT-FOR-US: Bruno
 CVE-2025-30224 (MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (l ...)
 	TODO: check
 CVE-2025-30210 (Bruno is an open source IDE for exploring and testing APIs. Prior to 1 ...)
-	TODO: check
+	NOT-FOR-US: Bruno
 CVE-2025-30177 (Bypass/Injection vulnerability in Apache Camel in Camel-Undertow compo ...)
-	TODO: check
+	NOT-FOR-US: Apache Camel
 CVE-2025-2906 (The Contempo Real Estate Core plugin for WordPress is vulnerable to St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2237 (The WP RealEstate plugin for WordPress, used by the Homeo theme, is vu ...)
@@ -347,23 +347,23 @@ CVE-2025-28398 (D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in th
 CVE-2025-28395 (D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipse ...)
 	NOT-FOR-US: D-Link
 CVE-2025-28132 (A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows ...)
-	TODO: check
+	NOT-FOR-US: Nagios Network Analyzer
 CVE-2025-28131 (A Broken Access Control vulnerability in Nagios Network Analyzer 2024R ...)
-	TODO: check
+	NOT-FOR-US: Nagios Network Analyzer
 CVE-2025-27829 (An issue was discovered in Stormshield Network Security (SNS) 4.3.x be ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2025-27130 (Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted d ...)
-	TODO: check
+	NOT-FOR-US: Welcart e-Commerce
 CVE-2025-26056 (A command injection vulnerability exists in the Infinxt iEdge 100 2.1. ...)
-	TODO: check
+	NOT-FOR-US: Infinxt iEdge 100
 CVE-2025-26055 (An OS Command Injection vulnerability exists in the Infinxt iEdge 100  ...)
-	TODO: check
+	NOT-FOR-US: Infinxt iEdge 100
 CVE-2025-26054 (Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Infinxt iEdge 100
 CVE-2025-25041 (A vulnerability in the HPE Aruba Networking Virtual Intranet Access (V ...)
 	NOT-FOR-US: HPE
 CVE-2025-22231 (VMware Aria Operations contains a local privilege escalation vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: VMware Aria Operations
 CVE-2025-1660 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-1659 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88e4a8aa0cb1f0d3fda27eac05f0094632150a03

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88e4a8aa0cb1f0d3fda27eac05f0094632150a03
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250401/5454dd16/attachment.htm>

More information about the debian-security-tracker-commits mailing list