[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 2 10:09:06 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbad0384 by Moritz Muehlenhoff at 2025-04-02T11:03:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65,7 +65,7 @@ CVE-2025-31441 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-31431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31135 (Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. P ...)
-	TODO: check
+	NOT-FOR-US: Go-Guerrilla
 CVE-2025-31097 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: ho3einie Material Dashboard
 CVE-2025-31089 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -119,7 +119,7 @@ CVE-2025-29981 (Dell Wyse Management Suite, versions prior to WMS 5.1, contains
 CVE-2025-29070 (A heap buffer overflow vulnerability has been identified in thesmooth2 ...)
 	TODO: check
 CVE-2025-29049 (Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 ...)
-	TODO: check
+	NOT-FOR-US: MathLive
 CVE-2025-29036 (An issue in hackathon-starter v.8.1.0 allows a remote attacker to esca ...)
 	NOT-FOR-US: hackathon-starter
 CVE-2025-29033 (An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote at ...)
@@ -135,9 +135,9 @@ CVE-2025-27244 (AssetView and AssetView CLOUD contain an issue with acquiring se
 CVE-2025-25060 (Missing authentication for critical function vulnerability exists in A ...)
 	NOT-FOR-US: Hammock Corporation AssetView
 CVE-2025-0676 (This vulnerability involves command injection in tcpdump within Moxa p ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2025-0415 (A remote attacker with web administrator privileges can exploit the de ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2024-45700 (Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled ...)
 	TODO: check
 CVE-2024-45699 (The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross- ...)
@@ -151,7 +151,7 @@ CVE-2024-36469 (Execution time for an unsuccessful login differs when using a no
 CVE-2024-36465 (A low privilege (regular) Zabbix user with API access can use SQL inje ...)
 	TODO: check
 CVE-2024-13941 (A vulnerability was found in ouch-org ouch up to 0.3.1. It has been cl ...)
-	TODO: check
+	NOT-FOR-US: ouch-org ouch
 CVE-2023-46988 (Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5. ...)
 	NOT-FOR-US: ONLYOFFICE
 CVE-2003-20001 (An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbad0384b5687f7eaa1ddaa569b09d95c042c9f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbad0384b5687f7eaa1ddaa569b09d95c042c9f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250402/2fc484f0/attachment.htm>

More information about the debian-security-tracker-commits mailing list