[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 2 21:22:12 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac793499 by Salvatore Bonaccorso at 2025-04-02T22:21:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
 CVE-2025-3099 (The Advanced Search by My Solr Server plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3098 (The Video Url plugin for WordPress is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3097 (The wp Time Machine plugin for WordPress is vulnerable to Cross-Site R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3063 (The Shopper Approved Reviews plugin for WordPress is vulnerable to una ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-31728 (Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask Asakus ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31727 (Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatell ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31726 (Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31725 (Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31724 (Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31723 (A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Qu ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31722 (In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defin ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31721 (A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 a ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31720 (A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 a ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-31286 (An HTML injection vulnerability previously discovered in Trend Vision  ...)
 	TODO: check
 CVE-2025-31285 (A broken access control vulnerability previously discovered in the Tre ...)
@@ -41,11 +41,11 @@ CVE-2025-2842 (A flaw was found in the Tempo Operator. When the Jaeger UI Monito
 CVE-2025-2786 (A flaw was found in Tempo Operator, where it creates a ServiceAccount, ...)
 	TODO: check
 CVE-2025-2513 (The Smart Icons For WordPress plugin for WordPress is vulnerable to St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2483 (The Gift Certificate Creator plugin for WordPress is vulnerable to Ref ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2005 (The Front End Users plugin for WordPress is vulnerable to arbitrary fi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-20212 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX  ...)
 	TODO: check
 CVE-2025-20203 (A vulnerability in the web-based management interface of Cisco Evolved ...)
@@ -55,17 +55,17 @@ CVE-2025-20139 (A vulnerability in chat messaging features of Cisco Enterprise C
 CVE-2025-20120 (A vulnerability in the web-based management interface of Cisco Evolved ...)
 	TODO: check
 CVE-2025-0154 (IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-0014 (Incorrect default permissions on the AMD Ryzen(TM) AI installation fol ...)
 	TODO: check
 CVE-2024-56476 (IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-56475 (IBM TXSeries for Multiplatforms 9.1 and 11.1is vulnerable to cross-sit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-56474 (IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-si ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-56341 (IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-50597 (An integer underflow vulnerability exists in the HTTP server PUT reque ...)
 	TODO: check
 CVE-2024-50596 (An integer underflow vulnerability exists in the HTTP server PUT reque ...)
@@ -87,13 +87,13 @@ CVE-2024-36336 (Integer overflow within the AMD NPU Driver could allow a local a
 CVE-2024-36328 (Integer overflow within AMD NPU Driver could allow a local attacker to ...)
 	TODO: check
 CVE-2024-25051 (IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-13637 (The Demo Awesome plugin for WordPress is vulnerable to unauthorized mo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12410 (The Front End Users plugin for WordPress is vulnerable to SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-40714 (A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-27556 (An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0. ...)
 	- python-django <not-affected> (Windows-specific)
 	NOTE: https://www.djangoproject.com/weblog/2025/apr/02/security-releases/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac7934997eca52b1ed1d33f8e74c3f8c92db2fa9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac7934997eca52b1ed1d33f8e74c3f8c92db2fa9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250402/0a1b93f7/attachment.htm>

More information about the debian-security-tracker-commits mailing list