[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 7 21:40:25 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3db4f55 by Salvatore Bonaccorso at 2025-04-07T22:39:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2025-3426 (We observed that Intellispace Portal binaries doesn\u2019t have any pr ...)
-	TODO: check
+	NOT-FOR-US: Intellispace Portal
 CVE-2025-3425 (The IntelliSpace portal application utilizes .NET Remoting for its fun ...)
-	TODO: check
+	NOT-FOR-US: Intellispace Portal
 CVE-2025-3424 (The IntelliSpace portal application utilizes .NET Remoting for its fun ...)
-	TODO: check
+	NOT-FOR-US: Intellispace Portal
 CVE-2025-3382 (A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java  ...)
-	TODO: check
+	NOT-FOR-US: joey-zhou xiaozhi-esp32-server-java
 CVE-2025-3381 (A vulnerability, which was classified as critical, was found in zhangy ...)
-	TODO: check
+	NOT-FOR-US: zhangyanbo2007 youkefu
 CVE-2025-3380 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3379 (A vulnerability classified as critical was found in PCMan FTP Server 2 ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3378 (A vulnerability classified as critical has been found in PCMan FTP Ser ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3377 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3376 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been decla ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3375 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been class ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3374 (A vulnerability was found in PCMan FTP Server 2.0.7 and classified as  ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3373 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3372 (A vulnerability, which was classified as critical, was found in PCMan  ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3371 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3370 (A vulnerability classified as critical has been found in PHPGurukul Me ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-3369 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rat ...)
-	TODO: check
+	NOT-FOR-US: xxyopen Novel-Plus
 CVE-2025-3360 (A flaw was found in GLib. An integer overflow and buffer under-read oc ...)
 	TODO: check
 CVE-2025-3359 (A flaw was found in GNUPlot. A segmentation fault via IO_str_init_stat ...)
@@ -45,7 +45,7 @@ CVE-2025-3351 (A vulnerability has been found in PHPGurukul Old Age Home Managem
 CVE-2025-3350 (A vulnerability, which was classified as critical, was found in PHPGur ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-3349 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PCMan FTP Server
 CVE-2025-3348 (A vulnerability classified as critical was found in code-projects Pati ...)
 	NOT-FOR-US: code-projects
 CVE-2025-3347 (A vulnerability classified as critical has been found in code-projects ...)
@@ -57,9 +57,9 @@ CVE-2025-3345 (A vulnerability was found in codeprojects Online Restaurant Manag
 CVE-2025-3344 (A vulnerability was found in codeprojects Online Restaurant Management ...)
 	NOT-FOR-US: code-projects
 CVE-2025-3248 (Langflow versions prior to 1.3.0 are susceptible to code injection in  ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2025-32014 (estree-util-value-to-estree converts a JavaScript value to an ESTree e ...)
-	TODO: check
+	NOT-FOR-US: estree-util-value-to-estree
 CVE-2025-31476 (tarteaucitron.js is a compliant and accessible cookie banner. A vulner ...)
 	TODO: check
 CVE-2025-31475 (tarteaucitron.js is a compliant and accessible cookie banner. A vulner ...)
@@ -73,7 +73,7 @@ CVE-2025-2251 (A security flaw exists in WildFly and JBoss Enterprise Applicatio
 CVE-2025-29769 (libvips is a demand-driven, horizontally threaded image processing lib ...)
 	TODO: check
 CVE-2025-29594 (A vulnerability exists in the errorpage.php file of the CS2-WeaponPain ...)
-	TODO: check
+	NOT-FOR-US: CS2-WeaponPaints-Website
 CVE-2025-29482 (Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacke ...)
 	TODO: check
 CVE-2025-29481 (Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker  ...)
@@ -83,43 +83,43 @@ CVE-2025-29480 (Buffer Overflow vulnerability in gdal 3.10.2 allows a local atta
 CVE-2025-29479 (Buffer Overflow in hiredis 1.2.0 allows a local attacker to cause a de ...)
 	TODO: check
 CVE-2025-29478 (An issue in fluent-bit v.3.7.2 allows a local attacker to cause a deni ...)
-	TODO: check
+	NOT-FOR-US: fluent-bit
 CVE-2025-29087 (Sqlite 3.49.0 is susceptible to integer overflow through the concat fu ...)
 	TODO: check
 CVE-2025-28413 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28412 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28411 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28410 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28409 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28408 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28407 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28406 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28405 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28403 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28402 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28401 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-28400 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
-	TODO: check
+	NOT-FOR-US: RUoYi
 CVE-2025-27686 (Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-21448 (Transient DOS may occur while parsing SSID in action frames.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-21447 (Memory corruption may occur while processing device IO control call fo ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-21443 (Memory corruption while processing message content in eAVB.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2025-21442 (Memory corruption while transmitting packet mapping information with i ...)
 	TODO: check
 CVE-2025-21441 (Memory corruption when IOCTL call is invoked from user-space to write  ...)
@@ -230,19 +230,19 @@ CVE-2025-3331 (A vulnerability, which was classified as critical, has been found
 CVE-2025-3330 (A vulnerability classified as critical was found in codeprojects Onlin ...)
 	NOT-FOR-US: code-projects
 CVE-2025-3329 (A vulnerability classified as problematic has been found in Consumer C ...)
-	TODO: check
+	NOT-FOR-US: Consumer Comanda Mobile
 CVE-2025-3328 (A vulnerability was found in Tenda AC1206 15.03.06.23. It has been cla ...)
 	NOT-FOR-US: Tenda
 CVE-2025-3327 (A vulnerability was found in iteaj iboot \u7269\u8054\u7f51\u7f51\u517 ...)
-	TODO: check
+	NOT-FOR-US: iteaj iboot
 CVE-2025-3326 (A vulnerability has been found in iteaj iboot \u7269\u8054\u7f51\u7f51 ...)
-	TODO: check
+	NOT-FOR-US: iteaj iboot
 CVE-2025-3325 (A vulnerability, which was classified as problematic, was found in ite ...)
-	TODO: check
+	NOT-FOR-US: iteaj iboot
 CVE-2025-3324 (A vulnerability, which was classified as critical, has been found in g ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-3323 (A vulnerability classified as critical was found in godcheese/code-pro ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-31175 (Deserialization mismatch vulnerability in the DSoftBus module Impact:  ...)
 	NOT-FOR-US: Huawei
 CVE-2025-31174 (Path traversal vulnerability in the DFS module Impact: Successful expl ...)
@@ -336,7 +336,7 @@ CVE-2025-32013 (LNbits is a Lightning wallet and accounts system. A Server-Side
 CVE-2025-31492 (mod_auth_openidc is an OpenID Certified authentication and authorizati ...)
 	TODO: check
 CVE-2025-31488 (Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows use ...)
-	TODO: check
+	NOT-FOR-US: Plain Craft Launcher (PCL)
 CVE-2025-2260 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before   ...)
 	NOT-FOR-US: Eclipse ThreadX NetX Duo
 CVE-2025-2259 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before   ...)
@@ -864,7 +864,7 @@ CVE-2025-3195 (A vulnerability, which was classified as critical, has been found
 CVE-2025-3194 (Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buf ...)
 	TODO: check
 CVE-2025-3192 (Versions of the package spatie/browsershot from 0.0.0 are vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: spatie/browsershot
 CVE-2025-3191 (All versions of the package react-draft-wysiwyg are vulnerable to Cros ...)
 	TODO: check
 CVE-2025-3188 (A vulnerability classified as critical has been found in PHPGurukul e- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3db4f551e936fdb9c0f2223e702842bc18b7890

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3db4f551e936fdb9c0f2223e702842bc18b7890
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250407/8369cc03/attachment.htm>

More information about the debian-security-tracker-commits mailing list