[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 8 09:43:47 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0290bd44 by Salvatore Bonaccorso at 2025-04-08T10:43:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2025-3431 (The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3430 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3429 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3428 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3427 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3413 (A vulnerability has been found in opplus springboot-admin up to a2d531 ...)
 	TODO: check
 CVE-2025-3412 (A vulnerability, which was classified as critical, was found in mymagi ...)
@@ -31,11 +31,11 @@ CVE-2025-3403 (A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and
 CVE-2025-3402 (A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborat ...)
 	TODO: check
 CVE-2025-3401 (A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114  ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET
 CVE-2025-3400 (A vulnerability, which was classified as critical, was found in ESAFEN ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET
 CVE-2025-3399 (A vulnerability, which was classified as critical, has been found in E ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET
 CVE-2025-3398 (A vulnerability classified as critical was found in lenve VBlog up to  ...)
 	TODO: check
 CVE-2025-3397 (A vulnerability classified as problematic has been found in YzmCMS 7.1 ...)
@@ -61,7 +61,7 @@ CVE-2025-3385 (A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been
 CVE-2025-3384 (A vulnerability was found in 1000 Projects Human Resource Management S ...)
 	TODO: check
 CVE-2025-3383 (A vulnerability was found in SourceCodester Web-based Pharmacy Product ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-3364 (The SSH service of PowerStation from HGiga has a Chroot Escape vulnera ...)
 	TODO: check
 CVE-2025-3363 (The web service of iSherlock from HGiga has an OS Command Injection vu ...)
@@ -91,91 +91,91 @@ CVE-2025-32029 (ts-asn1-der is a collection of utility classes to encode ASN.1 d
 CVE-2025-31496 (apollo-compiler is a query-based compiler for the GraphQL query langua ...)
 	TODO: check
 CVE-2025-31333 (SAP S4CORE OData meta-data property is vulnerable to data tampering, d ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-31332 (Due to insecure file permissions in SAP BusinessObjects Business Intel ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-31331 (SAP NetWeaver allows an attacker to bypass authorization checks, enabl ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-31330 (SAP Landscape Transformation (SLT) allows an attacker with user privil ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-30017 (Due to a missing authorization check, an authenticated attacker could  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-30016 (SAP Financial Consolidation allows an unauthenticated attacker to gain ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-30015 (Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-30014 (SAP Capital Yield Tax Management has directory traversal vulnerability ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-30013 (SAP ERP BW Business Content is vulnerable to OS Command Injection thro ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-2882 (The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2526 (The Streamit theme for WordPress is vulnerable to privilege escalation ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2525 (The Streamit theme for WordPress is vulnerable to arbitrary file uploa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2519 (The Sreamit theme for WordPress is vulnerable to arbitrary file downlo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2004 (The Simple WP Events plugin for WordPress is vulnerable to arbitrary f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-27437 (A Missing Authorization Check vulnerability exists in the Virus Scanne ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-27435 (Under specific conditions and prerequisites, an unauthenticated attack ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-27429 (SAP S/4HANA allows an attacker with user privileges to exploit a vulne ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-27428 (Due to directory traversal vulnerability, an authorized attacker could ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-26657 (SAP KMC WPC allows an unauthenticated attacker to remotely retrieve us ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-26654 (SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypte ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-26653 (SAP NetWeaver Application Server ABAP does not sufficiently encode use ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-23186 (In certain conditions, SAP NetWeaver Application Server ABAP allows an ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-20951 (Improper verification of intent by broadcast receiver vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20950 (Use of implicit intent for sensitive communication in SamsungNotes pri ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20948 (Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior  ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20947 (Improper handling of insufficient permission or privileges in Clipboar ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20946 (Improper handling of exceptional conditions in pairing specific blueto ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20945 (Improper access control in Galaxy Watch prior to SMR Apr-2025 Release  ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20944 (Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR  ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20943 (Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1  ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20942 (Improper Verification of Intent by Broadcast Receiver in DeviceIdServi ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20941 (Improper access control in InputManager to SMR Apr-2025 Release 1 allo ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20940 (Improper handling of insufficient permission in Samsung Device Health  ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20939 (Improper authorization in wireless download protocol in Galaxy Watch p ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20938 (Improper access control in SamsungContacts prior to SMR Apr-2025 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20936 (Improper access control in HDCP trustlet prior to SMR Apr-2025 Release ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20935 (Improper handling of insufficient permission or privileges in Clipboar ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-20934 (Improper access control in Sticker Center prior to SMR Apr-2025 Releas ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2025-0942 (The DB chooser functionality inJalios JPlatform 10 SP6 before 10.0.6 i ...)
 	TODO: check
 CVE-2025-0361 (During an annual penetration test conducted on behalf of Axis Communic ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2024-47261 (51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that th ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2024-13820 (The Melhor Envio plugin for WordPress is vulnerable to Sensitive Infor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2019-25223 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3426 (We observed that Intellispace Portal binaries doesn\u2019t have any pr ...)
 	NOT-FOR-US: Intellispace Portal
 CVE-2025-3425 (The IntelliSpace portal application utilizes .NET Remoting for its fun ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0290bd44eaaf2230f4bd970017ad7bdd3393ccce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0290bd44eaaf2230f4bd970017ad7bdd3393ccce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250408/864e5989/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list