[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 8 11:19:04 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71e8389a by Salvatore Bonaccorso at 2025-04-08T12:18:32+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2025-3428 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Inject
 CVE-2025-3427 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3413 (A vulnerability has been found in opplus springboot-admin up to a2d531 ...)
-	TODO: check
+	NOT-FOR-US: opplus springboot-admin
 CVE-2025-3412 (A vulnerability, which was classified as critical, was found in mymagi ...)
 	NOT-FOR-US: mymagicpower AIAS
 CVE-2025-3411 (A vulnerability, which was classified as critical, has been found in m ...)
@@ -41,7 +41,7 @@ CVE-2025-3398 (A vulnerability classified as critical was found in lenve VBlog u
 CVE-2025-3397 (A vulnerability classified as problematic has been found in YzmCMS 7.1 ...)
 	NOT-FOR-US: YzmCMS
 CVE-2025-3393 (A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162 ...)
-	TODO: check
+	NOT-FOR-US: mrcen springboot-ucan-admin
 CVE-2025-3392 (A vulnerability was found in hailey888 oa_system up to 2025.01.01 and  ...)
 	NOT-FOR-US: hailey888 oa_system
 CVE-2025-3391 (A vulnerability has been found in hailey888 oa_system up to 2025.01.01 ...)
@@ -74,23 +74,23 @@ CVE-2025-32414 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds
 	- libxml2 <unfixed>
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
 CVE-2025-32413 (Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in  ...)
-	TODO: check
+	NOT-FOR-US: Vulnerability-Lookup
 CVE-2025-32409 (Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code ex ...)
 	NOT-FOR-US: Ratta SuperNote A6 X2 Nomad
 CVE-2025-32034 (The Apollo Router Core is a configurable, high-performance graph route ...)
-	TODO: check
+	NOT-FOR-US: Apollo Router Core
 CVE-2025-32033 (The Apollo Router Core is a configurable, high-performance graph route ...)
-	TODO: check
+	NOT-FOR-US: Apollo Router Core
 CVE-2025-32032 (The Apollo Router Core is a configurable, high-performance graph route ...)
-	TODO: check
+	NOT-FOR-US: Apollo Router Core
 CVE-2025-32031 (Apollo Gateway provides utilities for combining multiple GraphQL micro ...)
-	TODO: check
+	NOT-FOR-US: Apollo Gateway
 CVE-2025-32030 (Apollo Gateway provides utilities for combining multiple GraphQL micro ...)
-	TODO: check
+	NOT-FOR-US: Apollo Gateway
 CVE-2025-32029 (ts-asn1-der is a collection of utility classes to encode ASN.1 data fo ...)
-	TODO: check
+	NOT-FOR-US: ts-asn1-der
 CVE-2025-31496 (apollo-compiler is a query-based compiler for the GraphQL query langua ...)
-	TODO: check
+	NOT-FOR-US: apollo-compiler
 CVE-2025-31333 (SAP S4CORE OData meta-data property is vulnerable to data tampering, d ...)
 	NOT-FOR-US: SAP
 CVE-2025-31332 (Due to insecure file permissions in SAP BusinessObjects Business Intel ...)
@@ -168,7 +168,7 @@ CVE-2025-20935 (Improper handling of insufficient permission or privileges in Cl
 CVE-2025-20934 (Improper access control in Sticker Center prior to SMR Apr-2025 Releas ...)
 	NOT-FOR-US: Samsung Mobile
 CVE-2025-0942 (The DB chooser functionality inJalios JPlatform 10 SP6 before 10.0.6 i ...)
-	TODO: check
+	NOT-FOR-US: Jalios
 CVE-2025-0361 (During an annual penetration test conducted on behalf of Axis Communic ...)
 	NOT-FOR-US: Axis Communication
 CVE-2024-47261 (51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that th ...)
@@ -250,13 +250,13 @@ CVE-2025-3248 (Langflow versions prior to 1.3.0 are susceptible to code injectio
 CVE-2025-32014 (estree-util-value-to-estree converts a JavaScript value to an ESTree e ...)
 	NOT-FOR-US: estree-util-value-to-estree
 CVE-2025-31476 (tarteaucitron.js is a compliant and accessible cookie banner. A vulner ...)
-	TODO: check
+	NOT-FOR-US: tarteaucitron.js
 CVE-2025-31475 (tarteaucitron.js is a compliant and accessible cookie banner. A vulner ...)
-	TODO: check
+	NOT-FOR-US: tarteaucitron.js
 CVE-2025-31138 (tarteaucitron.js is a compliant and accessible cookie banner. A vulner ...)
-	TODO: check
+	NOT-FOR-US: tarteaucitron.js
 CVE-2025-30373 (Graylog is a free and open log management platform. Starting with 6.1, ...)
-	TODO: check
+	NOT-FOR-US: Graylog
 CVE-2025-2251 (A security flaw exists in WildFly and JBoss Enterprise Application Pla ...)
 	TODO: check
 CVE-2025-29769 (libvips is a demand-driven, horizontally threaded image processing lib ...)
@@ -510,7 +510,7 @@ CVE-2024-58107 (Buffer overflow vulnerability in the codec module Impact: Succes
 CVE-2024-58106 (Buffer overflow vulnerability in the codec module Impact: Successful e ...)
 	NOT-FOR-US: Huawei
 CVE-2024-11071 (Permissive Cross-domain Policy with Untrusted Domains vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: DestinyECM
 CVE-2025-3318 (A vulnerability classified as critical was found in Kenj_Frog \u80af\u ...)
 	NOT-FOR-US: Kenj_Frog company-financial-management
 CVE-2025-3317 (A vulnerability classified as problematic has been found in fumiao ope ...)
@@ -986,7 +986,7 @@ CVE-2025-29476 (Buffer Overflow vulnerability in compress_chunk_fuzzer with oss-
 CVE-2025-28146 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was  ...)
 	NOT-FOR-US: Edimax
 CVE-2025-27520 (BentoML is a Python library for building online serving systems optimi ...)
-	TODO: check
+	NOT-FOR-US: BentoML
 CVE-2025-25178 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2025-22285 (Missing Authorization vulnerability in Eniture Technology Pallet Packa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71e8389a841fafe153ee5564283a2cad5426736a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71e8389a841fafe153ee5564283a2cad5426736a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250408/7b3fff59/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list