[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 8 19:56:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33e50c12 by Salvatore Bonaccorso at 2025-04-08T20:54:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1004,7 +1004,7 @@ CVE-2025-32113 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo Tejada
 CVE-2025-32112 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar M ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31480 (aiven-extras is a PostgreSQL extension. This is a privilege escalation ...)
-	TODO: check
+	NOT-FOR-US: aiven-extras PostgreSQL extension
 CVE-2025-31421 (Insertion of Sensitive Information into Externally-Accessible File or  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31420 (Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum  ...)
@@ -1056,7 +1056,7 @@ CVE-2025-22282 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-22281 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-1865 (The kernel driver, accessible to low-privileged users, exposes a funct ...)
-	TODO: check
+	NOT-FOR-US: Virtual CloneDrive
 CVE-2025-0468 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2024-51800 (Incorrect Privilege Assignment vulnerability in Favethemes Homey allow ...)
@@ -1103,7 +1103,7 @@ CVE-2025-3198 (A vulnerability has been found in GNU Binutils 2.43/2.44 and clas
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d
 	NOTE: binutils not covered by security support
 CVE-2025-3197 (Versions of the package expand-object from 0.0.0 are vulnerable to Pro ...)
-	TODO: check
+	NOT-FOR-US: expand-object Nodejs module
 CVE-2025-3196 (A vulnerability, which was classified as critical, was found in Open A ...)
 	- assimp <unfixed> (bug #1102207)
 	[bookworm] - assimp <no-dsa> (Minor issue)
@@ -1112,11 +1112,11 @@ CVE-2025-3196 (A vulnerability, which was classified as critical, was found in O
 CVE-2025-3195 (A vulnerability, which was classified as critical, has been found in i ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-3194 (Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buf ...)
-	TODO: check
+	NOT-FOR-US: bigint-buffer Node.js module
 CVE-2025-3192 (Versions of the package spatie/browsershot from 0.0.0 are vulnerable t ...)
 	NOT-FOR-US: spatie/browsershot
 CVE-2025-3191 (All versions of the package react-draft-wysiwyg are vulnerable to Cros ...)
-	TODO: check
+	NOT-FOR-US: react-draft-wysiwyg
 CVE-2025-3188 (A vulnerability classified as critical has been found in PHPGurukul e- ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-3187 (A vulnerability was found in PHPGurukul e-Diary Management System 1.0. ...)
@@ -1198,7 +1198,7 @@ CVE-2024-47213 (An issue was discovered affecting Enrich 5.1.0 and below. It inv
 CVE-2024-47212 (An issue was discovered in Iglu Server 0.13.0 and below. It involves s ...)
 	NOT-FOR-US: Iglu Server
 CVE-2024-45199 (insightsoftware Hive JDBC through 2.6.13 has a remote code execution v ...)
-	TODO: check
+	NOT-FOR-US: insightsoftware Hive JDBC
 CVE-2024-42208 (HCL Connections is vulnerable to an information disclosure vulnerabili ...)
 	NOT-FOR-US: HCL
 CVE-2024-13898 (The Simple Banner \u2013 Easily add multiple Banners/Bars/Notification ...)
@@ -185355,7 +185355,7 @@ CVE-2023-22329 (Improper input validation in the BIOS firmware for some Intel(R)
 CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through User-Controlle ...)
 	NOT-FOR-US: Kron Tech Single Connect
 CVE-2023-0881 (Running DDoS on tcp port 22 will trigger a kernel crash. This issue is ...)
-	TODO: check
+	NOT-FOR-US: Ubuntu linux-bluefield specific backporting issue
 CVE-2023-0880 (Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prio ...)
 	NOT-FOR-US: phpmyfaq
 CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33e50c12ab29e66d445329cff2e4657672fc4170

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33e50c12ab29e66d445329cff2e4657672fc4170
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250408/552a52d9/attachment.htm>

More information about the debian-security-tracker-commits mailing list