[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Apr 10 04:47:44 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
075e708d by Salvatore Bonaccorso at 2025-04-10T05:47:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -295,7 +295,7 @@ CVE-2025-2223 (CWE-20: Improper Input Validation vulnerability exists that could
 CVE-2025-2222 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2025-29870 (Missing authentication for critical function vulnerability exists in W ...)
-	TODO: check
+	NOT-FOR-US: Wi-Fi AP UNIT 'AC-WPS-11ac series'
 CVE-2025-29394 (An insecure permissions vulnerability in verydows v2.0 allows a remote ...)
 	NOT-FOR-US: verydows
 CVE-2025-29391 (horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Co ...)
@@ -393,7 +393,7 @@ CVE-2025-27189 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12
 CVE-2025-27188 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4. ...)
 	NOT-FOR-US: Adobe
 CVE-2025-25013 (Improper restriction of environment variables in Elastic Defend can le ...)
-	TODO: check
+	NOT-FOR-US: Elastic Defend
 CVE-2025-24447 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
 	NOT-FOR-US: Adobe
 CVE-2025-24446 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
@@ -407,7 +407,7 @@ CVE-2024-6860 (The WP MultiTasking  WordPress plugin through 0.1.12 does not hav
 CVE-2024-6857 (The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSR ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-55354 (Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can  ...)
-	TODO: check
+	NOT-FOR-US: Lucee
 CVE-2024-12556 (Prototype Pollution in Kibana can lead to code injection via unrestric ...)
 	- kibana <itp> (bug #700337)
 CVE-2025-3437 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
@@ -1311,7 +1311,7 @@ CVE-2025-21423 (Memory corruption occurs when handling client calls to EnableTes
 CVE-2025-21421 (Memory corruption while processing escape code in API.)
 	NOT-FOR-US: Qualcomm
 CVE-2025-0050 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2024-49848 (Memory corruption while processing multiple IOCTL calls from HLOS to D ...)
 	NOT-FOR-US: Qualcomm
 CVE-2024-46494 (A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows at ...)
@@ -518127,7 +518127,7 @@ CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bou
 CVE-2018-9384 (In multiple locations, there is a possible way to bypass KASLR due to  ...)
 	NOT-FOR-US: Android
 CVE-2018-9383 (In asn1_ber_decoder of asn1_decoder.c, there is a possible out of boun ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9382 (In multiple functions of WifiServiceImpl.java, there is a possible way ...)
 	NOT-FOR-US: Android
 CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a possibleinf ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/075e708d76b788f9ad0235df338eea7b7e540180

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/075e708d76b788f9ad0235df338eea7b7e540180
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250410/a7c55fa5/attachment-0001.htm>
