[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 10 10:20:13 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7eac468 by Salvatore Bonaccorso at 2025-04-10T11:19:49+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-3489 (A vulnerability was found in Nababur Simple-User-Management-System 1.0 ...)
 	TODO: check
 CVE-2025-3417 (The Embedder plugin for WordPress is vulnerable to unauthorized modifi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3102 (The SureTriggers: All-in-One Automation Platform plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3023
 	REJECTED
 CVE-2025-32728 (In sshd in OpenSSH before 10.0, the DisableForwarding directive does n ...)
@@ -13,41 +13,41 @@ CVE-2025-32387 (Helm is a package manager for Charts for Kubernetes. A JSON Sche
 CVE-2025-32386 (Helm is a tool for managing Charts. A chart archive file can be crafte ...)
 	TODO: check
 CVE-2025-30660 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-30659 (An Improper Handling of Length Parameter Inconsistency vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-30658 (A Missing Release of Memory after Effective Lifetime vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-30657 (An Improper Encoding or Escaping of Output vulnerability in the Sampli ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2025-2873
 	REJECTED
 CVE-2025-2845
 	REJECTED
 CVE-2025-2809 (The azurecurve Shortcodes in Comments plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2805 (The ORDER POST plugin for WordPress is vulnerable to arbitrary shortco ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2719 (The Swatchly \u2013 WooCommerce Variation Swatches for Products (produ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-29989 (Dell Client Platform BIOS contains a Security Version Number Mutable t ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-29018 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the name p ...)
 	TODO: check
 CVE-2025-27690 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a u ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-26480 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-26479 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-26330 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-24375 (Charmed MySQL K8s operator is a Charmed Operator for running MySQL on  ...)
 	TODO: check
 CVE-2025-23378 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-22471 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-0539 (In affected Microsoft Windows versions of Octopus Deploy, the server c ...)
 	TODO: check
 CVE-2024-58136 (Yii 2 before 2.0.52 mishandles the attaching of behavior that is defin ...)
@@ -55,13 +55,13 @@ CVE-2024-58136 (Yii 2 before 2.0.52 mishandles the attaching of behavior that is
 CVE-2024-38865 (Improper neutralization of livestatus command delimiters in a specific ...)
 	TODO: check
 CVE-2024-13909 (The Accredible Certificates & Open Badges plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13896 (The WP-GeSHi-Highlight \u2014 rock-solid syntax highlighting for 259 l ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13874 (The Feedify  WordPress plugin before 2.4.6 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10894 (The Payment Forms for Paystack plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2761 [GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]
 	- gimp 3.0.0-1
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-204/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7eac468c69b8848ad31e81f77cee3e877c91b4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7eac468c69b8848ad31e81f77cee3e877c91b4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250410/da94dafc/attachment.htm>

More information about the debian-security-tracker-commits mailing list