[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 10 21:33:38 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08022d74 by Salvatore Bonaccorso at 2025-04-10T22:33:15+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,17 +5,17 @@ CVE-2025-32754 (In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host
 CVE-2025-32743 (In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c  ...)
 	TODO: check
 CVE-2025-32687 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-32668 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32395 (Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6 ...)
 	TODO: check
 CVE-2025-32391 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
-	TODO: check
+	NOT-FOR-US: HedgeDoc
 CVE-2025-32383 (MaxKB (Max Knowledge Base) is an open source knowledge base question-a ...)
-	TODO: check
+	NOT-FOR-US: MaxKB (Max Knowledge Base)
 CVE-2025-32382 (Metabase is an open source Business Intelligence and Embedded Analytic ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2025-32282 (Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32275 (Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Make ...)
@@ -31,7 +31,7 @@ CVE-2025-32243 (Missing Authorization vulnerability in Toast Plugins Internal Li
 CVE-2025-32242 (Missing Authorization vulnerability in Hive Support Hive Support allow ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32240 (Missing Authorization vulnerability in NotFound Site Notify allows Exp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-32236 (Missing Authorization vulnerability in Vagonic Woocommerce Products Re ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32230 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
@@ -95,25 +95,25 @@ CVE-2025-31524 (Incorrect Privilege Assignment vulnerability in NotFound WP User
 CVE-2025-31411 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30582 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: aytechnet DyaPress ERP/CRM
 CVE-2025-30148 (Silverstripe Framework is a PHP framework which powers the Silverstrip ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe Framework
 CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter  ...)
-	TODO: check
+	NOT-FOR-US: BlueCMS
 CVE-2025-29088 (An issue in sqlite v.3.49.0 allows an attacker to cause a denial of se ...)
 	TODO: check
 CVE-2025-29017 (A Remote Code Execution (RCE) vulnerability exists in Code Astro Inter ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-27813 (MSI Center before 2.0.52.0 has Missing PE Signature Validation.)
-	TODO: check
+	NOT-FOR-US: MSI Center
 CVE-2025-27812 (MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.)
-	TODO: check
+	NOT-FOR-US: MSI Center
 CVE-2025-27350 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-27081 (A potential security vulnerability in HPE NonStop OSM Service Connecti ...)
 	NOT-FOR-US: HPE
 CVE-2025-25197 (Silverstripe Elemental extends a page type to swap the content area fo ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe Elemental
 CVE-2025-24866 (Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper access con ...)
 	TODO: check
 CVE-2025-23386 (A Incorrect Default Permissions vulnerability in the openSUSE Tumblewe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08022d749cf3979c11dcfff444062f4d658d8f8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08022d749cf3979c11dcfff444062f4d658d8f8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250410/874c6ade/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list