[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 14 21:24:37 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b071d1c6 by Salvatore Bonaccorso at 2025-04-14T22:24:09+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
CVE-2025-3587 (A vulnerability classified as critical was found in ZeroWdd/code-proje ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3585 (A vulnerability classified as critical has been found in westboy Cicad ...)
- TODO: check
+ NOT-FOR-US: CicadasCMS
CVE-2025-3571 (A vulnerability was found in Fannuo Enterprise Content Management Syst ...)
- TODO: check
+ NOT-FOR-US: Fannuo Enterprise Content Management System
CVE-2025-3570 (A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1 ...)
NOT-FOR-US: code-projects
CVE-2025-3569 (A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3568 (A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and cl ...)
- TODO: check
+ NOT-FOR-US: Webkul Krayin CRM
CVE-2025-3567 (A vulnerability, which was classified as problematic, was found in vea ...)
- TODO: check
+ NOT-FOR-US: veal98
CVE-2025-3566 (A vulnerability, which was classified as critical, has been found in v ...)
- TODO: check
+ NOT-FOR-US: veal98
CVE-2025-3565 (A vulnerability classified as critical was found in huanfenz/code-proj ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3564 (A vulnerability classified as problematic has been found in huanfenz/c ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3563 (A vulnerability was found in WuzhiCMS 4.1. It has been rated as critic ...)
- TODO: check
+ NOT-FOR-US: WuzhiCMS
CVE-2025-3562 (A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared ...)
- TODO: check
+ NOT-FOR-US: Yonyou YonBIP
CVE-2025-3561 (A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been ...)
- TODO: check
+ NOT-FOR-US: ghostxbh uzy-ssm-mall
CVE-2025-3560 (A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classifie ...)
- TODO: check
+ NOT-FOR-US: ghostxbh uzy-ssm-mall
CVE-2025-3559 (A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and clas ...)
- TODO: check
+ NOT-FOR-US: ghostxbh uzy-ssm-mall
CVE-2025-3558 (A vulnerability, which was classified as critical, was found in ghostx ...)
- TODO: check
+ NOT-FOR-US: ghostxbh uzy-ssm-mall
CVE-2025-3557 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: ScriptAndTools eCommerce-website-in-PHP
CVE-2025-3277 (An integer overflow can be triggered in SQLite\u2019s `concat_ws()` fu ...)
TODO: check
CVE-2025-32931 (DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, ...)
- TODO: check
+ NOT-FOR-US: DevDojo Voyager
CVE-2025-32930
REJECTED
CVE-2025-32914 (A flaw was found in libsoup, where the soup_multipart_new_from_message ...)
@@ -61,45 +61,45 @@ CVE-2025-2475 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <=
CVE-2025-2424 (Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check i ...)
TODO: check
CVE-2025-2161 (Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-2160 (Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-29720 (Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSR ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2025-27009 (Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-22373 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: SicommNet BASEC
CVE-2025-22372 (Insufficiently Protected Credentials vulnerability in SicommNet BASEC ...)
- TODO: check
+ NOT-FOR-US: SicommNet BASEC
CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: SicommNet BASEC
CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language form el ...)
TODO: check
CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation for Clou ...)
NOT-FOR-US: IBM
CVE-2024-49709 (Internet Starter, one of SoftCOM iKSORIS system modules,allows for set ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-49708 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-49707 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-49706 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-49705 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-13598 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-13597 (Internet Starter, one of SoftCOMiKSORIS system modules,is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-10090 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-10089 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-10088 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2024-10087 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SoftCOM iKSORIS system modules
CVE-2025-3572 (SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerabilit ...)
NOT-FOR-US: INTUMIT
CVE-2025-3556 (A vulnerability classified as problematic was found in ScriptAndTools ...)
@@ -149,7 +149,7 @@ CVE-2025-3445 (A Path Traversal "Zip Slip" vulnerability has been identified in
CVE-2025-32093 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11 ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-30516 (Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions du ...)
- TODO: check
+ NOT-FOR-US: Mattermost Mobile Apps
CVE-2025-2563 (The User Registration & Membership WordPress plugin before 4.1.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9230 (The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b071d1c688b0c0f797da17ba4c4e98b8ab3dd30e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b071d1c688b0c0f797da17ba4c4e98b8ab3dd30e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250414/f58a5890/attachment.htm>
More information about the debian-security-tracker-commits
mailing list