[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 15 21:15:19 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
641c9063 by Salvatore Bonaccorso at 2025-04-15T22:14:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-3618 (A denial-of-service vulnerability exists in the Rockwell Automation Th ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-3617 (A privilege escalation vulnerability exists in the Rockwell Automation ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2025-3608 (A race condition existed in nsHttpTransaction that could have been exp ...)
 	TODO: check
 CVE-2025-3579 (In versions prior to Aidex 1.7, an authenticated malicious user, takin ...)
@@ -33,7 +33,7 @@ CVE-2025-32944 (The vulnerability allows any authenticated user to cause the Pee
 CVE-2025-32943 (The vulnerability allows any authenticated user to leak the contents o ...)
 	TODO: check
 CVE-2025-32929 (Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32780 (BleachBit cleans files to free disk space and to maintain privacy. Ble ...)
 	TODO: check
 CVE-2025-32779 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect  ...)
@@ -55,21 +55,21 @@ CVE-2025-32012 (Jellyfin is an open source self hosted media server. In versions
 CVE-2025-31497 (TEIGarage is a webservice and RESTful service to transform, convert an ...)
 	TODO: check
 CVE-2025-31011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30985 (Deserialization of Untrusted Data vulnerability in NotFound GNUCommerc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30965 (Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30964 (Server-Side Request Forgery (SSRF) vulnerability in EPC Photography. T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30206 (Dpanel is a Docker visualization panel system which provides complete  ...)
 	TODO: check
 CVE-2025-2567 (An attacker could modify or disable settings, disrupt fuel monitoring  ...)
 	TODO: check
 CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-29817 (Uncontrolled search path element in Power Automate allows an authorize ...)
 	TODO: check
 CVE-2025-29705 (code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The projec ...)
@@ -103,37 +103,37 @@ CVE-2025-27980 (cashbook v4.0.3 has an arbitrary file read vulnerability in /api
 CVE-2025-27791 (Collabora Online is a collaborative online office suite based on Libre ...)
 	TODO: check
 CVE-2025-26992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26990 (Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Ele ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26982 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26959 (Missing Authorization vulnerability in Qu\xfd L\xea 91 Administrator Z ...)
 	TODO: check
 CVE-2025-26958 (Missing Authorization vulnerability in NotFound JetBlog allows Accessi ...)
 	TODO: check
 CVE-2025-26955 (Missing Authorization vulnerability in VW Themes Industrial Lite allow ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26954 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26944 (Missing Authorization vulnerability in NotFound JetPopup allows Access ...)
 	TODO: check
 CVE-2025-26942 (Missing Authorization vulnerability in NotFound JetTricks allows Acces ...)
 	TODO: check
 CVE-2025-26894 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26889 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26744 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26741 (Missing Authorization vulnerability in AWEOS GmbH Email Notifications  ...)
 	TODO: check
 CVE-2025-25456 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in Adv ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-24949 (In JotUrl 2.0, is possible to bypass security requirements during the  ...)
 	TODO: check
 CVE-2025-24948 (In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentia ...)
@@ -147,19 +147,19 @@ CVE-2025-22900 (Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain
 CVE-2025-1688 (Milestone Systems has discovered a security vulnerability in Milestone ...)
 	TODO: check
 CVE-2025-1292 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0 ...)
-	TODO: check
+	NOT-FOR-US: ChromeOS
 CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0 ...)
-	TODO: check
+	NOT-FOR-US: ChromeOS
 CVE-2024-50960 (A command injection vulnerability in the Nmap diagnostic tool in the a ...)
 	TODO: check
 CVE-2024-45712 (SolarWinds Serv-U is vulnerable to a client-side cross-site scripting  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2024-42200 (HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripti ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-42193 (HCL BigFix Web Reports' service communicates over HTTPS but exhibits a ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-42189 (HCL BigFix Web Reports might be subject to a Denial of Service (DoS) a ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-36842 (An issue in Oncord+ Android Infotainment Systems OS Android 12, Model  ...)
 	TODO: check
 CVE-2024-13177 (Netskope Client on Mac OS is impacted by a vulnerability in which the  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/641c906314e551cd25f96f4fbea04ca53695cc90

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/641c906314e551cd25f96f4fbea04ca53695cc90
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250415/19271203/attachment.htm>

More information about the debian-security-tracker-commits mailing list