[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 16 19:28:11 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67babd04 by Salvatore Bonaccorso at 2025-04-16T20:27:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -508,9 +508,9 @@ CVE-2024-58092 [nfsd: fix legacy client tracking initialization]
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/de71d4e211eddb670b285a0ea477a299601ce1ca (6.14-rc1)
 CVE-2025-3698 (Interface exposure vulnerability in the mobile application (com.transs ...)
-	TODO: check
+	NOT-FOR-US: com.transsion.carlcare mobile application
 CVE-2025-3676 (A vulnerability classified as critical has been found in xxyopen Novel ...)
-	TODO: check
+	NOT-FOR-US: xxyopen Novel-Plus
 CVE-2025-3675 (A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-3674 (A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It ...)
@@ -720,7 +720,7 @@ CVE-2025-2497 (A maliciously crafted DWG file, when parsed through Autodesk Revi
 CVE-2025-2314 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-29471 (Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 a ...)
-	TODO: check
+	NOT-FOR-US: Nagios Log Server
 CVE-2025-27939 (An attacker can change registered email addresses of other users and t ...)
 	NOT-FOR-US: Growatt Cloud portal
 CVE-2025-27938 (Unauthenticated attackers can obtain restricted information about a us ...)
@@ -806,7 +806,7 @@ CVE-2025-24315 (Unauthenticated attackers can add devices of other users to thei
 CVE-2025-24297 (Due to lack of server-side input validation, attackers can inject mali ...)
 	NOT-FOR-US: Growatt Cloud portal
 CVE-2025-22911 (RE11S v1.11 was discovered to contain a stack overflow via the rootAPm ...)
-	TODO: check
+	NOT-FOR-US: RE11S
 CVE-2025-22269 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-22268 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67babd047e70423e120ccabdd78ee8d331ce24c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67babd047e70423e120ccabdd78ee8d331ce24c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250416/2bb007ef/attachment.htm>

More information about the debian-security-tracker-commits mailing list