[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 17 16:34:08 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6dc2d9bb by Salvatore Bonaccorso at 2025-04-17T17:33:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-43717 (In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests direct ...)
-	TODO: check
+	NOT-FOR-US: PEAR HTTP_Request2
 CVE-2025-43715 (Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allow ...)
 	TODO: check
 CVE-2025-43708 (VisiCut 2.1 allows stack consumption via an XML document with nested s ...)
@@ -94,15 +94,15 @@ CVE-2025-1523 (The Ultimate Dashboard  WordPress plugin before 3.8.6 does not sa
 CVE-2025-1290 (A race condition Use-After-Free vulnerability exists in the virtio_tra ...)
 	NOT-FOR-US: ChromeOS
 CVE-2025-0758 (Overview    The product specifies permissions for a security-critical  ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
 CVE-2025-0757 (Overview        The software does not neutralize or incorrectly neutra ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
 CVE-2025-0756 (Overview         The product receives input from an upstream component ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Vantara Pentaho Data Integration & Analytics
 CVE-2024-55372 (Wallos <=2.38.2 has a file upload vulnerability in the restore databas ...)
-	TODO: check
+	NOT-FOR-US: Wallos
 CVE-2024-55371 (Wallos <= 2.38.2 has a file upload vulnerability in the restore backup ...)
-	TODO: check
+	NOT-FOR-US: Wallos
 CVE-2024-13925 (The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exp ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11924 (The Icegram Express formerly known as Email Subscribers  WordPress plu ...)
@@ -461,13 +461,13 @@ CVE-2025-20178 (A vulnerability in the web-based management interface of Cisco S
 CVE-2025-20150 (A vulnerability in Cisco Nexus Dashboard could allow an unauthenticate ...)
 	NOT-FOR-US: Cisco
 CVE-2025-1983 (A cross-site scripting (XSS) vulnerability in Ready_'s File Explorer u ...)
-	TODO: check
+	NOT-FOR-US: Ready OS
 CVE-2025-1982 (Local File Inclusion vulnerability in Ready's attachment upload panel  ...)
-	TODO: check
+	NOT-FOR-US: Ready OS
 CVE-2025-1981 (Improper neutralization of input provided by a low-privileged user int ...)
-	TODO: check
+	NOT-FOR-US: Ready OS
 CVE-2025-1980 (The Ready_ application's Profile section allows users to upload files  ...)
-	TODO: check
+	NOT-FOR-US: Ready OS
 CVE-2024-58249 (In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps  ...)
 	TODO: check
 CVE-2024-58248 (nopCommerce before 4.80.0 does not offer locking for order placement.  ...)
@@ -1372,7 +1372,7 @@ CVE-2025-0101 (A low privileged user can set the date of the devices to the 19th
 CVE-2024-49200 (An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde I ...)
 	NOT-FOR-US: InsydeH2O
 CVE-2024-44843 (An issue in the web socket handshake process of SteVe v3.7.1 allows at ...)
-	TODO: check
+	NOT-FOR-US: SteVe
 CVE-2024-13452 (The Contact Form by Supsystic plugin for WordPress is vulnerable to Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10680 (The Form Maker by 10Web  WordPress plugin before 1.15.32 does not sani ...)
@@ -1463,7 +1463,7 @@ CVE-2025-30962 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-30206 (Dpanel is a Docker visualization panel system which provides complete  ...)
 	NOT-FOR-US: Dpanel
 CVE-2025-2567 (An attacker could modify or disable settings, disrupt fuel monitoring  ...)
-	TODO: check
+	NOT-FOR-US: Lantronix Xport
 CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-29817 (Uncontrolled search path element in Power Automate allows an authorize ...)
@@ -1549,7 +1549,7 @@ CVE-2025-1292 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS
 CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0 ...)
 	NOT-FOR-US: ChromeOS
 CVE-2024-50960 (A command injection vulnerability in the Nmap diagnostic tool in the a ...)
-	TODO: check
+	NOT-FOR-US: Extron
 CVE-2024-45712 (SolarWinds Serv-U is vulnerable to a client-side cross-site scripting  ...)
 	NOT-FOR-US: SolarWinds
 CVE-2024-42200 (HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripti ...)
@@ -1629,7 +1629,7 @@ CVE-2025-32934
 CVE-2025-32933
 	REJECTED
 CVE-2025-32428 (Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a Ju ...)
-	TODO: check
+	NOT-FOR-US: Jupyter Remote Desktop Proxy
 CVE-2025-31494 (AutoGPT is a platform that allows users to create, deploy, and manage  ...)
 	NOT-FOR-US: AutoGPT
 CVE-2025-31491 (AutoGPT is a platform that allows users to create, deploy, and manage  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dc2d9bb7c04d186621706cf0e87d0cf7ec490d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dc2d9bb7c04d186621706cf0e87d0cf7ec490d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250417/5f70c17c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list