[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 18 09:17:20 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a7609e5 by Salvatore Bonaccorso at 2025-04-18T10:16:57+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,11 +7,11 @@ CVE-2025-40114 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-40014 (In the Linux kernel, the following vulnerability has been resolved:  o ...)
 	TODO: check
 CVE-2025-3783 (A vulnerability classified as critical was found in SourceCodester Web ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-3598 (The Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3520 (The Avatar plugin for WordPress is vulnerable to arbitrary file deleti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-3509 (A Remote Code Execution (RCE) vulnerability was identified in GitHub E ...)
 	TODO: check
 CVE-2025-3246 (An improper neutralization of input vulnerability was identified in Gi ...)
@@ -33,11 +33,11 @@ CVE-2025-39728 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-39688 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	TODO: check
 CVE-2025-39471 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-39470 (Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allo ...)
 	TODO: check
 CVE-2025-39469 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-38637 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	TODO: check
 CVE-2025-38575 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
@@ -61,9 +61,9 @@ CVE-2025-37860 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-37785 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	TODO: check
 CVE-2025-2613 (The Login Manager \u2013 Design Login Page, View Login Activity, Limit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2162 (The MapPress Maps for WordPress plugin before 2.94.10 does not sanitis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-29461 (An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensit ...)
 	TODO: check
 CVE-2025-29460 (An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive i ...)
@@ -91,15 +91,15 @@ CVE-2025-29450 (An issue in twonav v.2.1.18-20241105 allows a remote attacker to
 CVE-2025-29449 (An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtai ...)
 	TODO: check
 CVE-2025-25427 (A Stored cross-site scripting (XSS) vulnerability in upnp page of the  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-1863 (Insecure default settings have been found in recorder products provide ...)
 	TODO: check
 CVE-2025-0467 (Kernel software installed and running inside a Guest VM may exploit me ...)
-	TODO: check
+	NOT-FOR-US: Imagination Technologies
 CVE-2024-26014
 	REJECTED
 CVE-2024-13650 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-42178 (HCL MyXalytics is affected by a failure to restrict URL access vulnera ...)
 	NOT-FOR-US: HCL MyXalytics
 CVE-2025-43015 (In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports ...)
@@ -447,9 +447,9 @@ CVE-2025-31006 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-2947 (IBM i 7.6  contains a privilege escalation vulnerability due to incorr ...)
 	NOT-FOR-US: IBM
 CVE-2025-2197 (Browser is affected by type confusion vulnerability, successful exploi ...)
-	TODO: check
+	NOT-FOR-US: Honor
 CVE-2025-2188 (There is a whitelist mechanism bypass in GameCenter ,successful exploi ...)
-	TODO: check
+	NOT-FOR-US: Honor
 CVE-2025-29931 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
 	NOT-FOR-US: Siemens
 CVE-2025-29722 (A CSRF vulnerability in Commercify v1.0 allows remote attackers to per ...)
@@ -639,7 +639,7 @@ CVE-2025-22565 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-22340 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-1532 (Phoneservice module is affected by code injection vulnerability, succe ...)
-	TODO: check
+	NOT-FOR-US: Honor
 CVE-2024-56518 (Hazelcast Management Center through 6.0 allows remote code execution v ...)
 	NOT-FOR-US: Hazelcast Management Center
 CVE-2024-55238 (OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7609e50bdc0604e7182ad41dcfb319ad7977d0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7609e50bdc0604e7182ad41dcfb319ad7977d0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/70aa94d2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list