[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 18 21:54:13 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d2deeb4 by Salvatore Bonaccorso at 2025-04-18T22:53:46+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2025-3795 (A vulnerability was found in DaiCuo 1.3.13. It has been rated as probl ...)
-	TODO: check
+	NOT-FOR-US: DaiCuo
 CVE-2025-3792 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2025-3791 (A vulnerability classified as critical was found in symisc UnQLite up  ...)
-	TODO: check
+	NOT-FOR-US: symisc UnQLite
 CVE-2025-3790 (A vulnerability classified as critical has been found in baseweb JSite ...)
-	TODO: check
+	NOT-FOR-US: baseweb JSite
 CVE-2025-3789 (A vulnerability was found in baseweb JSite 1.0. It has been rated as p ...)
-	TODO: check
+	NOT-FOR-US: baseweb JSite
 CVE-2025-3788 (A vulnerability was found in baseweb JSite 1.0. It has been declared a ...)
-	TODO: check
+	NOT-FOR-US: baseweb JSite
 CVE-2025-3787 (A vulnerability was found in PbootCMS 3.2.5. It has been classified as ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2025-3786 (A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classifi ...)
 	NOT-FOR-US: Tenda
 CVE-2025-3785 (A vulnerability has been found in D-Link DWR-M961 1.1.36 and classifie ...)
@@ -21,31 +21,31 @@ CVE-2025-3106 (The LA-Studio Element Kit for Elementor plugin for WordPress is v
 CVE-2025-3056 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-36625 (In Nessus versions prior to 10.8.4, a non-authenticated attacker could ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2025-32796 (Dify is an open-source LLM app development platform. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2025-32795 (Dify is an open-source LLM app development platform. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2025-32792 (SES safely executes third-party JavaScript 'strict' mode programs in c ...)
 	TODO: check
 CVE-2025-32790 (Dify is an open-source LLM app development platform. In versions 0.6.8 ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2025-32442 (Fastify is a fast and low overhead web framework, for Node.js. In vers ...)
 	TODO: check
 CVE-2025-32434 (PyTorch is a Python package that provides tensor computation with stro ...)
 	TODO: check
 CVE-2025-32389 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-32377 (Rasa Pro is a framework for building scalable, dynamic conversational  ...)
-	TODO: check
+	NOT-FOR-US: Rasa Pro
 CVE-2025-31120 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-31118 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-30357 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-30158 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-2950 (IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection  ...)
 	NOT-FOR-US: IBM
 CVE-2025-2492 (An improper authentication control vulnerability exists in AiCloud. Th ...)
@@ -53,53 +53,53 @@ CVE-2025-2492 (An improper authentication control vulnerability exists in AiClou
 CVE-2025-29953 (Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS ...)
 	TODO: check
 CVE-2025-29784 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC
 CVE-2025-29625 (A buffer overflow vulnerability in Astrolog v7.70 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: Astrolog
 CVE-2025-29513 (Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before a ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2025-29512 (Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before a ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2025-29209 (TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary com ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-28355 (Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site  ...)
-	TODO: check
+	NOT-FOR-US: Volmarg Personal Management System
 CVE-2025-28242 (Improper session management in the /login_ok.htm endpoint of DAEnetIP4 ...)
-	TODO: check
+	NOT-FOR-US: DAEnetIP4 METO
 CVE-2025-28238 (Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equi ...)
-	TODO: check
+	NOT-FOR-US: Elber REBLE310 Firmware
 CVE-2025-28237 (An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 all ...)
-	TODO: check
+	NOT-FOR-US: WorldCast Systems ECRESO FM/DAB/TV Transmitter
 CVE-2025-28236 (Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to ...)
-	TODO: check
+	NOT-FOR-US: Nautel VX Series transmitters VX SW
 CVE-2025-28235 (An information disclosure vulnerability in the component /socket.io/1/ ...)
-	TODO: check
+	NOT-FOR-US: Soundcraft Ui
 CVE-2025-28233 (Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990)  ...)
-	TODO: check
+	NOT-FOR-US: BW Broadcast
 CVE-2025-28232 (Incorrect access control in the HOME.php endpoint of JMBroadcast JMB01 ...)
-	TODO: check
+	NOT-FOR-US: JMBroadcast JMB0150 Firmware
 CVE-2025-28231 (Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Itel Electronics IP Stream
 CVE-2025-28230 (Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: JMBroadcast JMB0150 Firmware
 CVE-2025-28229 (Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and S ...)
-	TODO: check
+	NOT-FOR-US: Orban OPTIMOD 5950 Firmware
 CVE-2025-28228 (A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medi ...)
-	TODO: check
+	NOT-FOR-US: Electrolink Medium DAB Transmitter
 CVE-2025-28197 (Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher ...)
-	TODO: check
+	NOT-FOR-US: Crawl4AI
 CVE-2025-28059 (An access control vulnerability in Nagios Network Analyzer 2024R1.0.3  ...)
-	TODO: check
+	NOT-FOR-US: Nagios Network Analyzer
 CVE-2025-27599 (Element X Android is a Matrix Android Client provided by element.io. P ...)
 	TODO: check
 CVE-2025-25985 (An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_H ...)
-	TODO: check
+	NOT-FOR-US: Macro-video Technologies
 CVE-2025-25984 (An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_H ...)
-	TODO: check
+	NOT-FOR-US: Macro-video Technologies
 CVE-2025-25983 (An issue in Macro-video Technologies Co.,Ltd V380 Pro android applicat ...)
-	TODO: check
+	NOT-FOR-US: Macro-video Technologies
 CVE-2025-24914 (When installing Nessus to a non-default location on a Windows host, Ne ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2025-1697 (A potential security vulnerability has been identified in the HP Touch ...)
 	NOT-FOR-US: HP
 CVE-2024-57493 (An issue in redoxOS relibc before commit 98aa4ea5 allows a local attac ...)
@@ -107,13 +107,13 @@ CVE-2024-57493 (An issue in redoxOS relibc before commit 98aa4ea5 allows a local
 CVE-2024-49808 (IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could ...)
 	NOT-FOR-US: IBM
 CVE-2024-46089 (74cms <=3.33 is vulnerable to remote code execution (RCE) in the backg ...)
-	TODO: check
+	NOT-FOR-US: 74cms
 CVE-2024-45651 (IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0   doe ...)
 	NOT-FOR-US: IBM
 CVE-2024-41447 (A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v ...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCMS
 CVE-2024-29643 (An issue in croogo v.3.0.2 allows an attacker to perform Host header i ...)
-	TODO: check
+	NOT-FOR-US: croogo
 CVE-2024-11421
 	REJECTED
 CVE-2025-37838 (In the Linux kernel, the following vulnerability has been resolved:  H ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2deeb4677e5c21f69d22068eefbc9a5cee7360

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2deeb4677e5c21f69d22068eefbc9a5cee7360
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/142295e0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list