[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 25 04:51:58 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fce0e3fe by Salvatore Bonaccorso at 2025-04-25T05:51:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -187,9 +187,9 @@ CVE-2025-43859 (h11 is a Python implementation of HTTP/1.1. Prior to version 0.1
 	NOTE: https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
 	NOTE: Fixed by: https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f (v0.16.0)
 CVE-2025-43858 (YoutubeDLSharp is a wrapper for the command-line video downloaders you ...)
-	TODO: check
+	NOT-FOR-US: YoutubeDLSharp
 CVE-2025-43855 (tRPC allows users to build & consume fully typesafe APIs without schem ...)
-	TODO: check
+	NOT-FOR-US: tRPC
 CVE-2025-3872 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-3832 (The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site S ...)
@@ -267,7 +267,7 @@ CVE-2025-29568 (A vulnerability has been discovered in the code-projects Online
 CVE-2025-27820 (A bug in PSL validation logic in Apache HttpClient 5.4.x disables doma ...)
 	TODO: check
 CVE-2025-26382 (Under certain circumstances the iSTAR Configuration Utility (ICU) tool ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2025-1284 (The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Goog ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-30148 (Improper access control of endpoint in HCL Leap allows certain admin u ...)
@@ -285,11 +285,11 @@ CVE-2023-45720 (Insufficient default configuration in HCL Leap allows anonymous
 CVE-2023-37534 (Insufficient URI protocol whitelist in HCL Leap allows script injectio ...)
 	NOT-FOR-US: HCL
 CVE-2021-47664 (Due to improper authentication mechanism an unauthenticated remote att ...)
-	TODO: check
+	NOT-FOR-US: Franka Robotics
 CVE-2021-47663 (Due to improperJSON Web Tokens implementation an unauthenticated remot ...)
-	TODO: check
+	NOT-FOR-US: Franka Robotics
 CVE-2021-47662 (Due to missing authorization an unauthenticated remote attackercan cau ...)
-	TODO: check
+	NOT-FOR-US: Franka Robotics
 CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP pac ...)
 	NOT-FOR-US: Westermo WeOS
 CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include ssl. Con ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fce0e3fe41be76e132912abd00617c5327ec2301

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fce0e3fe41be76e132912abd00617c5327ec2301
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250425/a3ef2741/attachment.htm>

More information about the debian-security-tracker-commits mailing list