[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 25 21:23:00 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4db5a86 by Salvatore Bonaccorso at 2025-04-25T22:22:33+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2025-46433 (In JetBrains TeamCity before 2025.03.1 improper path validation
 CVE-2025-46432 (In JetBrains TeamCity before 2025.03.1 base64-encoded credentials coul ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-43862 (Dify is an open-source LLM app development platform. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2025-43016 (In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arb ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-3935 (ScreenConnect versions 25.2.3 and earlier versions may be susceptible  ...)
-	TODO: check
+	NOT-FOR-US: ConnectWise ScreenConnect
 CVE-2025-3928 (Commvault Web Server has an unspecified vulnerability that can be expl ...)
-	TODO: check
+	NOT-FOR-US: Commvault Web Server
 CVE-2025-3912 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3870 (The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site  ...)
@@ -49,7 +49,7 @@ CVE-2025-3627 (A security vulnerability was discovered in Moodle that allows som
 CVE-2025-3625 (A security vulnerability was discovered in Moodle that can allow hacke ...)
 	- moodle <removed>
 CVE-2025-32432 (Craft is a flexible, user-friendly CMS for creating custom digital exp ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2025-32045 (A flaw has been identified in Moodle where insufficient capability che ...)
 	- moodle <removed>
 CVE-2025-32044 (A flaw has been identified in Moodle where, on certain sites, unauthen ...)
@@ -65,9 +65,9 @@ CVE-2025-2069 (A cross-site scripting vulnerability was reported in the FileZ cl
 CVE-2025-2068 (An open redirect vulnerability was reported in the FileZ client that c ...)
 	TODO: check
 CVE-2025-28354 (An issue in the Printer Manager Systm of Entrust Corp Printer Manager  ...)
-	TODO: check
+	NOT-FOR-US: Printer Manager Systm of Entrust Corp Printer Manager
 CVE-2025-28128 (An issue in Mytel Telecom Online Account System v1.0 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: Mytel Telecom Online Account System
 CVE-2025-28076 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 an ...)
 	TODO: check
 CVE-2025-25775 (Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injectio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4db5a867df4afd4314467f1195338b818893b5e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4db5a867df4afd4314467f1195338b818893b5e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250425/80def1f1/attachment.htm>

More information about the debian-security-tracker-commits mailing list