[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 26 09:50:06 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59a0aae6 by Salvatore Bonaccorso at 2025-04-26T10:47:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-46333 (z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing  ...)
-	TODO: check
+	NOT-FOR-US: z2d
 CVE-2025-3915 (The Aeropage Sync for Airtable plugin for WordPress is vulnerable to u ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3914 (The Aeropage Sync for Airtable plugin for WordPress is vulnerable to a ...)
@@ -9,21 +9,21 @@ CVE-2025-3906 (The Integra\xe7\xe3o entre Eduzz e Woocommerce plugin for WordPre
 CVE-2025-3491 (The Add custom page template plugin for WordPress is vulnerable to PHP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-32986 (NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2025-32985 (NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that  ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2025-32984 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Script ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2025-32983 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Di ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2025-32982 (NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Sche ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2025-32981 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage  ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2025-32980 (NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration.)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2025-32979 (NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation  ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2025-2907 (The Order Delivery Date WordPress plugin before 12.3.1 does not have a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2851 (A vulnerability classified as critical has been found in GL.iNet GL-A1 ...)
@@ -101,17 +101,17 @@ CVE-2025-2986 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross
 CVE-2025-2470 (The Service Finder Bookings plugin for WordPress, used by the Service  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2070 (An improper XML parsing vulnerability was reported in the FileZ client ...)
-	TODO: check
+	NOT-FOR-US: FileZ
 CVE-2025-2069 (A cross-site scripting vulnerability was reported in the FileZ client  ...)
-	TODO: check
+	NOT-FOR-US: FileZ
 CVE-2025-2068 (An open redirect vulnerability was reported in the FileZ client that c ...)
-	TODO: check
+	NOT-FOR-US: FileZ
 CVE-2025-28354 (An issue in the Printer Manager Systm of Entrust Corp Printer Manager  ...)
 	NOT-FOR-US: Printer Manager Systm of Entrust Corp Printer Manager
 CVE-2025-28128 (An issue in Mytel Telecom Online Account System v1.0 allows attackers  ...)
 	NOT-FOR-US: Mytel Telecom Online Account System
 CVE-2025-28076 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 an ...)
-	TODO: check
+	NOT-FOR-US: EasyVirt DCScope
 CVE-2025-25775 (Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injectio ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-1565 (The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File  ...)
@@ -119,11 +119,11 @@ CVE-2025-1565 (The Mayosis Core plugin for WordPress is vulnerable to Arbitrary
 CVE-2025-1279 (The BM Content Builder plugin for WordPress is vulnerable to unauthori ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6199 (An unauthenticated attacker on the WAN interface, with the ability to  ...)
-	TODO: check
+	NOT-FOR-US: Viasat Modems
 CVE-2024-6198 (The device exposes a web interface on ports TCP/3030 and TCP/9882. Thi ...)
-	TODO: check
+	NOT-FOR-US: Viasat Modems
 CVE-2024-57375 (Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0- ...)
-	TODO: check
+	NOT-FOR-US: Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019)
 CVE-2024-56156 (Halo is an open source website building tool. Prior to version 2.20.13 ...)
 	TODO: check
 CVE-2024-30152 (HCL SX v21 is affected by usage of a weak cryptographic algorithm.  An ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a0aae60520fe77442bcc0986b40cbf4ea8e97f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a0aae60520fe77442bcc0986b40cbf4ea8e97f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250426/a6749685/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list