[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e1233c2 by Salvatore Bonaccorso at 2025-12-15T22:33:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,20 +61,20 @@ CVE-2025-37731 (Improper Authentication in Elasticsearch PKI realm can lead to u
 CVE-2025-36360 (IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3 ...)
 	NOT-FOR-US: IBM
 CVE-2025-34412 (The Convercent Whistleblowing Platform operated by EQS Group contains  ...)
-	TODO: check
+	NOT-FOR-US: Convercent Whistleblowing Platform
 CVE-2025-34411 (The Convercent Whistleblowing Platform operated by EQS Group exposes a ...)
-	TODO: check
+	NOT-FOR-US: Convercent Whistleblowing Platform
 CVE-2025-34181 (NetSupport Manager< 14.12.0001 contains an arbitrary file write vulner ...)
-	TODO: check
+	NOT-FOR-US: NetSupport Manager
 CVE-2025-34180 (NetSupport Manager< 14.12.0001  relies on a shared Gateway Key for aut ...)
-	TODO: check
+	NOT-FOR-US: NetSupport Manager
 CVE-2025-34179 (NetSupport Manager <14.12.0001contains an unauthenticated SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: NetSupport Manager
 CVE-2025-14714 (An Authentication Bypass vulnerability existed where the application b ...)
 	- libreoffice <not-affected> (Only affects LibreOffice on MacOS)
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714
 CVE-2025-14711 (A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fa ...)
-	TODO: check
+	NOT-FOR-US: FantasticLBP Hotels Server
 CVE-2025-14503 (An overly-permissive IAM trust policy in the Harmonix on AWS framework ...)
 	NOT-FOR-US: Amazon
 CVE-2025-14387 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
@@ -86,13 +86,13 @@ CVE-2025-14156 (The Fox LMS \u2013 WordPress LMS Plugin plugin for WordPress is
 CVE-2025-14148 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authent ...)
 	NOT-FOR-US: IBM
 CVE-2025-14038 (EDB Hybrid Manager contains a flaw that allows an unauthenticated atta ...)
-	TODO: check
+	NOT-FOR-US: EDB Hybrid Manager
 CVE-2025-14003 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13950 (The OneSignal \u2013 Web Push Notifications plugin for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13888 (A flaw was found in OpenShift GitOps. Namespace admins can create Argo ...)
-	TODO: check
+	NOT-FOR-US: OpenShift GitOps
 CVE-2025-13824 (A security issue exists due to improper handling of malformed CIP pack ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2025-13823 (A security issue was found in the IPv6 stack in the Micro850 and Micro ...)
@@ -116,11 +116,11 @@ CVE-2025-11670 (Zohocorp ManageEngine ADManager Plus versions before 8025 are vu
 CVE-2025-11393 (A flaw was found in runtimes-inventory-rhel8-operator. An internal pro ...)
 	TODO: check
 CVE-2024-44599 (FNT Command 13.4.0 is vulnerable to Directory Traversal.)
-	TODO: check
+	NOT-FOR-US: FNT Command
 CVE-2024-44598 (FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Modu ...)
-	TODO: check
+	NOT-FOR-US: FNT Command
 CVE-2023-36337 (A reflected cross-site scripting (XSS) vulnerability in the component  ...)
-	TODO: check
+	NOT-FOR-US: PHP Inventory Management System
 CVE-2025-67907
 	REJECTED
 CVE-2025-67906 (In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1233c26867035e35f587906d38ebb5761289ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1233c26867035e35f587906d38ebb5761289ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251215/54db3a1a/attachment.htm>