[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 21 08:38:49 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a667b18 by Salvatore Bonaccorso at 2025-02-21T09:38:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2025-27100 (lakeFS is an open-source tool that transforms your object storage into ...)
-	TODO: check
+	NOT-FOR-US: lakeFS
 CVE-2025-27098 (GraphQL Mesh is a GraphQL Federation framework and gateway for both Gr ...)
-	TODO: check
+	NOT-FOR-US: GraphQL Mesh
 CVE-2025-27097 (GraphQL Mesh is a GraphQL Federation framework and gateway for both Gr ...)
-	TODO: check
+	NOT-FOR-US: GraphQL Mesh
 CVE-2025-27088 (oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected vers ...)
-	TODO: check
+	NOT-FOR-US: oxyno-zeta/s3-proxy
 CVE-2025-25960 (Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote ...)
-	TODO: check
+	NOT-FOR-US: phpcmsv9
 CVE-2025-25958 (Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remo ...)
-	TODO: check
+	NOT-FOR-US: phpcmsv9
 CVE-2025-25957 (Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before a ...)
-	TODO: check
+	NOT-FOR-US: Xunruicms
 CVE-2025-25679 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25678 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25676 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25675 (Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility lo ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25674 (Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_ ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25668 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25667 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25664 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25663 (A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-25662 (Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-22973 (An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain s ...)
-	TODO: check
+	NOT-FOR-US: QiboSoft QiboCMS
 CVE-2025-1407 (The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cro ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1406 (The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-S ...)
@@ -43,9 +43,9 @@ CVE-2025-1001 (Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the
 CVE-2024-7131
 	REJECTED
 CVE-2024-54756 (A remote code execution (RCE) vulnerability in the ZScript function of ...)
-	TODO: check
+	NOT-FOR-US: ZDoom Team GZDoom
 CVE-2024-38657 (External control of a file name in Ivanti Connect Secure before versio ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13883 (The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13818 (The Registration Forms \u2013 User Registration Forms, Invitation-Base ...)
@@ -55,7 +55,7 @@ CVE-2024-13751 (The 3D Photo Gallery plugin for WordPress is vulnerable to Store
 CVE-2024-13672 (The Mini Course Generator | Embed mini-courses and interactive content ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13585 (The Ajax Search Lite  WordPress plugin before 4.12.5 does not sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13537 (The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13388 (The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cross-Si ...)
@@ -63,7 +63,7 @@ CVE-2024-13388 (The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cr
 CVE-2024-13379 (The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13314 (The Carousel, Slider, Gallery by WP Carousel  WordPress plugin before  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13235 (The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11260 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
@@ -104,7 +104,7 @@ CVE-2025-21106 (Dell Recover Point for Virtual Machines 6.0.X contains a Weak fi
 CVE-2025-21105 (Dell RecoverPoint for Virtual Machines 6.0.X contains a command execut ...)
 	NOT-FOR-US: Dell
 CVE-2025-20059 (Relative Path Traversal vulnerability in Ping Identity PingAM Java Pol ...)
-	TODO: check
+	NOT-FOR-US: Ping Identity PingAM Java Policy Agent
 CVE-2025-1483 (The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1328 (The Typed JS: A typewriter style animation plugin for WordPress is vul ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a667b1812eda23a1624b065ce3eb40bb7675a75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a667b1812eda23a1624b065ce3eb40bb7675a75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250221/09c3341d/attachment.htm>

More information about the debian-security-tracker-commits mailing list