[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 6 20:16:23 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd4120c7 by Salvatore Bonaccorso at 2025-07-06T21:15:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,7 +38,7 @@ CVE-2025-2504
 CVE-2025-2422
 	REJECTED
 CVE-2025-27446 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Apache APISIX
 CVE-2025-1990
 	REJECTED
 CVE-2025-1772
@@ -141,31 +141,31 @@ CVE-2025-53605 (The protobuf crate before 3.7.2 for Rust allows uncontrolled rec
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0437.html
 	NOTE: https://github.com/stepancheg/rust-protobuf/issues/749
 CVE-2025-53604 (The web-push crate before 0.10.3 for Rust allows a denial of service ( ...)
-	TODO: check
+	NOT-FOR-US: web-push Rust crate
 CVE-2025-53603 (In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHas ...)
 	- sogo <unfixed> (bug #1108798)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/07/02/3
 	NOTE: https://github.com/Alinto/sope/pull/69
 CVE-2025-53602 (Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use ...)
-	TODO: check
+	NOT-FOR-US: Zipkin
 CVE-2025-53366 (The MCP Python SDK, called `mcp` on PyPI, is a Python implementation o ...)
-	TODO: check
+	NOT-FOR-US: MCP Python SDK
 CVE-2025-53365 (The MCP Python SDK, called `mcp` on PyPI, is a Python implementation o ...)
-	TODO: check
+	NOT-FOR-US: MCP Python SDK
 CVE-2025-48952 (NetAlertX is a network, presence scanner, and alert framework. Prior t ...)
-	TODO: check
+	NOT-FOR-US: NetAlertX
 CVE-2025-47228 (In the Production Environment extension in Netmake ScriptCase through  ...)
-	TODO: check
+	NOT-FOR-US: Netmake ScriptCase
 CVE-2025-47227 (In the Production Environment extension in Netmake ScriptCase through  ...)
-	TODO: check
+	NOT-FOR-US: Netmake ScriptCase
 CVE-2025-43711 (Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allow ...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2025-26850 (The agent in Quest KACE Systems Management Appliance (SMA) before 14.0 ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Systems Management Appliance (SMA)
 CVE-2024-58254
 	REJECTED
 CVE-2023-50786 (Dradis through 4.16.0 allows referencing external images (resources) o ...)
-	TODO: check
+	NOT-FOR-US: Dradis
 CVE-2025-47917
 	- mbedtls <unfixed> (bug #1108791)
 	NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md
@@ -261,7 +261,7 @@ CVE-2025-50039 (Missing Authorization vulnerability in vgwort VG WORT METIS allo
 CVE-2025-50032 (Missing Authorization vulnerability in Paytiko - Payment Orchestration ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4414 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49870 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-49867 (Incorrect Privilege Assignment vulnerability in InspiryThemes RealHome ...)
@@ -336,7 +336,7 @@ CVE-2025-30947 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-30943 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30933 (Unrestricted Upload of File with Dangerous Type vulnerability in Liqui ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-30929 (Missing Authorization vulnerability in amazewp fluXtore allows Exploit ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-29012 (Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Ad ...)
@@ -348,11 +348,11 @@ CVE-2025-29001 (Missing Authorization vulnerability in ZoomIt WooCommerce Shop P
 CVE-2025-28983 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28980 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-28978 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28976 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-28971 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28969 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -374,7 +374,7 @@ CVE-2025-27326 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-26591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24780 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-24771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24764 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -388,9 +388,9 @@ CVE-2025-24735 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-23972 (Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Conta ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme Service Find ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The bearer tok ...)
-	TODO: check
+	NOT-FOR-US: Red Hat OpenShift Jenkins
 CVE-2025-27465 [x86: Incorrect stubs exception handling for flags recovery]
 	- xen <unfixed>
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4120c761a36de982f40313c56cdfce384b737f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4120c761a36de982f40313c56cdfce384b737f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250706/2916de85/attachment.htm>

More information about the debian-security-tracker-commits mailing list