[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Sat Jul 12 21:29:49 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d61862e2 by Salvatore Bonaccorso at 2025-07-12T22:25:41+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,7 +80,7 @@ CVE-2025-6058 (The WPBookit plugin for WordPress is vulnerable to arbitrary file
 CVE-2025-6057 (The WPBookit plugin for WordPress is vulnerable to arbitrary file uplo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5199 (In Canonical Multipass up to and including version 1.15.1 on macOS, in ...)
-	TODO: check
+	NOT-FOR-US: Canonical Multipass
 CVE-2025-53879
 	REJECTED
 CVE-2025-53878
@@ -110,7 +110,7 @@ CVE-2024-38648 (A hardcoded secret in Ivanti DSM before 2024.2 allows an authent
 CVE-2023-39339 (A vulnerability exists on all versions of Ivanti Policy Secure below 2 ...)
 	NOT-FOR-US: Ivanti
 CVE-2023-39338 (Enables an authenticated user (enrolled device) to access a service pr ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-38036 (A security vulnerability within Ivanti Avalanche Manager before versio ...)
 	NOT-FOR-US: Ivanti
 CVE-2025-7503 (An OEM IP camera manufactured by Shenzhen Liandian Communication Techn ...)
@@ -128,13 +128,13 @@ CVE-2025-7452 (A vulnerability was found in kone-net go-chat up to f9e58d0afa9bb
 CVE-2025-7450 (A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has be ...)
 	NOT-FOR-US: letseeqiji gorobbs
 CVE-2025-7029 (A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) all ...)
-	TODO: check
+	NOT-FOR-US: Gigabyte UEFI firmware
 CVE-2025-7028 (A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) all ...)
-	TODO: check
+	NOT-FOR-US: Gigabyte UEFI firmware
 CVE-2025-7027 (A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) all ...)
-	TODO: check
+	NOT-FOR-US: Gigabyte UEFI firmware
 CVE-2025-7026 (A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) all ...)
-	TODO: check
+	NOT-FOR-US: Gigabyte UEFI firmware
 CVE-2025-6851 (The Broken Link Notifier plugin for WordPress is vulnerable to Server- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-6838 (The Broken Link Notifier plugin for WordPress is vulnerable to CSV Inj ...)
@@ -222,7 +222,7 @@ CVE-2025-45582 (GNU Tar through 1.35 allows file overwrite via directory travers
 CVE-2025-43856 (immich is a high performance self-hosted photo and video management so ...)
 	NOT-FOR-US: immich
 CVE-2025-3933 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
-	TODO: check
+	NOT-FOR-US: Hugging Face Transformers
 CVE-2025-3631 (An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cau ...)
 	NOT-FOR-US: IBM
 CVE-2025-30661 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d61862e20c19b041fb61a2ac9675096bc7a16c54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d61862e20c19b041fb61a2ac9675096bc7a16c54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250712/d0f2326e/attachment.htm>
