[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 24 21:25:09 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57ef7724 by Salvatore Bonaccorso at 2025-07-24T22:24:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,13 +41,13 @@ CVE-2025-6380 (The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privile
 CVE-2025-6262 (The muse.ai video embedding plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5243 (Unrestricted Upload of File with Dangerous Type, Improper Neutralizati ...)
-	TODO: check
+	NOT-FOR-US: Information Portal
 CVE-2025-5084 (The Post Grid Master plugin for WordPress is vulnerable to Reflected C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5039 (A maliciously crafted binary file, when present while loading files in ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-53084 (A cross-site scripting (xss) vulnerability exists in the videosList pa ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2025-51089 (Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at / ...)
 	NOT-FOR-US: Tenda
 CVE-2025-51088 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at  ...)
@@ -59,15 +59,15 @@ CVE-2025-51085 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overfl
 CVE-2025-51082 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at  ...)
 	NOT-FOR-US: Tenda
 CVE-2025-50128 (A cross-site scripting (xss) vulnerability exists in the videoNotFound ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2025-4822 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Bayraktar Solar Energies ScadaWatt Otopilot
 CVE-2025-4784 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Moderec Tourtella
 CVE-2025-4608 (The Structured Content plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-48732 (An incomplete blacklist exists in the .htaccess sample of WWBN AVideo  ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2025-47061 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2025-46996 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
@@ -75,19 +75,19 @@ CVE-2025-46996 (Adobe Experience Manager versions 6.5.22 and earlier are affecte
 CVE-2025-46993 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2025-46410 (A cross-site scripting (xss) vulnerability exists in the managerPlayli ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2025-45731 (A group deletion race condition in 2FAuth v5.5.0 causes data inconsist ...)
 	TODO: check
 CVE-2025-45702 (SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to  ...)
-	TODO: check
+	NOT-FOR-US: SoftPerfect Pty Ltd Connection Quality Monitor
 CVE-2025-41420 (A cross-site scripting (xss) vulnerability exists in the userLogin can ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2025-40680 (Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillar ...)
-	TODO: check
+	NOT-FOR-US: CapillaryScope
 CVE-2025-3669 (The Supreme Addons for Beaver Builder plugin for WordPress is vulnerab ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-36548 (A cross-site scripting (xss) vulnerability exists in the LoginWordPres ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2025-36005 (IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, ...)
 	NOT-FOR-US: IBM
 CVE-2025-33109 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalat ...)
@@ -95,7 +95,7 @@ CVE-2025-33109 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege e
 CVE-2025-33013 (IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, ...)
 	NOT-FOR-US: IBM
 CVE-2025-25214 (A race condition vulnerability exists in the aVideoEncoder.json.php un ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2025-8107 (In OceanBase's Oracle tenant mode, a malicious user with specific priv ...)
 	NOT-FOR-US: OceanBase
 CVE-2025-8009 (The Security Ninja \u2013 WordPress Security Plugin & Firewall plugin  ...)
@@ -376,7 +376,7 @@ CVE-2016-15045 (A local privilege escalation vulnerability exists in lastore-dae
 CVE-2015-10141 (An unauthenticated OS command injection vulnerability exists within Xd ...)
 	TODO: check
 CVE-2010-10012 (A path traversal vulnerability exists in httpdasm version 0.92, a ligh ...)
-	TODO: check
+	NOT-FOR-US: httpdasm
 CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr .. ...)
 	- apache2 2.4.65-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57ef772489374c683c4985168c04e3f835945faf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57ef772489374c683c4985168c04e3f835945faf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250724/99abeb9a/attachment.htm>

More information about the debian-security-tracker-commits mailing list