[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 29 17:07:31 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a91cd7ad by Salvatore Bonaccorso at 2025-07-29T18:06:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-8264 (Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: z-push/z-push-dev
 CVE-2025-7811 (The StreamWeasels YouTube Integration plugin for WordPress is vulnerab ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7810 (The StreamWeasels Kick Integration plugin for WordPress is vulnerable  ...)
@@ -9,15 +9,15 @@ CVE-2025-7809 (The StreamWeasels Twitch Integration plugin for WordPress is vuln
 CVE-2025-6495 (The Bricks theme for WordPress is vulnerable to blind SQL Injection vi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-54769 (An authenticated, read-only user can upload a file and perform a direc ...)
-	TODO: check
+	NOT-FOR-US: LPAR2RRD
 CVE-2025-54768 (An API endpoint that should be limited to web application administrato ...)
-	TODO: check
+	NOT-FOR-US: LPAR2RRD
 CVE-2025-54767 (An authenticated, read-only user can kill any processes running on the ...)
-	TODO: check
+	NOT-FOR-US: LPAR2RRD
 CVE-2025-54766 (An API endpoint that should be limited to web application administrato ...)
-	TODO: check
+	NOT-FOR-US: XorMon-NG
 CVE-2025-54765 (An API endpoint that should be limited to web application administrato ...)
-	TODO: check
+	NOT-FOR-US: XorMon-NG
 CVE-2025-54666
 	REJECTED
 CVE-2025-54665
@@ -31,27 +31,27 @@ CVE-2025-54662
 CVE-2025-54661
 	REJECTED
 CVE-2025-54429 (Polkadot Frontier is an Ethereum and EVM compatibility layer for Polka ...)
-	TODO: check
+	NOT-FOR-US: Polkadot Frontier
 CVE-2025-54428 (RevelaCode is an AI-powered faith-tech project that decodes biblical v ...)
-	TODO: check
+	NOT-FOR-US: RevelaCode
 CVE-2025-54427 (Polkadot Frontier is an Ethereum and EVM compatibility layer for Polka ...)
-	TODO: check
+	NOT-FOR-US: Polkadot Frontier
 CVE-2025-54426 (Polkadot Frontier is an Ethereum and EVM compatibility layer for Polka ...)
-	TODO: check
+	NOT-FOR-US: Polkadot Frontier
 CVE-2025-53649 ("SwitchBot" App for iOS/Android contains an insertion of sensitive inf ...)
-	TODO: check
+	NOT-FOR-US: "SwitchBot" App for iOS/Android
 CVE-2025-53082 (An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) al ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-53081 (An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) al ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-53080 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-53079 (Absolute Path Traversal in Samsung DMS(Data Management Server) allows  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-53078 (Deserialization of Untrusted Data in Samsung DMS(Data Management Serve ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-53077 (An execution after redirect in Samsung DMS(Data Management Server) all ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-4566 (The Elementor Website Builder \u2013 More Than Just a Page Builder plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4370 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to li ...)
@@ -64,7 +64,7 @@ CVE-2025-8283 (A vulnerability was found in the netavark package, a network stac
 	NOTE: Introduced with: https://github.com/containers/netavark/commit/9035c677338a62a21ab58698527e9756ce1de842 (v1.15.0)
 	NOTE: Fixed by: https://github.com/containers/netavark/commit/03f12695a696c7fe407eefebd7d5ad3cf2e934fe
 CVE-2025-8279 (Insufficient input validation within GitLab Language Server 7.6.0 and  ...)
-	TODO: check
+	NOT-FOR-US: GitLab Language Server
 CVE-2025-8275 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: bsc Peru Cocktails App
 CVE-2025-8274 (A vulnerability classified as critical was found in Campcodes Online R ...)
@@ -131,7 +131,7 @@ CVE-2025-54528 (In JetBrains TeamCity before 2025.07 a CSRF was possible in GitH
 CVE-2025-54527 (In JetBrains YouTrack before 2025.2.86935,  2025.2.87167,  2025.3.8734 ...)
 	NOT-FOR-US: JetBrains
 CVE-2025-54423 (copyparty is a portable file server. In versions up to and including v ...)
-	TODO: check
+	NOT-FOR-US: copyparty
 CVE-2025-54419 (A SAML library not dependent on any frameworks that runs in Node. In v ...)
 	NOT-FOR-US: Node saml
 CVE-2025-54418 (CodeIgniter is a PHP full-stack web framework. A command injection vul ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a91cd7ad11e84ed02d236773050e0b269035199e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a91cd7ad11e84ed02d236773050e0b269035199e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250729/c81c036a/attachment.htm>

More information about the debian-security-tracker-commits mailing list