[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Jun 11 13:31:38 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59cdb015 by Salvatore Bonaccorso at 2025-06-11T14:29:45+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,7 +22,7 @@ CVE-2025-4798 (The WP-DownloadManager plugin for WordPress is vulnerable to arbi
 CVE-2025-4666 (The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4275 (Running the provided utility changes the certificate on any Insyde BIO ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2025-49793
 	REJECTED
 CVE-2025-49792
@@ -42,9 +42,9 @@ CVE-2025-49786
 CVE-2025-49785
 	REJECTED
 CVE-2025-47849 (A privilege escalation vulnerability exists in Apache CloudStack versi ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2025-47713 (A privilege escalation vulnerability exists in Apache CloudStack versi ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2025-47117 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2025-47116 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
@@ -500,17 +500,17 @@ CVE-2025-46837 (Adobe Experience Manager versions 6.5.22 and earlier are affecte
 CVE-2025-35940 (The ArchiverSpaApiASP.NET  application uses a hard-coded JWT signing k ...)
 	TODO: check
 CVE-2025-32717 (Heap-based buffer overflow in Microsoft Office Word allows an unauthor ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-30675 (In Apache CloudStack, a flaw in access control affects the listTemplat ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2025-29756 (SunGrow's back end users system  iSolarCloud https://isolarcloud.com u ...)
-	TODO: check
+	NOT-FOR-US: iSolarCloud
 CVE-2025-26521 (When an Apache CloudStack user-account creates a CKS-based Kubernetes  ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2025-22829 (The CloudStack Quota plugin has an improper privilege management logic ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack (CloudStack Quota plugin)
 CVE-2025-1055 (A vulnerability in the K7RKScan.sys driver, part of the K7 Security An ...)
-	TODO: check
+	NOT-FOR-US: K7 Security Anti-Malware suite
 CVE-2024-9062 (The Archify application contains a local privilege escalation vulnerab ...)
 	TODO: check
 CVE-2024-8270 (The macOS Rocket.Chat application is affected by a vulnerability that  ...)
@@ -522,7 +522,7 @@ CVE-2024-35295 (A vulnerability has been identified in Perfect Harmony GH180 (Al
 CVE-2024-1244 (Improper input validation in the OSSEC HIDS agent for Windows prior to ...)
 	TODO: check
 CVE-2024-1243 (Improper input validation in the Wazuh agent for Windows prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Wazuh agent for Windows
 CVE-2025-5986
 	- thunderbird <unfixed>
 	[bookworm] - thunderbird <postponed> (Minor issue, fix along with June update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59cdb0156b280837c90ebae2ece239195698d268

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59cdb0156b280837c90ebae2ece239195698d268
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250611/c36139b4/attachment.htm>
