[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08c6e981 by Moritz Muehlenhoff at 2025-06-12T12:46:35+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,9 +41,9 @@ CVE-2023-36636
 CVE-2022-4976 (Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundl ...)
 	TODO: check
 CVE-2025-6002 (An unrestricted file upload vulnerability exists in the Product Image  ...)
-	TODO: check
+	NOT-FOR-US: VirtueMart
 CVE-2025-6001 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the produc ...)
-	TODO: check
+	NOT-FOR-US: VirtueMart
 CVE-2025-5687 (A vulnerability in Mozilla VPN on macOS allows privilege escalation fr ...)
 	NOT-FOR-US: Mozilla VPN on macOS
 CVE-2025-5144 (The The Events Calendar plugin for WordPress is vulnerable to Stored C ...)
@@ -59,9 +59,9 @@ CVE-2025-4315 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for
 CVE-2025-4128 (Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to proper ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2025-49150 (Cursor is a code editor built for programming with AI. Prior to 0.51.0 ...)
-	TODO: check
+	NOT-FOR-US: Cursor
 CVE-2025-49148 (ClipShare is a lightweight and cross-platform tool for clipboard shari ...)
-	TODO: check
+	NOT-FOR-US: ClipShare
 CVE-2025-49146 (pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until ...)
 	- libpgjava <unfixed> (bug #1107696)
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54
@@ -79,11 +79,11 @@ CVE-2025-48444 (Missing Authorization vulnerability in Drupal Quick Node Block a
 CVE-2025-48013 (Missing Authorization vulnerability in Drupal Quick Node Block allows  ...)
 	NOT-FOR-US: Drupal core and addons
 CVE-2025-41663 (An unauthenticated remote attacker in a man-in-the-middle position can ...)
-	TODO: check
+	NOT-FOR-US: Weidmueller
 CVE-2025-41662 (An unauthenticated remote attacker can execute arbitrary commands with ...)
-	TODO: check
+	NOT-FOR-US: Weidmueller
 CVE-2025-41661 (An unauthenticated remote attacker can execute arbitrary commands with ...)
-	TODO: check
+	NOT-FOR-US: Weidmueller
 CVE-2025-40915 (Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number sour ...)
 	NOT-FOR-US: Mojolicious::Plugin::CSRF Perl module
 CVE-2025-40914 (Perl CryptX before version 0.087 contains a dependency that may be sus ...)
@@ -106,7 +106,7 @@ CVE-2025-3473 (IBM Security Guardium 12.1 could allow a local privileged user to
 CVE-2025-3302 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-35941 (A password is exposed locally.)
-	TODO: check
+	NOT-FOR-US: mySCADA
 CVE-2025-32711 (Ai command injection in M365 Copilot allows an unauthorized attacker t ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-32466 (A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08c6e9815883ec9a7b84c767e64c17ad56522185

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08c6e9815883ec9a7b84c767e64c17ad56522185
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/28b6e91c/attachment.htm>