[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 18 21:21:59 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae44266a by Salvatore Bonaccorso at 2025-06-18T22:20:34+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-6240 (Improper Input Validation vulnerability in Profisee on Windows (filesy ...)
-	TODO: check
+	NOT-FOR-US: Profisee
 CVE-2025-6220 (The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-6086 (The CSV Me plugin for WordPress is vulnerable to arbitrary file upload ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5981 (Arbitrary file write as the OSV-SCALIBR user on the host system via a  ...)
-	TODO: check
+	NOT-FOR-US: OSV-SCALIBR
 CVE-2025-5237 (The Target Video Easy Publish plugin for WordPress is vulnerable to St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4821 (Impact  Cloudflare quiche was discovered to be vulnerable to incorrect ...)
@@ -1570,7 +1570,7 @@ CVE-2025-5349 (Improper access control on the NetScaler Management Interface in
 CVE-2025-5291 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5141 (A binary in the BoKS Server Agent component of Fortra's Core Privilege ...)
-	TODO: check
+	NOT-FOR-US: BoKS
 CVE-2025-4879 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...)
 	NOT-FOR-US: Citrix
 CVE-2025-4754 (Insufficient Session Expiration vulnerability in ash-project ash_authe ...)
@@ -1586,7 +1586,7 @@ CVE-2025-49881 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-49880 (Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allo ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49879 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: themezaa Litho
 CVE-2025-49878 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49877 (Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileG ...)
@@ -1624,33 +1624,33 @@ CVE-2025-49855 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-49854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49850 (A Heap-based Buffer Overflow vulnerability exists within the parsing o ...)
-	TODO: check
+	NOT-FOR-US: LS Electric
 CVE-2025-49849 (An Out-of-bounds Read vulnerability exists within the parsing of PRJ f ...)
-	TODO: check
+	NOT-FOR-US: LS Electric
 CVE-2025-49848 (An Out-of-bounds Write vulnerability exists within the parsing of PRJ  ...)
-	TODO: check
+	NOT-FOR-US: LS Electric
 CVE-2025-49847 (llama.cpp is an inference of several LLM models in C/C++. Prior to ver ...)
 	TODO: check
 CVE-2025-49842 (conda-forge-webservices is the web app deployed to run conda-forge adm ...)
-	TODO: check
+	NOT-FOR-US: conda-forge-webservices
 CVE-2025-49508 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49487 (An uncontrolled search path vulnerability in the Trend Micro Worry-Fre ...)
 	NOT-FOR-US: Trend Micro
 CVE-2025-49452 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49451 (Path Traversal vulnerability in yannisraft Aeroscroll Gallery \u2013 I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49447 (Unrestricted Upload of File with Dangerous Type vulnerability in Fastw ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49444 (Unrestricted Upload of File with Dangerous Type vulnerability in merku ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49415 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49331 (Deserialization of Untrusted Data vulnerability in impleCode eCommerce ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49330 (Deserialization of Untrusted Data vulnerability in CRM Perks Integrati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49316 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49312 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae44266a8751a6c788a9a198ff427f49565bf5ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae44266a8751a6c788a9a198ff427f49565bf5ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250618/f5f1b416/attachment.htm>

More information about the debian-security-tracker-commits mailing list