[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 3 20:43:10 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ee2d44f by Salvatore Bonaccorso at 2025-03-03T21:42:39+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-27501 (OpenZiti is a free and open source project focused on bringing zero tr ...)
- TODO: check
+ NOT-FOR-US: OpenZiti
CVE-2025-27500 (OpenZiti is a free and open source project focused on bringing zero tr ...)
- TODO: check
+ NOT-FOR-US: OpenZiti
CVE-2025-27499 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
NOT-FOR-US: WeGIA
CVE-2025-27498 (aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_pl ...)
@@ -9,9 +9,9 @@ CVE-2025-27498 (aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt
CVE-2025-27423 (Vim is an open source, command line text editor. Vim is distributed wi ...)
TODO: check
CVE-2025-27422 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
- TODO: check
+ NOT-FOR-US: FACTION
CVE-2025-27421 (Abacus is a highly scalable and stateless counting API. A critical gor ...)
- TODO: check
+ NOT-FOR-US: Abacus
CVE-2025-27420 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
NOT-FOR-US: WeGIA
CVE-2025-27419 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
@@ -25,81 +25,81 @@ CVE-2025-27371 (In certain IETF OAuth 2.0-related specifications, when the JSON
CVE-2025-27370 (OpenID Connect Core through 1.0 errata set 2 allows audience injection ...)
TODO: check
CVE-2025-27279 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27278 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27275 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27274 (Path Traversal vulnerability in NotFound GPX Viewer allows Path Traver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27273 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27271 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27270 (Missing Authorization vulnerability in NotFound Residential Address De ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27269 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27268 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27264 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27263 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27099 (Tuleap is an Open Source Suite to improve management of software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-27094 (Tuleap is an open-source suite designed to improve software developmen ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2025-26999 (Deserialization of Untrusted Data vulnerability in Metagauss ProfileGr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26994 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26988 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26970 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26967 (Deserialization of Untrusted Data vulnerability in Stiofan Events Cale ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26918 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26914 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26885 (Deserialization of Untrusted Data vulnerability in Brent Jett Assistan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26879 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26589 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26587 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26585 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26563 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26540 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26535 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26534 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26206 (Cross Site Request Forgery vulnerability in sell done storefront v.1.0 ...)
TODO: check
CVE-2025-25967 (Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery ( ...)
- TODO: check
+ NOT-FOR-US: Acora CMS
CVE-2025-25939 (Reprise License Manager 14.2 is vulnerable to reflected cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Reprise License Manager
CVE-2025-25303 (The MouseTooltipTranslator Chrome extension allows mouseover translati ...)
TODO: check
CVE-2025-25302 (Rembg is a tool to remove images background. In Rembg 2.0.57 and earli ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee2d44f7eb83d952b2f35e4713fc5304cecfcb5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee2d44f7eb83d952b2f35e4713fc5304cecfcb5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250303/e517c1ff/attachment.htm>
More information about the debian-security-tracker-commits
mailing list