[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 6 20:35:35 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90970e11 by Salvatore Bonaccorso at 2025-03-06T21:35:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-2045 (Improper authorization in GitLab EE affecting all versions from 17.7 p ...)
 	TODO: check
 CVE-2025-2040 (A vulnerability classified as critical was found in zhijiantianya ruoy ...)
-	TODO: check
+	NOT-FOR-US: zhijiantianya ruoyi-vue-pro
 CVE-2025-2039 (A vulnerability classified as critical has been found in code-projects ...)
 	NOT-FOR-US: code-projects
 CVE-2025-2038 (A vulnerability was found in code-projects Blood Bank Management Syste ...)
@@ -9,47 +9,47 @@ CVE-2025-2038 (A vulnerability was found in code-projects Blood Bank Management
 CVE-2025-2037 (A vulnerability was found in code-projects Blood Bank Management Syste ...)
 	NOT-FOR-US: code-projects
 CVE-2025-2036 (A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0.  ...)
-	TODO: check
+	NOT-FOR-US: s-a-zhd Ecommerce-Website-using-PHP
 CVE-2025-2035 (A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 a ...)
-	TODO: check
+	NOT-FOR-US: s-a-zhd Ecommerce-Website-using-PHP
 CVE-2025-2034 (A vulnerability has been found in PHPGurukul Pre-School Enrollment Sys ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-2033 (A vulnerability, which was classified as critical, was found in code-p ...)
 	NOT-FOR-US: code-projects
 CVE-2025-2032 (A vulnerability classified as problematic was found in ChestnutCMS 1.5 ...)
-	TODO: check
+	NOT-FOR-US: ChestnutCMS
 CVE-2025-2031 (A vulnerability classified as critical has been found in ChestnutCMS u ...)
-	TODO: check
+	NOT-FOR-US: ChestnutCMS
 CVE-2025-2030 (A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborat ...)
-	TODO: check
+	NOT-FOR-US: Seeyon Zhiyuan Interconnect FE Collaborative Office Platform
 CVE-2025-2029 (A vulnerability was found in MicroDicom DICOM Viewer 2025.1 Build 3321 ...)
 	TODO: check
 CVE-2025-27600 (FastGPT is a knowledge-based platform built on the LLMs. Since the web ...)
-	TODO: check
+	NOT-FOR-US: FastGPT
 CVE-2025-27509 (fleetdm/fleet is an open source device management, built on osquery. I ...)
-	TODO: check
+	NOT-FOR-US: Fleet
 CVE-2025-27506 (NocoDB is software for building databases as spreadsheets. The API end ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2025-26167 (Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows ...)
-	TODO: check
+	NOT-FOR-US: Buffalo LS520D
 CVE-2025-25497 (An issue in account management interface in Netsweeper Server v.8.2.6  ...)
-	TODO: check
+	NOT-FOR-US: Netsweeper
 CVE-2025-25452 (An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a ...)
-	TODO: check
+	NOT-FOR-US: TAAGSOLUTIONS GmbH MyTaag
 CVE-2025-25451 (An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a ...)
-	TODO: check
+	NOT-FOR-US: TAAGSOLUTIONS GmbH MyTaag
 CVE-2025-25450 (An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a ...)
-	TODO: check
+	NOT-FOR-US: TAAGSOLUTIONS GmbH MyTaag
 CVE-2025-25381 (Incorrect access control in the KSRTC AWATAR app of Karnataka State Ro ...)
-	TODO: check
+	NOT-FOR-US: KSRTC AWATAR app of Karnataka State Road Transport Corporatio
 CVE-2025-25361 (An arbitrary file upload vulnerability in the component /cms/CmsWebFil ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2025-25294 (Envoy Gateway is an open source project for managing Envoy Proxy as a  ...)
-	TODO: check
+	NOT-FOR-US: Envoy Gateway
 CVE-2025-25191 (Group-Office is an enterprise CRM and groupware tool. This Stored XSS  ...)
-	TODO: check
+	NOT-FOR-US: Group-Office
 CVE-2025-24796 (Collabora Online is a collaborative online office suite based on Libre ...)
-	TODO: check
+	NOT-FOR-US: Collabora Online
 CVE-2025-1696 (A vulnerability exists in Docker Desktop prior to version 4.39.0 that  ...)
 	TODO: check
 CVE-2025-1672 (The Notibar \u2013 Notification Bar for WordPress plugin for WordPress ...)
@@ -412,7 +412,7 @@ CVE-2025-27515 (Laravel is a web application framework. When using wildcard vali
 CVE-2025-27513 (OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability  ...)
 	NOT-FOR-US: OpenTelemetry dotnet
 CVE-2025-27497 (OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 ...)
-	TODO: check
+	NOT-FOR-US: OpenDJ
 CVE-2025-27412 (REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the re ...)
 	NOT-FOR-US: REDAXO
 CVE-2025-27411 (REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/medi ...)
@@ -420,17 +420,17 @@ CVE-2025-27411 (REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapoo
 CVE-2025-25015 (Prototype pollution in Kibana leads to arbitrary code execution via a  ...)
 	- kibana <itp> (bug #700337)
 CVE-2025-24521 (External XML entity injection allows arbitrary download of files. The  ...)
-	TODO: check
+	NOT-FOR-US: Keysight
 CVE-2025-24494 (Path traversal may allow remote code execution using privileged accoun ...)
-	TODO: check
+	NOT-FOR-US: Keysight
 CVE-2025-23416 (Path traversal may lead to arbitrary file deletion. The score without  ...)
-	TODO: check
+	NOT-FOR-US: Keysight
 CVE-2025-22493 (Secure flag not set and SameSIte was set to Lax in the Foreseer Report ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2025-22212 (A SQL injection vulnerability in the ConvertForms component versions 1 ...)
 	NOT-FOR-US: ConvertForms component for Joomla
 CVE-2025-21095 (Path traversal may lead to arbitrary file download. The score without  ...)
-	TODO: check
+	NOT-FOR-US: Keysight
 CVE-2025-20208 (A vulnerability in the web-based management interface of Cisco TelePre ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20206 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90970e113e16b548a39735d4057b875802db360e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90970e113e16b548a39735d4057b875802db360e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250306/db851e22/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list