[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Mar 9 09:27:01 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
21283df4 by Salvatore Bonaccorso at 2025-03-09T10:25:53+01:00
Process some NFUs

Note that the 'Backdrop CMS' related CVEs are marked as NFUs because
they are either in themes or modules for Backdrop CMS, so did not
associate them with '- backdrop <itp> (bug #914257)'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2023-52969 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 th
 CVE-2023-52968 (MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 1 ...)
 	TODO: check
 CVE-2025-27840 (Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Wr ...)
-	TODO: check
+	NOT-FOR-US: Espressif ESP32 chips
 CVE-2025-1783 (The Gallery Styles plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1664 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns &  ...)
@@ -71,17 +71,17 @@ CVE-2025-2094 (A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220
 CVE-2025-2093 (A vulnerability was found in PHPGurukul Online Library Management Syst ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-27839 (operations/attestation/AttestationTask.kt in the Tangem SDK before 5.1 ...)
-	TODO: check
+	NOT-FOR-US: Tangem SDK
 CVE-2025-27826 (An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4 ...)
-	TODO: check
+	NOT-FOR-US: Bootstrap Lite theme for Backdrop CMS
 CVE-2025-27825 (An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1 ...)
-	TODO: check
+	NOT-FOR-US: Bootstrap Lite theme for Backdrop CMS
 CVE-2025-27824 (An XSS issue was discovered in the Link iframe formatter module before ...)
-	TODO: check
+	NOT-FOR-US: Link iframe formatter module for Backdrop CMS
 CVE-2025-27823 (An issue was discovered in the Mail Disguise module before 1.x-1.0.5 f ...)
-	TODO: check
+	NOT-FOR-US: Mail Disguise module for Backdrop CMS
 CVE-2025-27822 (An issue was discovered in the Masquerade module before 1.x-1.0.1 for  ...)
-	TODO: check
+	NOT-FOR-US: Masquerade module for Backdrop CMS
 CVE-2025-1504 (The Post Lockdown plugin for WordPress is vulnerable to Information Ex ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1481 (The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unaut ...)
@@ -89,7 +89,7 @@ CVE-2025-1481 (The Shortcode Cleaner Lite plugin for WordPress is vulnerable to
 CVE-2025-1261 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-42733 (An issue in Docmosis Tornado v.2.9.7 and before allows a remote attack ...)
-	TODO: check
+	NOT-FOR-US: Docmosis Tornado
 CVE-2024-13908 (The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrar ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13895 (The The Code Snippets CPT plugin for WordPress is vulnerable to arbitr ...)
@@ -1990,7 +1990,7 @@ CVE-2024-51091 (Cross Site Scripting vulnerability in seajs v.2.2.3 allows a rem
 CVE-2024-49836 (Memory corruption may occur during the synchronization of the camera`s ...)
 	NOT-FOR-US: Qualcomm
 CVE-2024-47092 (Insecure deserialization and improper certificate validation in Checkm ...)
-	TODO: check
+	NOT-FOR-US: Checkmk Exchange plugin check-mk-api
 CVE-2024-45580 (Memory corruption while handling multuple IOCTL calls from userspace f ...)
 	NOT-FOR-US: Qualcomm
 CVE-2024-43169 (IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21283df4d348ce42252ef53b5be45de02a779b09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21283df4d348ce42252ef53b5be45de02a779b09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250309/7a79daa7/attachment.htm>

More information about the debian-security-tracker-commits mailing list