[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 10 20:29:50 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8420eda5 by Salvatore Bonaccorso at 2025-03-10T21:29:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2025-2149 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been rat
 CVE-2025-2148 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared ...)
 	TODO: check
 CVE-2025-2147 (A vulnerability was found in Beijing Zhide Intelligent Internet Techno ...)
-	TODO: check
+	NOT-FOR-US: Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System
 CVE-2025-27913 (Passbolt API before 5, if the server is misconfigured (with an incorre ...)
 	NOT-FOR-US: Passbolt API
 CVE-2025-27616 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
@@ -33,9 +33,9 @@ CVE-2025-26936 (Improper Control of Generation of Code ('Code Injection') vulner
 CVE-2025-26933 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-26916 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26910 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBoo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26696 (Certain crafted MIME email messages that claimed to contain an encrypt ...)
 	TODO: check
 CVE-2025-26695 (When requesting an OpenPGP key from a WKD server, an incorrect padding ...)
@@ -43,31 +43,31 @@ CVE-2025-26695 (When requesting an OpenPGP key from a WKD server, an incorrect p
 CVE-2025-25977 (An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code ...)
 	TODO: check
 CVE-2025-25940 (VisiCut 2.1 allows code execution via Insecure XML Deserialization in  ...)
-	TODO: check
+	NOT-FOR-US: VisiCut
 CVE-2025-25620 (Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in th ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2025-25616 (Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which  ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2025-25615 (Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which a ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2025-25614 (Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Es ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2025-25382 (An issue in the Property Tax Payment Portal in Information Kerala Miss ...)
-	TODO: check
+	NOT-FOR-US: Property Tax Payment Portal in Information Kerala Mission SANCHAYA
 CVE-2025-25306 (Misskey is an open source, federated social media platform. The patch  ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Code Exe ...)
 	TODO: check
 CVE-2025-24387 (A vulnerability in OTRS Application Server allows session hijacking du ...)
 	TODO: check
 CVE-2025-22603 (AutoGPT is a platform that allows users to create, deploy, and manage  ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2025-1945 (picklescan before 0.0.23 fails to detect malicious pickle files inside ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-1944 (picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation a ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-1497 (A vulnerability, that could result in Remote Code Execution (RCE), has ...)
-	TODO: check
+	NOT-FOR-US: PlotAI
 CVE-2025-1296 (Nomad Community and Nomad Enterprise (\u201cNomad\u201d) are vulnerabl ...)
 	TODO: check
 CVE-2024-57492 (An issue in redoxOS relibc before commit 98aa4ea5 allows a local attac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8420eda5c7fe3628a5736b6f1fea89172800d749

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8420eda5c7fe3628a5736b6f1fea89172800d749
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250310/e2a7f89b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list