[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Mar 11 10:58:21 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16a2c37d by Moritz Muehlenhoff at 2025-03-11T11:58:03+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -195,7 +195,7 @@ CVE-2025-27254 (Improper Authentication vulnerability in GE Vernova EnerVista UR
 CVE-2025-27253 (An improper input validation in GE Vernova UR IED family devices from  ...)
 	NOT-FOR-US: GE Vernova UR IED family devices
 CVE-2025-27136 (LocalS3 is an Amazon S3 mock service for testing and local development ...)
-	TODO: check
+	NOT-FOR-US: LocalS3
 CVE-2025-26936 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-26933 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -213,7 +213,7 @@ CVE-2025-26695 (When requesting an OpenPGP key from a WKD server, an incorrect p
 	- thunderbird 1:128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-26695
 CVE-2025-25977 (An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: canvg
 CVE-2025-25940 (VisiCut 2.1 allows code execution via Insecure XML Deserialization in  ...)
 	NOT-FOR-US: VisiCut
 CVE-2025-25620 (Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in th ...)
@@ -234,7 +234,8 @@ CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Co
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 	NOTE: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq
 CVE-2025-24387 (A vulnerability in OTRS Application Server allows session hijacking du ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
 CVE-2025-22603 (AutoGPT is a platform that allows users to create, deploy, and manage  ...)
 	NOT-FOR-US: AutoGPT
 CVE-2025-1945 (picklescan before 0.0.23 fails to detect malicious pickle files inside ...)
@@ -246,7 +247,7 @@ CVE-2025-1497 (A vulnerability, that could result in Remote Code Execution (RCE)
 CVE-2025-1296 (Nomad Community and Nomad Enterprise (\u201cNomad\u201d) are vulnerabl ...)
 	- nomad <removed>
 CVE-2024-57492 (An issue in redoxOS relibc before commit 98aa4ea5 allows a local attac ...)
-	TODO: check
+	NOT-FOR-US: redoxOS relibc
 CVE-2024-56188 (there is a possible way to crash the modem due to a missing null check ...)
 	NOT-FOR-US: Google devices
 CVE-2024-56187 (In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrar ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a2c37df035c82868b48ff3955b3f7028fbe0e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a2c37df035c82868b48ff3955b3f7028fbe0e4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/1cddd364/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list