[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 13 20:16:17 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06f09d47 by Salvatore Bonaccorso at 2025-03-13T21:15:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2025-2284 (A denial-of-service vulnerability exists in the "GetWebLoginCredential ...)
 	TODO: check
 CVE-2025-2280 (Improper access control in web extension restriction feature in Devolu ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2025-2278 (Improper access control in temporary access requests and checkout requ ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2025-2277 (Exposure of password in web-based SSH authentication component in Devo ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2025-2275
 	REJECTED
 CVE-2025-2265 (The password of a web user in "Sante PACS Server.exe" is zero-padded t ...)
@@ -39,23 +39,23 @@ CVE-2025-29773 (Froxlor is open-source server administration software. A vulnera
 CVE-2025-29768 (Vim, a text editor, is vulnerable to potential data loss with zip.vim  ...)
 	TODO: check
 CVE-2025-29363 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffe ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29362 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29361 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29360 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29359 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29358 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29357 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-28015 (A HTML Injection vulnerability was found in loginsystem/edit-profile.p ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-28011 (A SQL Injection was found in loginsystem/change-password.php in PHPGur ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-28010 (A cross-site scripting (XSS) vulnerability has been identified in MODX ...)
 	TODO: check
 CVE-2025-27496 (Snowflake, a platform for using artificial intelligence in the context ...)
@@ -73,13 +73,13 @@ CVE-2025-25598 (Incorrect access control in the scheduled tasks console of Inova
 CVE-2025-25363 (An authenticated stored cross-site scripting (XSS) vulnerability in Th ...)
 	TODO: check
 CVE-2025-25175 (A vulnerability has been identified in Simcenter Femap V2401 (All vers ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2025-24974 (DataEase is an open source business intelligence and data visualizatio ...)
 	TODO: check
 CVE-2025-24053 (Improper authentication in Microsoft Dataverse allows an authorized at ...)
 	TODO: check
 CVE-2025-21104 (Dell NetWorker, 19.11.0.3 and below versions, contain(s) an Open Redir ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-1767 (This CVE only affects Kubernetes clusters that utilize the in-tree git ...)
 	TODO: check
 CVE-2025-1652 (A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD ...)
@@ -91,9 +91,9 @@ CVE-2025-1650 (A maliciously crafted CATPRODUCT file, when parsed through Autode
 CVE-2025-1649 (A maliciously crafted CATPRODUCT file, when parsed through Autodesk Au ...)
 	TODO: check
 CVE-2025-1636 (Exposure of sensitive information in My Personal Credentials password  ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2025-1635 (Exposure of sensitive information in hub data source export feature in ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2025-1433 (A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD ...)
 	TODO: check
 CVE-2025-1432 (A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD,  ...)
@@ -125,7 +125,7 @@ CVE-2024-22880 (Cross Site Scripting vulnerability in Zadarma Zadarma extension
 CVE-2024-12858 (Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper   ...)
 	TODO: check
 CVE-2024-10942 (The All-in-One WP Migration and Backup plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2271 (A vulnerability exists in Issuetrak v17.2.2 and prior that allows a lo ...)
 	TODO: check
 CVE-2025-2250 (The WordPress Report Brute Force Attacks and Login Protection ReportAt ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06f09d475036b7794cb7e8d43677bea33c927032

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06f09d475036b7794cb7e8d43677bea33c927032
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250313/82077894/attachment.htm>

More information about the debian-security-tracker-commits mailing list