[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9cdd760 by Moritz Muehlenhoff at 2025-03-16T20:49:10+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-30077 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an i ...)
-	TODO: check
+	NOT-FOR-US: onos-lib-go
 CVE-2025-30076 (Koha before 24.11.02 allows admins to execute arbitrary commands via s ...)
-	TODO: check
+	NOT-FOR-US: Koha
 CVE-2025-30074 (Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macO ...)
 	NOT-FOR-US: Alludo Parallels Desktop
 CVE-2025-2335 (A vulnerability classified as problematic was found in Drivin Solu\xe7 ...)
@@ -45,7 +45,7 @@ CVE-2025-26553 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-26548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24856 (An issue was discovered in the oidc (aka OpenID Connect Authentication ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2025-23744 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-1624 (The GDPR Cookie Compliance  WordPress plugin before 4.15.9 does not sa ...)
@@ -63,7 +63,7 @@ CVE-2025-1619 (The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does n
 CVE-2025-0524
 	REJECTED
 CVE-2024-58103 (Square Wire before 5.2.0 does not enforce a recursion limit on nested  ...)
-	TODO: check
+	NOT-FOR-US: Square Wire
 CVE-2024-13602 (The Poll Maker  WordPress plugin before 5.5.4 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13126 (The Download Manager WordPress plugin before 3.3.07 doesn't prevent di ...)
@@ -109,7 +109,7 @@ CVE-2025-2164 (The pixelstats plugin for WordPress is vulnerable to Reflected Cr
 CVE-2025-2163 (The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site R ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2157 (A flaw was found in Foreman/Red Hat Satellite. Improper file permissio ...)
-	TODO: check
+	- foreman <itp> (bug #663101)
 CVE-2025-1773 (The Traveler theme for WordPress is vulnerable to Reflected Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1771 (The Traveler theme for WordPress is vulnerable to Local File Inclusion ...)
@@ -145,9 +145,9 @@ CVE-2025-2000 (A maliciously crafted QPY file can potential execute arbitrary-co
 CVE-2025-29782 (WeGIA is Web manager for charitable institutions A Stored Cross-Site S ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-29780 (Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Pyt ...)
-	TODO: check
+	NOT-FOR-US: PostQuantum-Feldman-VSS
 CVE-2025-29779 (Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Pyt ...)
-	TODO: check
+	NOT-FOR-US: PostQuantum-Feldman-VSS
 CVE-2025-29776 (Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Ca ...)
 	NOT-FOR-US: Azle
 CVE-2025-29775 (xml-crypto is an XML digital signature and encryption library for Node ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9cdd76093c6aa31f29392be2e53fecc3b65ca8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9cdd76093c6aa31f29392be2e53fecc3b65ca8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250316/eb745485/attachment-0001.htm>