[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9780d3c7 by Moritz Muehlenhoff at 2025-03-19T21:19:36+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-30197 (Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier do
 CVE-2025-30196 (Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-30154 (reviewdog/action-setup is a GitHub action that installs reviewdog. rev ...)
-	TODO: check
+	NOT-FOR-US: reviewdog/action-setup GitHub action
 CVE-2025-30153 (kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131 ...)
 	TODO: check
 CVE-2025-30152 (The Syliud PayPal Plugin is the Sylius Core Team\u2019s plugin for the ...)
@@ -23,15 +23,15 @@ CVE-2025-2476 (Use after free in Lens in Google Chrome prior to 134.0.6998.117 a
 CVE-2025-2324 (Improper Privilege Management vulnerability for users configured as Sh ...)
 	TODO: check
 CVE-2025-29926 (XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6,  ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-29925 (XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6,  ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-29924 (XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6,  ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-29783 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
-	TODO: check
+	NOT-FOR-US: vLLM
 CVE-2025-29770 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
-	TODO: check
+	NOT-FOR-US: vLLM
 CVE-2025-29405 (An arbitrary file upload vulnerability in the component /admin/templat ...)
 	TODO: check
 CVE-2025-29401 (An arbitrary file upload vulnerability in the component /views/plugin. ...)
@@ -57,13 +57,13 @@ CVE-2025-23382 (Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s
 CVE-2025-1758 (Improper Input Validation vulnerability in Progress LoadMaster allows  ...)
 	TODO: check
 CVE-2025-1472 (Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authoriz ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2025-0431 (Enterprise Protection contains a vulnerability in URL rewriting that a ...)
 	TODO: check
 CVE-2024-7631 (A flaw was found in the OpenShift Console, an endpoint for plugins to  ...)
-	TODO: check
+	NOT-FOR-US: OpenShift
 CVE-2024-57061 (An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically ...)
-	TODO: check
+	NOT-FOR-US: Termius
 CVE-2024-55551 (An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can in ...)
 	TODO: check
 CVE-2024-53970 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9780d3c75642e7a9e06a0a17e6a26dcfd592d0f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9780d3c75642e7a9e06a0a17e6a26dcfd592d0f8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250319/fa989bdf/attachment-0001.htm>