[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Mar 20 12:34:51 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1609789a by Moritz Muehlenhoff at 2025-03-20T13:34:31+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2025-27774 (Applio is a voice conversion tool. Versions 3.2.7 and prior are
 CVE-2025-26816 (A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was  ...)
 	NOT-FOR-US: Intrexx Portal Server
 CVE-2025-22228 (BCryptPasswordEncoder.matches(CharSequence,String)will incorrectly ret ...)
-	TODO: check
+	- libspring-security-2.0-java <removed>
 CVE-2025-1770 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1766 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
@@ -49,7 +49,7 @@ CVE-2025-1385 (When the library bridge feature is enabled, the clickhouse-librar
 CVE-2025-1314 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-55009 (A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibl ...)
-	TODO: check
+	NOT-FOR-US: AutoBib
 CVE-2024-13881 (The Link My Posts WordPress plugin through 1.0 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13880 (The My Quota WordPress plugin through 1.0.8 does not sanitise and esca ...)
@@ -63,7 +63,7 @@ CVE-2024-13876 (The mEintopf WordPress plugin through 0.2.1 does not sanitise an
 CVE-2024-13875 (The WP-PManager WordPress plugin through 1.2 does not sanitise and esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12016 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: CM Informatics CM News
 CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a certificate with  ...)
 	- gnupg2 <unfixed>
 	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
@@ -81,7 +81,7 @@ CVE-2025-30153 (kin-openapi is a Go project for handling OpenAPI files. Prior to
 CVE-2025-30152 (The Syliud PayPal Plugin is the Sylius Core Team\u2019s plugin for the ...)
 	NOT-FOR-US: Syliud PayPal plugin
 CVE-2025-30144 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 5 ...)
-	TODO: check
+	NOT-FOR-US: Node fast-jwt
 CVE-2025-2536 (Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 th ...)
 	NOT-FOR-US: Liferay
 CVE-2025-2512 (The File Away plugin for WordPress is vulnerable to arbitrary file upl ...)
@@ -136,7 +136,7 @@ CVE-2024-7631 (A flaw was found in the OpenShift Console, an endpoint for plugin
 CVE-2024-57061 (An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically ...)
 	NOT-FOR-US: Termius
 CVE-2024-55551 (An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can in ...)
-	TODO: check
+	NOT-FOR-US: Exasol JDBC driver
 CVE-2024-53970 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2024-53969 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1609789afe47ccb9ac9c4bf2e4e45965e4fa5b60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1609789afe47ccb9ac9c4bf2e4e45965e4fa5b60
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/b976f1f6/attachment.htm>

More information about the debian-security-tracker-commits mailing list