[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 20 20:13:57 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6bdf8b1 by Salvatore Bonaccorso at 2025-03-20T21:13:35+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-30160 (Redlib is an alternative private front-end to Reddit. A vulnerability  ...)
 	TODO: check
 CVE-2025-2565 (The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3. ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-2557 (A vulnerability, which was classified as critical, has been found in A ...)
 	TODO: check
 CVE-2025-2556 (A vulnerability classified as problematic was found in Audi UTR Dashca ...)
@@ -9,23 +9,23 @@ CVE-2025-2556 (A vulnerability classified as problematic was found in Audi UTR D
 CVE-2025-2555 (A vulnerability classified as problematic has been found in Audi Unive ...)
 	TODO: check
 CVE-2025-2553 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-2552 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-2551 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-2550 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-2549 (A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.0 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-2548 (A vulnerability, which was classified as problematic, was found in D-L ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-2547 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-2546 (A vulnerability classified as problematic was found in D-Link DIR-618  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-2539 (The File Away plugin for WordPress is vulnerable to unauthorized acces ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-2480 (Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds wri ...)
 	TODO: check
 CVE-2025-2311 (Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive  ...)
@@ -45,19 +45,19 @@ CVE-2025-29411 (An arbitrary file upload vulnerability in the Client Profile Upd
 CVE-2025-29410 (A cross-site scripting (XSS) vulnerability in the component /contact.p ...)
 	TODO: check
 CVE-2025-29218 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29217 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29215 (Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29214 (Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29149 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29121 (A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-29101 (Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-26853 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken au ...)
 	TODO: check
 CVE-2025-26852 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Inje ...)
@@ -65,7 +65,7 @@ CVE-2025-26852 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQ
 CVE-2025-23120 (A vulnerability allowing remote code execution (RCE) for domain users.)
 	TODO: check
 CVE-2025-1802 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-1796 (A vulnerability in langgenius/dify v0.10.1 allows an attacker to take  ...)
 	TODO: check
 CVE-2025-1496 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
@@ -103,7 +103,7 @@ CVE-2025-0312 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malic
 CVE-2025-0281 (A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/ ...)
 	TODO: check
 CVE-2025-0254 (HCL Digital Experience components Ring API and dxclient may be vulnera ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-0192 (A stored Cross-site Scripting (XSS) vulnerability exists in the latest ...)
 	TODO: check
 CVE-2025-0191 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
@@ -419,7 +419,7 @@ CVE-2024-6483 (A vulnerability in the `runs/delete-batch` endpoint of aimhubio/a
 CVE-2024-5752 (A path traversal vulnerability exists in stitionai/devika, specificall ...)
 	TODO: check
 CVE-2024-57440 (D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base Component class contains a vu ...)
 	TODO: check
 CVE-2024-4023 (A stored cross-site scripting (XSS) vulnerability exists in flatpressb ...)
@@ -431,15 +431,15 @@ CVE-2024-48590 (Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request
 CVE-2024-2292 (Due to a lack of access control, unauthorized users are able to view a ...)
 	TODO: check
 CVE-2024-13923 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13922 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13921 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13920 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13558 (The NP Quote Request for WooCommerce plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-13060 (A vulnerability in AnythingLLM Docker version 1.3.1 allows users with  ...)
 	TODO: check
 CVE-2024-12911 (A vulnerability in the `default_jsonalyzer` function of the `JSONalyze ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6bdf8b1f9ed39349df1bf0be7e7c96bc67b979c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6bdf8b1f9ed39349df1bf0be7e7c96bc67b979c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/d4b96680/attachment.htm>

More information about the debian-security-tracker-commits mailing list