[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 24 20:48:08 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63bb1916 by Salvatore Bonaccorso at 2025-03-24T21:47:39+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -163,7 +163,7 @@ CVE-2025-30521 (Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP
 CVE-2025-30208 (Vite, a provider of frontend development tooling, has a vulnerability  ...)
 	- node-vite <itp> (bug #1053782)
 CVE-2025-30205 (kanidim-provision is a helper utility that uses kanidm's API to provis ...)
-	TODO: check
+	NOT-FOR-US: kanidim-provision
 CVE-2025-30163 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
 CVE-2025-30162 (Cilium is a networking, observability, and security solution with an e ...)
@@ -171,43 +171,43 @@ CVE-2025-30162 (Cilium is a networking, observability, and security solution wit
 CVE-2025-30112 (On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's  ...)
 	NOT-FOR-US: 70mai Dash Cam 1S devices
 CVE-2025-2749 (An authenticated remote code execution in Kentico Xperience allows aut ...)
-	TODO: check
+	NOT-FOR-US: Kentico
 CVE-2025-2748 (TheKentico Xperience application does not fully validate or filter fil ...)
-	TODO: check
+	NOT-FOR-US: Kentico
 CVE-2025-2747 (An authentication bypass vulnerability in Kentico Xperience allows aut ...)
-	TODO: check
+	NOT-FOR-US: Kentico
 CVE-2025-2746 (An authentication bypass vulnerability in Kentico Xperience allows aut ...)
-	TODO: check
+	NOT-FOR-US: Kentico
 CVE-2025-2709 (A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classifi ...)
-	TODO: check
+	NOT-FOR-US: Yonyou UFIDA ERP-NC
 CVE-2025-2708 (A vulnerability, which was classified as critical, was found in zhijia ...)
-	TODO: check
+	NOT-FOR-US: zhijiantianya ruoyi-vue-pro
 CVE-2025-2707 (A vulnerability, which was classified as critical, has been found in z ...)
-	TODO: check
+	NOT-FOR-US: zhijiantianya ruoyi-vue-pro
 CVE-2025-2706 (A vulnerability classified as critical was found in Digiwin ERP 5.0.1. ...)
-	TODO: check
+	NOT-FOR-US: Digiwin ERP
 CVE-2025-2705 (A vulnerability classified as critical has been found in Digiwin ERP 5 ...)
-	TODO: check
+	NOT-FOR-US: Digiwin ERP
 CVE-2025-2702 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: Softwin WMX3
 CVE-2025-2701 (A vulnerability classified as critical was found in AMTT Hotel Broadba ...)
-	TODO: check
+	NOT-FOR-US: AMTT Hotel Broadband Operation System
 CVE-2025-2700 (A vulnerability classified as problematic has been found in michelson  ...)
 	TODO: check
 CVE-2025-2326
 	REJECTED
 CVE-2025-2231 (PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Exe ...)
-	TODO: check
+	NOT-FOR-US: PDF-XChange Editor
 CVE-2025-29778 (Kyverno is a policy engine designed for cloud native platform engineer ...)
-	TODO: check
+	NOT-FOR-US: Kyverno
 CVE-2025-29294
 	REJECTED
 CVE-2025-23204 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
-	TODO: check
+	NOT-FOR-US: API Platform Core
 CVE-2025-22223 (Spring Security 6.4.0 - 6.4.3 may not correctly locate method security ...)
 	TODO: check
 CVE-2025-1558 (Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Mobile Apps
 CVE-2025-0835 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2025-0478 (Software installed and run as a non-privileged user may conduct improp ...)
@@ -217,11 +217,11 @@ CVE-2025-0256 (HCL DevOps Deploy / HCL Launch could allow an authenticated user
 CVE-2025-0255 (HCL DevOps Deploy / HCL Launch could allow a remote privileged authent ...)
 	NOT-FOR-US: HCL
 CVE-2024-9103 (Improper Neutralization of Script in Attributes in a Web Page vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Forcepoint Email Security (Blocked Messages module)
 CVE-2024-8774 (The SIMPLE.ERP client stores superuser password in a recoverable forma ...)
-	TODO: check
+	NOT-FOR-US: SIMPLE.ERP
 CVE-2024-8773 (SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request f ...)
-	TODO: check
+	NOT-FOR-US: SIMPLE.ERP
 CVE-2024-55279 (Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in ...)
 	TODO: check
 CVE-2025-2699 (A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bb1916efb69b8aefd0d50d28859da8286051a3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bb1916efb69b8aefd0d50d28859da8286051a3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250324/dad1893f/attachment.htm>

More information about the debian-security-tracker-commits mailing list