[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 26 09:25:54 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf987d7a by Moritz Muehlenhoff at 2025-03-26T10:25:18+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-30742 (httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-o ...)
 	TODO: check
 CVE-2025-30741 (Pixelfed before 0.12.5 allows anyone to follow private accounts and se ...)
-	TODO: check
+	NOT-FOR-US: Pixelfed
 CVE-2025-30222 (Shescape is a simple shell escape library for JavaScript. Versions 1.7 ...)
-	TODO: check
+	NOT-FOR-US: Shescape
 CVE-2025-30219 (RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3  ...)
 	TODO: check
 CVE-2025-2576 (The Ayyash Studio \u2014 The kick-start kit plugin for WordPress is vu ...)
@@ -17,25 +17,25 @@ CVE-2025-2276 (The Ultimate Dashboard \u2013 Custom WordPress Dashboard plugin f
 CVE-2025-2165 (The SH Email Alert plugin for WordPress is vulnerable to Reflected Cro ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-29789 (OpenEMR is a free and open source electronic health records and medica ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2025-25374 (In NASA cFS (Core Flight System) Aquila, it is possible to put the onb ...)
-	TODO: check
+	NOT-FOR-US: NASA cFS (Core Flight System) Aquila
 CVE-2025-25373 (The Memory Management Module of NASA cFS (Core Flight System) Aquila h ...)
-	TODO: check
+	NOT-FOR-US: NASA cFS (Core Flight System) Aquila
 CVE-2025-25372 (NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fau ...)
-	TODO: check
+	NOT-FOR-US: NASA cFS (Core Flight System) Aquila
 CVE-2025-25371 (NASA cFS (Core Flight System) Aquila is vulnerable to path traversal i ...)
-	TODO: check
+	NOT-FOR-US: NASA cFS (Core Flight System) Aquila
 CVE-2025-1784 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1490 (The Smart Maintenance Mode plugin for WordPress is vulnerable to Refle ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-55030 (A command injection vulnerability in the Command Dispatcher Service of ...)
-	TODO: check
+	NOT-FOR-US: NASA Fprime
 CVE-2024-55029 (NASA Fprime v3.4.3 was discovered to contain multiple cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: NASA Fprime
 CVE-2024-55028 (A template injection vulnerability in the Dashboard of NASA Fprime v3. ...)
-	TODO: check
+	NOT-FOR-US: NASA Fprime
 CVE-2024-30155 (HCL SX does not set the secure attribute on authorization tokens or se ...)
 	NOT-FOR-US: HCL
 CVE-2024-13146 (The Booknetic WordPress plugin before 4.1.5 does not have CSRF check w ...)
@@ -51,7 +51,7 @@ CVE-2025-2783
 CVE-2025-30567 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-30216 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2025-30214 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2025-30213 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
@@ -124,7 +124,7 @@ CVE-2024-55604 (Appsmith is a platform to build admin panels, internal tools, an
 CVE-2024-48818 (An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allow ...)
 	NOT-FOR-US: IIT Bombay, Mumbai, India Bodhitree of cs101
 CVE-2024-42533 (SQL injection vulnerability in the authentication module in Convivance ...)
-	TODO: check
+	NOT-FOR-US: Convivance StandVoice
 CVE-2024-31896 (IBM SPSS Statistics26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than e ...)
 	NOT-FOR-US: IBM
 CVE-2024-13731 (The Alert Box Block \u2013 Display notice/alerts in the front end. plu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf987d7a098764a6f3ecbf86a2d749095f41be3e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf987d7a098764a6f3ecbf86a2d749095f41be3e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250326/752985ec/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list